diff options
Diffstat (limited to 'src/ssl/ssl_asn1.cc')
-rw-r--r-- | src/ssl/ssl_asn1.cc | 47 |
1 files changed, 35 insertions, 12 deletions
diff --git a/src/ssl/ssl_asn1.cc b/src/ssl/ssl_asn1.cc index 0cf90d18..b87c7954 100644 --- a/src/ssl/ssl_asn1.cc +++ b/src/ssl/ssl_asn1.cc @@ -311,20 +311,22 @@ static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, uint8_t **out_data, } } - if (in->tlsext_signed_cert_timestamp_list_length > 0) { + if (in->signed_cert_timestamp_list != nullptr) { if (!CBB_add_asn1(&session, &child, kSignedCertTimestampListTag) || !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) || - !CBB_add_bytes(&child2, in->tlsext_signed_cert_timestamp_list, - in->tlsext_signed_cert_timestamp_list_length)) { + !CBB_add_bytes(&child2, + CRYPTO_BUFFER_data(in->signed_cert_timestamp_list), + CRYPTO_BUFFER_len(in->signed_cert_timestamp_list))) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); return 0; } } - if (in->ocsp_response_length > 0) { + if (in->ocsp_response != nullptr) { if (!CBB_add_asn1(&session, &child, kOCSPResponseTag) || !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) || - !CBB_add_bytes(&child2, in->ocsp_response, in->ocsp_response_length)) { + !CBB_add_bytes(&child2, CRYPTO_BUFFER_data(in->ocsp_response), + CRYPTO_BUFFER_len(in->ocsp_response))) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); return 0; } @@ -470,6 +472,29 @@ static int SSL_SESSION_parse_octet_string(CBS *cbs, uint8_t **out_ptr, return 1; } +static int SSL_SESSION_parse_crypto_buffer(CBS *cbs, CRYPTO_BUFFER **out, + unsigned tag, + CRYPTO_BUFFER_POOL *pool) { + if (!CBS_peek_asn1_tag(cbs, tag)) { + return 1; + } + + CBS child, value; + if (!CBS_get_asn1(cbs, &child, tag) || + !CBS_get_asn1(&child, &value, CBS_ASN1_OCTETSTRING) || + CBS_len(&child) != 0) { + OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION); + return 0; + } + CRYPTO_BUFFER_free(*out); + *out = CRYPTO_BUFFER_new_from_CBS(&value, pool); + if (*out == nullptr) { + OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); + return 0; + } + return 1; +} + /* SSL_SESSION_parse_bounded_octet_string parses an optional ASN.1 OCTET STRING * explicitly tagged with |tag| of size at most |max_out|. */ static int SSL_SESSION_parse_bounded_octet_string( @@ -635,13 +660,11 @@ UniquePtr<SSL_SESSION> SSL_SESSION_parse(CBS *cbs, &session, ret->original_handshake_hash, &ret->original_handshake_hash_len, sizeof(ret->original_handshake_hash), kOriginalHandshakeHashTag) || - !SSL_SESSION_parse_octet_string( - &session, &ret->tlsext_signed_cert_timestamp_list, - &ret->tlsext_signed_cert_timestamp_list_length, - kSignedCertTimestampListTag) || - !SSL_SESSION_parse_octet_string( - &session, &ret->ocsp_response, &ret->ocsp_response_length, - kOCSPResponseTag)) { + !SSL_SESSION_parse_crypto_buffer(&session, + &ret->signed_cert_timestamp_list, + kSignedCertTimestampListTag, pool) || + !SSL_SESSION_parse_crypto_buffer(&session, &ret->ocsp_response, + kOCSPResponseTag, pool)) { return nullptr; } |