# define SSL_F_TLS1_SET_SERVER_SIGALGS 335
# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354
# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 372
+# define SSL_F_TLS_CONSTRUCT_CERT_STATUS 429
# define SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC 427
# define SSL_F_TLS_CONSTRUCT_CKE_DHE 404
# define SSL_F_TLS_CONSTRUCT_CKE_ECDHE 405
"tls_client_key_exchange_post_work"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST),
"tls_construct_certificate_request"},
+ {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CERT_STATUS), "tls_construct_cert_status"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC),
"tls_construct_change_cipher_spec"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_DHE), "tls_construct_cke_dhe"},
int tls_construct_cert_status(SSL *s)
{
- unsigned char *p;
- size_t msglen;
-
- /*-
- * Grow buffer if need be: the length calculation is as
- * follows handshake_header_length +
- * 1 (ocsp response type) + 3 (ocsp response length)
- * + (ocsp response)
- */
- msglen = 4 + s->tlsext_ocsp_resplen;
- if (!BUF_MEM_grow(s->init_buf, SSL_HM_HEADER_LENGTH(s) + msglen))
- goto err;
-
- p = ssl_handshake_start(s);
-
- /* status type */
- *(p++) = s->tlsext_status_type;
- /* length of OCSP response */
- l2n3(s->tlsext_ocsp_resplen, p);
- /* actual response */
- memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen);
+ WPACKET pkt;
- if (!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_STATUS, msglen))
- goto err;
+ if (!WPACKET_init(&pkt, s->init_buf)
+ || !ssl_set_handshake_header2(s, &pkt,
+ SSL3_MT_CERTIFICATE_STATUS)
+ || !WPACKET_put_bytes_u8(&pkt, s->tlsext_status_type)
+ || !WPACKET_sub_memcpy_u24(&pkt, s->tlsext_ocsp_resp,
+ s->tlsext_ocsp_resplen)
+ || !ssl_close_construct_packet(s, &pkt)) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_CERT_STATUS, ERR_R_INTERNAL_ERROR);
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ossl_statem_set_error(s);
+ WPACKET_cleanup(&pkt);
+ return 0;
+ }
return 1;
-
- err:
- ossl_statem_set_error(s);
- return 0;
}
#ifndef OPENSSL_NO_NEXTPROTONEG
projects / oweals / openssl.git / commitdiff