diff options
Diffstat (limited to 'src/lib/tls')
-rw-r--r-- | src/lib/tls/tls_extensions.cpp | 34 | ||||
-rw-r--r-- | src/lib/tls/tls_extensions.h | 4 |
2 files changed, 11 insertions, 27 deletions
diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp index 917a76b92..ca4e1200f 100644 --- a/src/lib/tls/tls_extensions.cpp +++ b/src/lib/tls/tls_extensions.cpp @@ -34,7 +34,7 @@ Extension* make_extension(TLS_Data_Reader& reader, uint16_t code, uint16_t size, return new Supported_Groups(reader, size); case TLSEXT_CERT_STATUS_REQUEST: - return new Certificate_Status_Request(reader, size); + return new Certificate_Status_Request(reader, size, side); case TLSEXT_EC_POINT_FORMATS: return new Supported_Point_Formats(reader, size); @@ -538,37 +538,19 @@ std::vector<uint8_t> Certificate_Status_Request::serialize() const } Certificate_Status_Request::Certificate_Status_Request(TLS_Data_Reader& reader, - uint16_t extension_size) : - m_server_side(false) // This ctor is used by both client and server, so the information is wrong here. - // However, m_server_side is only evaluated when sending the object, thus the error - // made will not matter. However, a better modelling would be nice. + uint16_t extension_size, + Connection_Side side) : + m_server_side(side == SERVER) { if(extension_size > 0) { const uint8_t type = reader.get_byte(); if(type == 1) { - extension_size -= 1; - size_t len_resp_id_list = reader.get_uint16_t(); - extension_size -= 2; - if(len_resp_id_list + 2 > extension_size) - { - throw Decoding_Error("Bad size of responder id list in Certificate_Status_Request extension"); - } - m_ocsp_names = reader.get_fixed<uint8_t>(len_resp_id_list); - extension_size -= len_resp_id_list; - size_t len_requ_ext = reader.get_uint16_t(); - extension_size -= 2; - if(len_requ_ext > extension_size) - { - throw Decoding_Error("Bad size of extensions in Certificate_Status_Request extension"); - } - m_extension_bytes = reader.get_fixed<uint8_t>(len_requ_ext ); - extension_size -= len_requ_ext; - if(extension_size != 0) - { - throw Decoding_Error("trailing bytes in Certificate_Status_Request extension"); - } + size_t len_resp_id_list = reader.get_uint16_t(); + m_ocsp_names = reader.get_fixed<uint8_t>(len_resp_id_list); + size_t len_requ_ext = reader.get_uint16_t(); + m_extension_bytes = reader.get_fixed<uint8_t>(len_requ_ext ); } else { diff --git a/src/lib/tls/tls_extensions.h b/src/lib/tls/tls_extensions.h index 35c3ee554..5920a1576 100644 --- a/src/lib/tls/tls_extensions.h +++ b/src/lib/tls/tls_extensions.h @@ -414,7 +414,9 @@ class BOTAN_UNSTABLE_API Certificate_Status_Request final : public Extension Certificate_Status_Request(const std::vector<uint8_t>& ocsp_responder_ids, const std::vector<std::vector<uint8_t>>& ocsp_key_ids); - Certificate_Status_Request(TLS_Data_Reader& reader, uint16_t extension_size); + Certificate_Status_Request(TLS_Data_Reader& reader, + uint16_t extension_size, + Connection_Side side); private: std::vector<uint8_t> m_ocsp_names; std::vector<std::vector<uint8_t>> m_ocsp_keys; // is this field really needed |