return WORK_ERROR;
}
- if ((clu = ssl_cert_lookup_by_pkey(pkey, &certidx)) == NULL) {
+ if ((clu = ssl_cert_lookup_by_pkey(pkey, &certidx,
+ SSL_CONNECTION_GET_CTX(s))) == NULL) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
return WORK_ERROR;
}
MSG_PROCESS_RETURN tls_process_certificate_request(SSL_CONNECTION *s,
PACKET *pkt)
{
- size_t i;
-
/* Clear certificate validity flags */
- for (i = 0; i < SSL_PKEY_NUM; i++)
- s->s3.tmp.valid_flags[i] = 0;
+ if (s->s3.tmp.valid_flags != NULL)
+ memset(s->s3.tmp.valid_flags, 0, s->ssl_pkey_num * sizeof(uint32_t));
+ else
+ s->s3.tmp.valid_flags = OPENSSL_zalloc(s->ssl_pkey_num * sizeof(uint32_t));
+
+ /* Give up for good if allocation didn't work */
+ if (s->s3.tmp.valid_flags == NULL)
+ return 0;
if (SSL_CONNECTION_IS_TLS13(s)) {
PACKET reqctx, extensions;
return 1;
/* This is the passed certificate */
- clu = ssl_cert_lookup_by_pkey(X509_get0_pubkey(s->session->peer), &idx);
+ clu = ssl_cert_lookup_by_pkey(X509_get0_pubkey(s->session->peer), &idx,
+ SSL_CONNECTION_GET_CTX(s));
/* Check certificate is recognised and suitable for cipher */
if (clu == NULL || (alg_a & clu->amask) == 0) {