Don't create an invalid CertificateRequest

We should validate that the various fields we put into the CertificateRequest are not too long. Otherwise we will construct an invalid message. Fixes #6609 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6628)
author: Matt Caswell <matt@openssl.org> 2018-07-02 14:09:03 +0100
committer: Matt Caswell <matt@openssl.org> 2018-07-03 11:22:06 +0100
commit: 9d4167241c8fa15b3ae77651109aac7fa66ac17b (patch)
tree: 59be8e82136b7ae8248d7e2c99ae73838681dd9e /ssl/ssl_locl.h
parent: 1e8cb18d499604c1766bfcec23a358888eaf6551 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index f5b03df5a3..374fa0e521 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -164,6 +164,8 @@
                            (c)[1]=(unsigned char)(((l)>> 8)&0xff), \
                            (c)[2]=(unsigned char)(((l)    )&0xff)),(c)+=3)
 
+# define SSL_MAX_2_BYTE_LEN     (0xffff)
+
 /*
  * DTLS version numbers are strange because they're inverted. Except for
  * DTLS1_BAD_VER, which should be considered "lower" than the rest.
author	Matt Caswell <matt@openssl.org>	2018-07-02 14:09:03 +0100
committer	Matt Caswell <matt@openssl.org>	2018-07-03 11:22:06 +0100
commit	9d4167241c8fa15b3ae77651109aac7fa66ac17b (patch)
tree	59be8e82136b7ae8248d7e2c99ae73838681dd9e /ssl/ssl_locl.h
parent	1e8cb18d499604c1766bfcec23a358888eaf6551 (diff)