summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2015-09-13 09:20:19 +0000
committerjsing <>2015-09-13 09:20:19 +0000
commit6dfed4d8d462a506b9ea9e0e96092d0eda8373f1 (patch)
treeef6d6213f837387ff8e221e487c55b1502929308
parentc3ba6bff2113cb2fedd4ebfb0fa2fac9485a6e0b (diff)
downloadopenbsd-6dfed4d8d462a506b9ea9e0e96092d0eda8373f1.tar.gz
openbsd-6dfed4d8d462a506b9ea9e0e96092d0eda8373f1.tar.bz2
openbsd-6dfed4d8d462a506b9ea9e0e96092d0eda8373f1.zip
The *_accept() functions increment in_handshake at the start of the function,
then decrement it and call a callback on exit from the function. As such, these functions should not return in the middle, otherwise in_handshake is never decremented and the callback never called. ok beck@ "with many sighs" miod@
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/d1_srvr.c8
-rw-r--r--src/lib/libssl/s3_srvr.c41
-rw-r--r--src/lib/libssl/src/ssl/d1_srvr.c8
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c41
4 files changed, 60 insertions, 38 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index f5e0ec3e4b..f6664237ae 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_srvr.c,v 1.66 2015/09/12 20:51:33 jsing Exp $ */ 1/* $OpenBSD: d1_srvr.c,v 1.67 2015/09/13 09:20:19 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -202,7 +202,8 @@ dtls1_accept(SSL *s)
202 202
203 if (s->cert == NULL) { 203 if (s->cert == NULL) {
204 SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET); 204 SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
205 return (-1); 205 ret = -1;
206 goto end;
206 } 207 }
207 208
208 for (;;) { 209 for (;;) {
@@ -224,7 +225,8 @@ dtls1_accept(SSL *s)
224 225
225 if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) { 226 if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
226 SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR); 227 SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
227 return -1; 228 ret = -1;
229 goto end;
228 } 230 }
229 s->type = SSL_ST_ACCEPT; 231 s->type = SSL_ST_ACCEPT;
230 232
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 2fbf063140..cd63422db8 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.121 2015/09/12 16:10:07 doug Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.122 2015/09/13 09:20:19 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -188,9 +188,9 @@ ssl3_accept(SSL *s)
188 SSL_clear(s); 188 SSL_clear(s);
189 189
190 if (s->cert == NULL) { 190 if (s->cert == NULL) {
191 SSLerr(SSL_F_SSL3_ACCEPT, 191 SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
192 SSL_R_NO_CERTIFICATE_SET); 192 ret = -1;
193 return (-1); 193 goto end;
194 } 194 }
195 195
196 for (;;) { 196 for (;;) {
@@ -211,9 +211,9 @@ ssl3_accept(SSL *s)
211 cb(s, SSL_CB_HANDSHAKE_START, 1); 211 cb(s, SSL_CB_HANDSHAKE_START, 1);
212 212
213 if ((s->version >> 8) != 3) { 213 if ((s->version >> 8) != 3) {
214 SSLerr(SSL_F_SSL3_ACCEPT, 214 SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
215 ERR_R_INTERNAL_ERROR); 215 ret = -1;
216 return (-1); 216 goto end;
217 } 217 }
218 s->type = SSL_ST_ACCEPT; 218 s->type = SSL_ST_ACCEPT;
219 219
@@ -392,9 +392,12 @@ ssl3_accept(SSL *s)
392 skip = 1; 392 skip = 1;
393 s->s3->tmp.cert_request = 0; 393 s->s3->tmp.cert_request = 0;
394 s->state = SSL3_ST_SW_SRVR_DONE_A; 394 s->state = SSL3_ST_SW_SRVR_DONE_A;
395 if (s->s3->handshake_buffer) 395 if (s->s3->handshake_buffer) {
396 if (!tls1_digest_cached_records(s)) 396 if (!tls1_digest_cached_records(s)) {
397 return (-1); 397 ret = -1;
398 goto end;
399 }
400 }
398 } else { 401 } else {
399 s->s3->tmp.cert_request = 1; 402 s->s3->tmp.cert_request = 1;
400 ret = ssl3_send_certificate_request(s); 403 ret = ssl3_send_certificate_request(s);
@@ -482,11 +485,14 @@ ssl3_accept(SSL *s)
482 if (!s->s3->handshake_buffer) { 485 if (!s->s3->handshake_buffer) {
483 SSLerr(SSL_F_SSL3_ACCEPT, 486 SSLerr(SSL_F_SSL3_ACCEPT,
484 ERR_R_INTERNAL_ERROR); 487 ERR_R_INTERNAL_ERROR);
485 return (-1); 488 ret = -1;
489 goto end;
486 } 490 }
487 s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; 491 s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
488 if (!tls1_digest_cached_records(s)) 492 if (!tls1_digest_cached_records(s)) {
489 return (-1); 493 ret = -1;
494 goto end;
495 }
490 } else { 496 } else {
491 int offset = 0; 497 int offset = 0;
492 int dgst_num; 498 int dgst_num;
@@ -501,9 +507,12 @@ ssl3_accept(SSL *s)
501 * CertificateVerify should be generalized. 507 * CertificateVerify should be generalized.
502 * But it is next step 508 * But it is next step
503 */ 509 */
504 if (s->s3->handshake_buffer) 510 if (s->s3->handshake_buffer) {
505 if (!tls1_digest_cached_records(s)) 511 if (!tls1_digest_cached_records(s)) {
506 return (-1); 512 ret = -1;
513 goto end;
514 }
515 }
507 for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST; 516 for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST;
508 dgst_num++) 517 dgst_num++)
509 if (s->s3->handshake_dgst[dgst_num]) { 518 if (s->s3->handshake_dgst[dgst_num]) {
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c
index f5e0ec3e4b..f6664237ae 100644
--- a/src/lib/libssl/src/ssl/d1_srvr.c
+++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_srvr.c,v 1.66 2015/09/12 20:51:33 jsing Exp $ */ 1/* $OpenBSD: d1_srvr.c,v 1.67 2015/09/13 09:20:19 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -202,7 +202,8 @@ dtls1_accept(SSL *s)
202 202
203 if (s->cert == NULL) { 203 if (s->cert == NULL) {
204 SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET); 204 SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
205 return (-1); 205 ret = -1;
206 goto end;
206 } 207 }
207 208
208 for (;;) { 209 for (;;) {
@@ -224,7 +225,8 @@ dtls1_accept(SSL *s)
224 225
225 if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) { 226 if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
226 SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR); 227 SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
227 return -1; 228 ret = -1;
229 goto end;
228 } 230 }
229 s->type = SSL_ST_ACCEPT; 231 s->type = SSL_ST_ACCEPT;
230 232
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 2fbf063140..cd63422db8 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.121 2015/09/12 16:10:07 doug Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.122 2015/09/13 09:20:19 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -188,9 +188,9 @@ ssl3_accept(SSL *s)
188 SSL_clear(s); 188 SSL_clear(s);
189 189
190 if (s->cert == NULL) { 190 if (s->cert == NULL) {
191 SSLerr(SSL_F_SSL3_ACCEPT, 191 SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
192 SSL_R_NO_CERTIFICATE_SET); 192 ret = -1;
193 return (-1); 193 goto end;
194 } 194 }
195 195
196 for (;;) { 196 for (;;) {
@@ -211,9 +211,9 @@ ssl3_accept(SSL *s)
211 cb(s, SSL_CB_HANDSHAKE_START, 1); 211 cb(s, SSL_CB_HANDSHAKE_START, 1);
212 212
213 if ((s->version >> 8) != 3) { 213 if ((s->version >> 8) != 3) {
214 SSLerr(SSL_F_SSL3_ACCEPT, 214 SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
215 ERR_R_INTERNAL_ERROR); 215 ret = -1;
216 return (-1); 216 goto end;
217 } 217 }
218 s->type = SSL_ST_ACCEPT; 218 s->type = SSL_ST_ACCEPT;
219 219
@@ -392,9 +392,12 @@ ssl3_accept(SSL *s)
392 skip = 1; 392 skip = 1;
393 s->s3->tmp.cert_request = 0; 393 s->s3->tmp.cert_request = 0;
394 s->state = SSL3_ST_SW_SRVR_DONE_A; 394 s->state = SSL3_ST_SW_SRVR_DONE_A;
395 if (s->s3->handshake_buffer) 395 if (s->s3->handshake_buffer) {
396 if (!tls1_digest_cached_records(s)) 396 if (!tls1_digest_cached_records(s)) {
397 return (-1); 397 ret = -1;
398 goto end;
399 }
400 }
398 } else { 401 } else {
399 s->s3->tmp.cert_request = 1; 402 s->s3->tmp.cert_request = 1;
400 ret = ssl3_send_certificate_request(s); 403 ret = ssl3_send_certificate_request(s);
@@ -482,11 +485,14 @@ ssl3_accept(SSL *s)
482 if (!s->s3->handshake_buffer) { 485 if (!s->s3->handshake_buffer) {
483 SSLerr(SSL_F_SSL3_ACCEPT, 486 SSLerr(SSL_F_SSL3_ACCEPT,
484 ERR_R_INTERNAL_ERROR); 487 ERR_R_INTERNAL_ERROR);
485 return (-1); 488 ret = -1;
489 goto end;
486 } 490 }
487 s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; 491 s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
488 if (!tls1_digest_cached_records(s)) 492 if (!tls1_digest_cached_records(s)) {
489 return (-1); 493 ret = -1;
494 goto end;
495 }
490 } else { 496 } else {
491 int offset = 0; 497 int offset = 0;
492 int dgst_num; 498 int dgst_num;
@@ -501,9 +507,12 @@ ssl3_accept(SSL *s)
501 * CertificateVerify should be generalized. 507 * CertificateVerify should be generalized.
502 * But it is next step 508 * But it is next step
503 */ 509 */
504 if (s->s3->handshake_buffer) 510 if (s->s3->handshake_buffer) {
505 if (!tls1_digest_cached_records(s)) 511 if (!tls1_digest_cached_records(s)) {
506 return (-1); 512 ret = -1;
513 goto end;
514 }
515 }
507 for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST; 516 for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST;
508 dgst_num++) 517 dgst_num++)
509 if (s->s3->handshake_dgst[dgst_num]) { 518 if (s->s3->handshake_dgst[dgst_num]) {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-31 13:49:52 +0000