summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2014-12-10 15:43:31 +0000
committerjsing <>2014-12-10 15:43:31 +0000
commitdab47bb742c4c69e7fbed8b439b68dd68e5a3bcc (patch)
tree626ac5debee47cd4bf6f23ff35253234be5bbe4d
parent091bf547974906c9be5137a27f2db864521aaa69 (diff)
downloadopenbsd-dab47bb742c4c69e7fbed8b439b68dd68e5a3bcc.tar.gz
openbsd-dab47bb742c4c69e7fbed8b439b68dd68e5a3bcc.tar.bz2
openbsd-dab47bb742c4c69e7fbed8b439b68dd68e5a3bcc.zip
ssl3_init_finished_mac() calls BIO_new() which can fail since it in turn
calls malloc(). Instead of silently continuing on failure, check the return value of BIO_new() and propagate failure back to the caller for appropriate handling. ok bcook@
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/d1_clnt.c7
-rw-r--r--src/lib/libssl/d1_srvr.c21
-rw-r--r--src/lib/libssl/s23_clnt.c7
-rw-r--r--src/lib/libssl/s23_srvr.c7
-rw-r--r--src/lib/libssl/s3_both.c8
-rw-r--r--src/lib/libssl/s3_clnt.c7
-rw-r--r--src/lib/libssl/s3_srvr.c13
-rw-r--r--src/lib/libssl/src/ssl/d1_clnt.c7
-rw-r--r--src/lib/libssl/src/ssl/d1_srvr.c21
-rw-r--r--src/lib/libssl/src/ssl/s23_clnt.c7
-rw-r--r--src/lib/libssl/src/ssl/s23_srvr.c7
-rw-r--r--src/lib/libssl/src/ssl/s3_both.c8
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c7
-rw-r--r--src/lib/libssl/src/ssl/s3_enc.c9
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c13
-rw-r--r--src/lib/libssl/src/ssl/ssl_locl.h4
-rw-r--r--src/lib/libssl/ssl_locl.h4
17 files changed, 115 insertions, 42 deletions
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index a73995ccda..490e2849f1 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.39 2014/12/06 14:24:26 jsing Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.40 2014/12/10 15:43:31 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -310,7 +310,10 @@ dtls1_connect(SSL *s)
310 s->shutdown = 0; 310 s->shutdown = 0;
311 311
312 /* every DTLS ClientHello resets Finished MAC */ 312 /* every DTLS ClientHello resets Finished MAC */
313 ssl3_init_finished_mac(s); 313 if (!ssl3_init_finished_mac(s)) {
314 ret = -1;
315 goto end;
316 }
314 317
315 dtls1_start_timer(s); 318 dtls1_start_timer(s);
316 ret = dtls1_client_hello(s); 319 ret = dtls1_client_hello(s);
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index e1959fb7e1..ee0e62336f 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_srvr.c,v 1.42 2014/11/16 14:12:47 jsing Exp $ */ 1/* $OpenBSD: d1_srvr.c,v 1.43 2014/12/10 15:43:31 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -272,7 +272,11 @@ dtls1_accept(SSL *s)
272 goto end; 272 goto end;
273 } 273 }
274 274
275 ssl3_init_finished_mac(s); 275 if (!ssl3_init_finished_mac(s)) {
276 ret = -1;
277 goto end;
278 }
279
276 s->state = SSL3_ST_SR_CLNT_HELLO_A; 280 s->state = SSL3_ST_SR_CLNT_HELLO_A;
277 s->ctx->stats.sess_accept++; 281 s->ctx->stats.sess_accept++;
278 } else { 282 } else {
@@ -297,7 +301,10 @@ dtls1_accept(SSL *s)
297 s->state = SSL3_ST_SW_FLUSH; 301 s->state = SSL3_ST_SW_FLUSH;
298 s->init_num = 0; 302 s->init_num = 0;
299 303
300 ssl3_init_finished_mac(s); 304 if (!ssl3_init_finished_mac(s)) {
305 ret = -1;
306 goto end;
307 }
301 break; 308 break;
302 309
303 case SSL3_ST_SW_HELLO_REQ_C: 310 case SSL3_ST_SW_HELLO_REQ_C:
@@ -351,8 +358,12 @@ dtls1_accept(SSL *s)
351 s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A; 358 s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
352 359
353 /* HelloVerifyRequest resets Finished MAC */ 360 /* HelloVerifyRequest resets Finished MAC */
354 if (s->version != DTLS1_BAD_VER) 361 if (s->version != DTLS1_BAD_VER) {
355 ssl3_init_finished_mac(s); 362 if (!ssl3_init_finished_mac(s)) {
363 ret = -1;
364 goto end;
365 }
366 }
356 break; 367 break;
357 368
358#ifndef OPENSSL_NO_SCTP 369#ifndef OPENSSL_NO_SCTP
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
index 07bf6d7861..28ea24c173 100644
--- a/src/lib/libssl/s23_clnt.c
+++ b/src/lib/libssl/s23_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s23_clnt.c,v 1.34 2014/11/16 14:12:47 jsing Exp $ */ 1/* $OpenBSD: s23_clnt.c,v 1.35 2014/12/10 15:43:31 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -230,7 +230,10 @@ ssl23_connect(SSL *s)
230 goto end; 230 goto end;
231 } 231 }
232 232
233 ssl3_init_finished_mac(s); 233 if (!ssl3_init_finished_mac(s)) {
234 ret = -1;
235 goto end;
236 }
234 237
235 s->state = SSL23_ST_CW_CLNT_HELLO_A; 238 s->state = SSL23_ST_CW_CLNT_HELLO_A;
236 s->ctx->stats.sess_connect++; 239 s->ctx->stats.sess_connect++;
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index 9530ecdbaa..a7686c3f40 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s23_srvr.c,v 1.36 2014/11/16 14:12:47 jsing Exp $ */ 1/* $OpenBSD: s23_srvr.c,v 1.37 2014/12/10 15:43:31 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -219,7 +219,10 @@ ssl23_accept(SSL *s)
219 s->init_buf = buf; 219 s->init_buf = buf;
220 } 220 }
221 221
222 ssl3_init_finished_mac(s); 222 if (!ssl3_init_finished_mac(s)) {
223 ret = -1;
224 goto end;
225 }
223 226
224 s->state = SSL23_ST_SR_CLNT_HELLO_A; 227 s->state = SSL23_ST_SR_CLNT_HELLO_A;
225 s->ctx->stats.sess_accept++; 228 s->ctx->stats.sess_accept++;
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index 0d9cc3d65c..ffc10774d8 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_both.c,v 1.33 2014/12/10 15:36:46 jsing Exp $ */ 1/* $OpenBSD: s3_both.c,v 1.34 2014/12/10 15:43:31 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -464,7 +464,11 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
464 * start a new handshake?). We need to restart the mac. 464 * start a new handshake?). We need to restart the mac.
465 * Don't increment {num,total}_renegotiations because 465 * Don't increment {num,total}_renegotiations because
466 * we have not completed the handshake. */ 466 * we have not completed the handshake. */
467 ssl3_init_finished_mac(s); 467 if (!ssl3_init_finished_mac(s)) {
468 SSLerr(SSL_F_SSL3_GET_MESSAGE,
469 ERR_R_MALLOC_FAILURE);
470 goto err;
471 }
468 } 472 }
469 473
470 s->s3->tmp.message_type= *(p++); 474 s->s3->tmp.message_type= *(p++);
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 6a54dfa359..e7741826ae 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.98 2014/12/10 15:36:46 jsing Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.99 2014/12/10 15:43:31 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -288,7 +288,10 @@ ssl3_connect(SSL *s)
288 288
289 /* don't push the buffering BIO quite yet */ 289 /* don't push the buffering BIO quite yet */
290 290
291 ssl3_init_finished_mac(s); 291 if (!ssl3_init_finished_mac(s)) {
292 ret = -1;
293 goto end;
294 }
292 295
293 s->state = SSL3_ST_CW_CLNT_HELLO_A; 296 s->state = SSL3_ST_CW_CLNT_HELLO_A;
294 s->ctx->stats.sess_connect++; 297 s->ctx->stats.sess_connect++;
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 43880a0610..645caf4bc9 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.92 2014/12/10 15:36:47 jsing Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.93 2014/12/10 15:43:31 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -298,7 +298,11 @@ ssl3_accept(SSL *s)
298 goto end; 298 goto end;
299 } 299 }
300 300
301 ssl3_init_finished_mac(s); 301 if (!ssl3_init_finished_mac(s)) {
302 ret = -1;
303 goto end;
304 }
305
302 s->state = SSL3_ST_SR_CLNT_HELLO_A; 306 s->state = SSL3_ST_SR_CLNT_HELLO_A;
303 s->ctx->stats.sess_accept++; 307 s->ctx->stats.sess_accept++;
304 } else if (!s->s3->send_connection_binding) { 308 } else if (!s->s3->send_connection_binding) {
@@ -334,7 +338,10 @@ ssl3_accept(SSL *s)
334 s->state = SSL3_ST_SW_FLUSH; 338 s->state = SSL3_ST_SW_FLUSH;
335 s->init_num = 0; 339 s->init_num = 0;
336 340
337 ssl3_init_finished_mac(s); 341 if (!ssl3_init_finished_mac(s)) {
342 ret = -1;
343 goto end;
344 }
338 break; 345 break;
339 346
340 case SSL3_ST_SW_HELLO_REQ_C: 347 case SSL3_ST_SW_HELLO_REQ_C:
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index a73995ccda..490e2849f1 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.39 2014/12/06 14:24:26 jsing Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.40 2014/12/10 15:43:31 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -310,7 +310,10 @@ dtls1_connect(SSL *s)
310 s->shutdown = 0; 310 s->shutdown = 0;
311 311
312 /* every DTLS ClientHello resets Finished MAC */ 312 /* every DTLS ClientHello resets Finished MAC */
313 ssl3_init_finished_mac(s); 313 if (!ssl3_init_finished_mac(s)) {
314 ret = -1;
315 goto end;
316 }
314 317
315 dtls1_start_timer(s); 318 dtls1_start_timer(s);
316 ret = dtls1_client_hello(s); 319 ret = dtls1_client_hello(s);
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c
index e1959fb7e1..ee0e62336f 100644
--- a/src/lib/libssl/src/ssl/d1_srvr.c
+++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_srvr.c,v 1.42 2014/11/16 14:12:47 jsing Exp $ */ 1/* $OpenBSD: d1_srvr.c,v 1.43 2014/12/10 15:43:31 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -272,7 +272,11 @@ dtls1_accept(SSL *s)
272 goto end; 272 goto end;
273 } 273 }
274 274
275 ssl3_init_finished_mac(s); 275 if (!ssl3_init_finished_mac(s)) {
276 ret = -1;
277 goto end;
278 }
279
276 s->state = SSL3_ST_SR_CLNT_HELLO_A; 280 s->state = SSL3_ST_SR_CLNT_HELLO_A;
277 s->ctx->stats.sess_accept++; 281 s->ctx->stats.sess_accept++;
278 } else { 282 } else {
@@ -297,7 +301,10 @@ dtls1_accept(SSL *s)
297 s->state = SSL3_ST_SW_FLUSH; 301 s->state = SSL3_ST_SW_FLUSH;
298 s->init_num = 0; 302 s->init_num = 0;
299 303
300 ssl3_init_finished_mac(s); 304 if (!ssl3_init_finished_mac(s)) {
305 ret = -1;
306 goto end;
307 }
301 break; 308 break;
302 309
303 case SSL3_ST_SW_HELLO_REQ_C: 310 case SSL3_ST_SW_HELLO_REQ_C:
@@ -351,8 +358,12 @@ dtls1_accept(SSL *s)
351 s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A; 358 s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
352 359
353 /* HelloVerifyRequest resets Finished MAC */ 360 /* HelloVerifyRequest resets Finished MAC */
354 if (s->version != DTLS1_BAD_VER) 361 if (s->version != DTLS1_BAD_VER) {
355 ssl3_init_finished_mac(s); 362 if (!ssl3_init_finished_mac(s)) {
363 ret = -1;
364 goto end;
365 }
366 }
356 break; 367 break;
357 368
358#ifndef OPENSSL_NO_SCTP 369#ifndef OPENSSL_NO_SCTP
diff --git a/src/lib/libssl/src/ssl/s23_clnt.c b/src/lib/libssl/src/ssl/s23_clnt.c
index 07bf6d7861..28ea24c173 100644
--- a/src/lib/libssl/src/ssl/s23_clnt.c
+++ b/src/lib/libssl/src/ssl/s23_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s23_clnt.c,v 1.34 2014/11/16 14:12:47 jsing Exp $ */ 1/* $OpenBSD: s23_clnt.c,v 1.35 2014/12/10 15:43:31 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -230,7 +230,10 @@ ssl23_connect(SSL *s)
230 goto end; 230 goto end;
231 } 231 }
232 232
233 ssl3_init_finished_mac(s); 233 if (!ssl3_init_finished_mac(s)) {
234 ret = -1;
235 goto end;
236 }
234 237
235 s->state = SSL23_ST_CW_CLNT_HELLO_A; 238 s->state = SSL23_ST_CW_CLNT_HELLO_A;
236 s->ctx->stats.sess_connect++; 239 s->ctx->stats.sess_connect++;
diff --git a/src/lib/libssl/src/ssl/s23_srvr.c b/src/lib/libssl/src/ssl/s23_srvr.c
index 9530ecdbaa..a7686c3f40 100644
--- a/src/lib/libssl/src/ssl/s23_srvr.c
+++ b/src/lib/libssl/src/ssl/s23_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s23_srvr.c,v 1.36 2014/11/16 14:12:47 jsing Exp $ */ 1/* $OpenBSD: s23_srvr.c,v 1.37 2014/12/10 15:43:31 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -219,7 +219,10 @@ ssl23_accept(SSL *s)
219 s->init_buf = buf; 219 s->init_buf = buf;
220 } 220 }
221 221
222 ssl3_init_finished_mac(s); 222 if (!ssl3_init_finished_mac(s)) {
223 ret = -1;
224 goto end;
225 }
223 226
224 s->state = SSL23_ST_SR_CLNT_HELLO_A; 227 s->state = SSL23_ST_SR_CLNT_HELLO_A;
225 s->ctx->stats.sess_accept++; 228 s->ctx->stats.sess_accept++;
diff --git a/src/lib/libssl/src/ssl/s3_both.c b/src/lib/libssl/src/ssl/s3_both.c
index 0d9cc3d65c..ffc10774d8 100644
--- a/src/lib/libssl/src/ssl/s3_both.c
+++ b/src/lib/libssl/src/ssl/s3_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_both.c,v 1.33 2014/12/10 15:36:46 jsing Exp $ */ 1/* $OpenBSD: s3_both.c,v 1.34 2014/12/10 15:43:31 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -464,7 +464,11 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
464 * start a new handshake?). We need to restart the mac. 464 * start a new handshake?). We need to restart the mac.
465 * Don't increment {num,total}_renegotiations because 465 * Don't increment {num,total}_renegotiations because
466 * we have not completed the handshake. */ 466 * we have not completed the handshake. */
467 ssl3_init_finished_mac(s); 467 if (!ssl3_init_finished_mac(s)) {
468 SSLerr(SSL_F_SSL3_GET_MESSAGE,
469 ERR_R_MALLOC_FAILURE);
470 goto err;
471 }
468 } 472 }
469 473
470 s->s3->tmp.message_type= *(p++); 474 s->s3->tmp.message_type= *(p++);
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 6a54dfa359..e7741826ae 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.98 2014/12/10 15:36:46 jsing Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.99 2014/12/10 15:43:31 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -288,7 +288,10 @@ ssl3_connect(SSL *s)
288 288
289 /* don't push the buffering BIO quite yet */ 289 /* don't push the buffering BIO quite yet */
290 290
291 ssl3_init_finished_mac(s); 291 if (!ssl3_init_finished_mac(s)) {
292 ret = -1;
293 goto end;
294 }
292 295
293 s->state = SSL3_ST_CW_CLNT_HELLO_A; 296 s->state = SSL3_ST_CW_CLNT_HELLO_A;
294 s->ctx->stats.sess_connect++; 297 s->ctx->stats.sess_connect++;
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index 09d3dd77a5..ec7df59f3b 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_enc.c,v 1.56 2014/11/16 14:12:47 jsing Exp $ */ 1/* $OpenBSD: s3_enc.c,v 1.57 2014/12/10 15:43:31 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -469,14 +469,19 @@ ssl3_enc(SSL *s, int send)
469 return (1); 469 return (1);
470} 470}
471 471
472void 472int
473ssl3_init_finished_mac(SSL *s) 473ssl3_init_finished_mac(SSL *s)
474{ 474{
475 BIO_free(s->s3->handshake_buffer); 475 BIO_free(s->s3->handshake_buffer);
476 ssl3_free_digest_list(s); 476 ssl3_free_digest_list(s);
477
477 s->s3->handshake_buffer = BIO_new(BIO_s_mem()); 478 s->s3->handshake_buffer = BIO_new(BIO_s_mem());
479 if (s->s3->handshake_buffer == NULL)
480 return (0);
478 481
479 (void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE); 482 (void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE);
483
484 return (1);
480} 485}
481 486
482void 487void
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 43880a0610..645caf4bc9 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.92 2014/12/10 15:36:47 jsing Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.93 2014/12/10 15:43:31 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -298,7 +298,11 @@ ssl3_accept(SSL *s)
298 goto end; 298 goto end;
299 } 299 }
300 300
301 ssl3_init_finished_mac(s); 301 if (!ssl3_init_finished_mac(s)) {
302 ret = -1;
303 goto end;
304 }
305
302 s->state = SSL3_ST_SR_CLNT_HELLO_A; 306 s->state = SSL3_ST_SR_CLNT_HELLO_A;
303 s->ctx->stats.sess_accept++; 307 s->ctx->stats.sess_accept++;
304 } else if (!s->s3->send_connection_binding) { 308 } else if (!s->s3->send_connection_binding) {
@@ -334,7 +338,10 @@ ssl3_accept(SSL *s)
334 s->state = SSL3_ST_SW_FLUSH; 338 s->state = SSL3_ST_SW_FLUSH;
335 s->init_num = 0; 339 s->init_num = 0;
336 340
337 ssl3_init_finished_mac(s); 341 if (!ssl3_init_finished_mac(s)) {
342 ret = -1;
343 goto end;
344 }
338 break; 345 break;
339 346
340 case SSL3_ST_SW_HELLO_REQ_C: 347 case SSL3_ST_SW_HELLO_REQ_C:
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index b94249e9db..322caea87f 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.80 2014/12/10 15:36:47 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.81 2014/12/10 15:43:31 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -595,7 +595,7 @@ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
595int ssl_verify_alarm_type(long type); 595int ssl_verify_alarm_type(long type);
596void ssl_load_ciphers(void); 596void ssl_load_ciphers(void);
597 597
598void ssl3_init_finished_mac(SSL *s); 598int ssl3_init_finished_mac(SSL *s);
599int ssl3_send_server_certificate(SSL *s); 599int ssl3_send_server_certificate(SSL *s);
600int ssl3_send_newsession_ticket(SSL *s); 600int ssl3_send_newsession_ticket(SSL *s);
601int ssl3_send_cert_status(SSL *s); 601int ssl3_send_cert_status(SSL *s);
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index b94249e9db..322caea87f 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.80 2014/12/10 15:36:47 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.81 2014/12/10 15:43:31 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -595,7 +595,7 @@ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
595int ssl_verify_alarm_type(long type); 595int ssl_verify_alarm_type(long type);
596void ssl_load_ciphers(void); 596void ssl_load_ciphers(void);
597 597
598void ssl3_init_finished_mac(SSL *s); 598int ssl3_init_finished_mac(SSL *s);
599int ssl3_send_server_certificate(SSL *s); 599int ssl3_send_server_certificate(SSL *s);
600int ssl3_send_newsession_ticket(SSL *s); 600int ssl3_send_newsession_ticket(SSL *s);
601int ssl3_send_cert_status(SSL *s); 601int ssl3_send_cert_status(SSL *s);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 15:47:46 +0000