summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormiod <>2014-08-07 19:46:31 +0000
committermiod <>2014-08-07 19:46:31 +0000
commit15e8f255e119bc9bcc3d331677007d5263431e63 (patch)
treef63319cf5456a29e9fa85ebbd2f5e44de3fb4043
parent4bcdac8281676ec72b23bb5dbfa6716fc392dfc1 (diff)
downloadopenbsd-15e8f255e119bc9bcc3d331677007d5263431e63.tar.gz
openbsd-15e8f255e119bc9bcc3d331677007d5263431e63.tar.bz2
openbsd-15e8f255e119bc9bcc3d331677007d5263431e63.zip
When you expect a function to return a particular value, don't put a comment
saying that you expect it to return that value and compare it against zero because it is supposedly faster, for this leads to bugs (especially given the high rate of sloppy cut'n'paste within ssl3 and dtls1 routines in this library). Instead, compare for the exact value it ought to return upon success. ok deraadt@
Diffstat
-rw-r--r--src/lib/libssl/d1_both.c5
-rw-r--r--src/lib/libssl/d1_clnt.c8
-rw-r--r--src/lib/libssl/d1_pkt.c6
-rw-r--r--src/lib/libssl/s23_srvr.c9
-rw-r--r--src/lib/libssl/s3_both.c21
-rw-r--r--src/lib/libssl/s3_lib.c6
-rw-r--r--src/lib/libssl/src/ssl/d1_both.c5
-rw-r--r--src/lib/libssl/src/ssl/d1_clnt.c8
-rw-r--r--src/lib/libssl/src/ssl/d1_pkt.c6
-rw-r--r--src/lib/libssl/src/ssl/s23_srvr.c9
-rw-r--r--src/lib/libssl/src/ssl/s3_both.c21
-rw-r--r--src/lib/libssl/src/ssl/s3_enc.c6
-rw-r--r--src/lib/libssl/src/ssl/s3_lib.c6
-rw-r--r--src/lib/libssl/src/ssl/t1_enc.c7
-rw-r--r--src/lib/libssl/t1_enc.c7
15 files changed, 59 insertions, 71 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index e25f69dbb6..2391d52994 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_both.c,v 1.24 2014/07/10 08:51:14 tedu Exp $ */ 1/* $OpenBSD: d1_both.c,v 1.25 2014/08/07 19:46:31 miod Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -903,6 +903,7 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
903 903
904 i = s->method->ssl3_enc->final_finish_mac(s, sender, slen, 904 i = s->method->ssl3_enc->final_finish_mac(s, sender, slen,
905 s->s3->tmp.finish_md); 905 s->s3->tmp.finish_md);
906 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
906 s->s3->tmp.finish_md_len = i; 907 s->s3->tmp.finish_md_len = i;
907 memcpy(p, s->s3->tmp.finish_md, i); 908 memcpy(p, s->s3->tmp.finish_md, i);
908 p += i; 909 p += i;
@@ -913,12 +914,10 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
913 * renegotiation checks 914 * renegotiation checks
914 */ 915 */
915 if (s->type == SSL_ST_CONNECT) { 916 if (s->type == SSL_ST_CONNECT) {
916 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
917 memcpy(s->s3->previous_client_finished, 917 memcpy(s->s3->previous_client_finished,
918 s->s3->tmp.finish_md, i); 918 s->s3->tmp.finish_md, i);
919 s->s3->previous_client_finished_len = i; 919 s->s3->previous_client_finished_len = i;
920 } else { 920 } else {
921 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
922 memcpy(s->s3->previous_server_finished, 921 memcpy(s->s3->previous_server_finished,
923 s->s3->tmp.finish_md, i); 922 s->s3->tmp.finish_md, i);
924 s->s3->previous_server_finished_len = i; 923 s->s3->previous_server_finished_len = i;
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 552667f6c1..165f9441f6 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.31 2014/07/12 22:33:39 jsing Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.32 2014/08/07 19:46:31 miod Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -778,8 +778,9 @@ dtls1_client_hello(SSL *s)
778 778
779 /* if client_random is initialized, reuse it, we are 779 /* if client_random is initialized, reuse it, we are
780 * required to use same upon reply to HelloVerify */ 780 * required to use same upon reply to HelloVerify */
781 for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++) 781 for (i = 0; i < sizeof(s->s3->client_random); i++)
782 ; 782 if (p[i] != '\0')
783 break;
783 if (i == sizeof(s->s3->client_random)) 784 if (i == sizeof(s->s3->client_random))
784 RAND_pseudo_bytes(p, sizeof(s->s3->client_random)); 785 RAND_pseudo_bytes(p, sizeof(s->s3->client_random));
785 786
@@ -1338,7 +1339,6 @@ dtls1_send_client_certificate(SSL *s)
1338 /* If we get an error, we need to 1339 /* If we get an error, we need to
1339 * ssl->rwstate=SSL_X509_LOOKUP; return(-1); 1340 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
1340 * We then get retied later */ 1341 * We then get retied later */
1341 i = 0;
1342 i = ssl_do_client_cert_cb(s, &x509, &pkey); 1342 i = ssl_do_client_cert_cb(s, &x509, &pkey);
1343 if (i < 0) { 1343 if (i < 0) {
1344 s->rwstate = SSL_X509_LOOKUP; 1344 s->rwstate = SSL_X509_LOOKUP;
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index c9ffab1f3c..5be89f0955 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_pkt.c,v 1.32 2014/07/10 08:51:14 tedu Exp $ */ 1/* $OpenBSD: d1_pkt.c,v 1.33 2014/08/07 19:46:31 miod Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -414,10 +414,12 @@ dtls1_process_record(SSL *s)
414 } 414 }
415 415
416 i = s->method->ssl3_enc->mac(s, md, 0 /* not send */); 416 i = s->method->ssl3_enc->mac(s, md, 0 /* not send */);
417 if (i < 0 || mac == NULL || timingsafe_memcmp(md, mac, (size_t)mac_size) != 0) 417 if (i < 0 || mac == NULL ||
418 timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)
418 enc_err = -1; 419 enc_err = -1;
419 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) 420 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
420 enc_err = -1; 421 enc_err = -1;
422 OPENSSL_cleanse(&md, sizeof md);
421 } 423 }
422 424
423 if (enc_err < 0) { 425 if (enc_err < 0) {
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index ee977130fb..5f8ffa8eaf 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s23_srvr.c,v 1.32 2014/08/07 04:49:53 deraadt Exp $ */ 1/* $OpenBSD: s23_srvr.c,v 1.33 2014/08/07 19:46:31 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -448,11 +448,8 @@ ssl23_get_client_hello(SSL *s)
448 } 448 }
449 449
450 j = ssl23_read_bytes(s, n + 2); 450 j = ssl23_read_bytes(s, n + 2);
451 /* We previously read 11 bytes, so if j > 0, we must have 451 if (j != n + 2)
452 * j == n+2 == s->packet_length. We have at least 11 valid 452 return -1;
453 * packet bytes. */
454 if (j <= 0)
455 return (j);
456 453
457 ssl3_finish_mac(s, s->packet + 2, s->packet_length - 2); 454 ssl3_finish_mac(s, s->packet + 2, s->packet_length - 2);
458 if (s->msg_callback) 455 if (s->msg_callback)
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index 500387e372..afcaca3c43 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_both.c,v 1.26 2014/07/10 08:51:14 tedu Exp $ */ 1/* $OpenBSD: s3_both.c,v 1.27 2014/08/07 19:46:31 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -161,7 +161,7 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
161 p = &(d[4]); 161 p = &(d[4]);
162 162
163 i = s->method->ssl3_enc->final_finish_mac(s, 163 i = s->method->ssl3_enc->final_finish_mac(s,
164 sender, slen, s->s3->tmp.finish_md); 164 sender, slen, s->s3->tmp.finish_md);
165 if (i == 0) 165 if (i == 0)
166 return 0; 166 return 0;
167 s->s3->tmp.finish_md_len = i; 167 s->s3->tmp.finish_md_len = i;
@@ -171,15 +171,14 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
171 171
172 /* Copy the finished so we can use it for 172 /* Copy the finished so we can use it for
173 renegotiation checks */ 173 renegotiation checks */
174 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
174 if (s->type == SSL_ST_CONNECT) { 175 if (s->type == SSL_ST_CONNECT) {
175 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
176 memcpy(s->s3->previous_client_finished, 176 memcpy(s->s3->previous_client_finished,
177 s->s3->tmp.finish_md, i); 177 s->s3->tmp.finish_md, i);
178 s->s3->previous_client_finished_len = i; 178 s->s3->previous_client_finished_len = i;
179 } else { 179 } else {
180 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
181 memcpy(s->s3->previous_server_finished, 180 memcpy(s->s3->previous_server_finished,
182 s->s3->tmp.finish_md, i); 181 s->s3->tmp.finish_md, i);
183 s->s3->previous_server_finished_len = i; 182 s->s3->previous_server_finished_len = i;
184 } 183 }
185 184
@@ -216,7 +215,7 @@ ssl3_take_mac(SSL *s)
216 } 215 }
217 216
218 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, 217 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
219 sender, slen, s->s3->tmp.peer_finish_md); 218 sender, slen, s->s3->tmp.peer_finish_md);
220} 219}
221#endif 220#endif
222 221
@@ -250,7 +249,7 @@ ssl3_get_finished(SSL *s, int a, int b)
250 p = (unsigned char *)s->init_msg; 249 p = (unsigned char *)s->init_msg;
251 i = s->s3->tmp.peer_finish_md_len; 250 i = s->s3->tmp.peer_finish_md_len;
252 251
253 if (i != n) { 252 if (i != n || i > EVP_MAX_MD_SIZE) {
254 al = SSL_AD_DECODE_ERROR; 253 al = SSL_AD_DECODE_ERROR;
255 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH); 254 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
256 goto f_err; 255 goto f_err;
@@ -265,14 +264,12 @@ ssl3_get_finished(SSL *s, int a, int b)
265 /* Copy the finished so we can use it for 264 /* Copy the finished so we can use it for
266 renegotiation checks */ 265 renegotiation checks */
267 if (s->type == SSL_ST_ACCEPT) { 266 if (s->type == SSL_ST_ACCEPT) {
268 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
269 memcpy(s->s3->previous_client_finished, 267 memcpy(s->s3->previous_client_finished,
270 s->s3->tmp.peer_finish_md, i); 268 s->s3->tmp.peer_finish_md, i);
271 s->s3->previous_client_finished_len = i; 269 s->s3->previous_client_finished_len = i;
272 } else { 270 } else {
273 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
274 memcpy(s->s3->previous_server_finished, 271 memcpy(s->s3->previous_server_finished,
275 s->s3->tmp.peer_finish_md, i); 272 s->s3->tmp.peer_finish_md, i);
276 s->s3->previous_server_finished_len = i; 273 s->s3->previous_server_finished_len = i;
277 } 274 }
278 275
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 8a40b758a9..aa091f51c7 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.71 2014/07/13 16:03:10 beck Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.72 2014/08/07 19:46:31 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2333,7 +2333,7 @@ ssl3_new(SSL *s)
2333 SSL3_STATE *s3; 2333 SSL3_STATE *s3;
2334 2334
2335 if ((s3 = calloc(1, sizeof *s3)) == NULL) 2335 if ((s3 = calloc(1, sizeof *s3)) == NULL)
2336 goto err; 2336 return 0;
2337 memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num)); 2337 memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
2338 memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num)); 2338 memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
2339 2339
@@ -2341,8 +2341,6 @@ ssl3_new(SSL *s)
2341 2341
2342 s->method->ssl_clear(s); 2342 s->method->ssl_clear(s);
2343 return (1); 2343 return (1);
2344err:
2345 return (0);
2346} 2344}
2347 2345
2348void 2346void
diff --git a/src/lib/libssl/src/ssl/d1_both.c b/src/lib/libssl/src/ssl/d1_both.c
index e25f69dbb6..2391d52994 100644
--- a/src/lib/libssl/src/ssl/d1_both.c
+++ b/src/lib/libssl/src/ssl/d1_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_both.c,v 1.24 2014/07/10 08:51:14 tedu Exp $ */ 1/* $OpenBSD: d1_both.c,v 1.25 2014/08/07 19:46:31 miod Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -903,6 +903,7 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
903 903
904 i = s->method->ssl3_enc->final_finish_mac(s, sender, slen, 904 i = s->method->ssl3_enc->final_finish_mac(s, sender, slen,
905 s->s3->tmp.finish_md); 905 s->s3->tmp.finish_md);
906 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
906 s->s3->tmp.finish_md_len = i; 907 s->s3->tmp.finish_md_len = i;
907 memcpy(p, s->s3->tmp.finish_md, i); 908 memcpy(p, s->s3->tmp.finish_md, i);
908 p += i; 909 p += i;
@@ -913,12 +914,10 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
913 * renegotiation checks 914 * renegotiation checks
914 */ 915 */
915 if (s->type == SSL_ST_CONNECT) { 916 if (s->type == SSL_ST_CONNECT) {
916 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
917 memcpy(s->s3->previous_client_finished, 917 memcpy(s->s3->previous_client_finished,
918 s->s3->tmp.finish_md, i); 918 s->s3->tmp.finish_md, i);
919 s->s3->previous_client_finished_len = i; 919 s->s3->previous_client_finished_len = i;
920 } else { 920 } else {
921 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
922 memcpy(s->s3->previous_server_finished, 921 memcpy(s->s3->previous_server_finished,
923 s->s3->tmp.finish_md, i); 922 s->s3->tmp.finish_md, i);
924 s->s3->previous_server_finished_len = i; 923 s->s3->previous_server_finished_len = i;
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index 552667f6c1..165f9441f6 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.31 2014/07/12 22:33:39 jsing Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.32 2014/08/07 19:46:31 miod Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -778,8 +778,9 @@ dtls1_client_hello(SSL *s)
778 778
779 /* if client_random is initialized, reuse it, we are 779 /* if client_random is initialized, reuse it, we are
780 * required to use same upon reply to HelloVerify */ 780 * required to use same upon reply to HelloVerify */
781 for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++) 781 for (i = 0; i < sizeof(s->s3->client_random); i++)
782 ; 782 if (p[i] != '\0')
783 break;
783 if (i == sizeof(s->s3->client_random)) 784 if (i == sizeof(s->s3->client_random))
784 RAND_pseudo_bytes(p, sizeof(s->s3->client_random)); 785 RAND_pseudo_bytes(p, sizeof(s->s3->client_random));
785 786
@@ -1338,7 +1339,6 @@ dtls1_send_client_certificate(SSL *s)
1338 /* If we get an error, we need to 1339 /* If we get an error, we need to
1339 * ssl->rwstate=SSL_X509_LOOKUP; return(-1); 1340 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
1340 * We then get retied later */ 1341 * We then get retied later */
1341 i = 0;
1342 i = ssl_do_client_cert_cb(s, &x509, &pkey); 1342 i = ssl_do_client_cert_cb(s, &x509, &pkey);
1343 if (i < 0) { 1343 if (i < 0) {
1344 s->rwstate = SSL_X509_LOOKUP; 1344 s->rwstate = SSL_X509_LOOKUP;
diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c
index c9ffab1f3c..5be89f0955 100644
--- a/src/lib/libssl/src/ssl/d1_pkt.c
+++ b/src/lib/libssl/src/ssl/d1_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_pkt.c,v 1.32 2014/07/10 08:51:14 tedu Exp $ */ 1/* $OpenBSD: d1_pkt.c,v 1.33 2014/08/07 19:46:31 miod Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -414,10 +414,12 @@ dtls1_process_record(SSL *s)
414 } 414 }
415 415
416 i = s->method->ssl3_enc->mac(s, md, 0 /* not send */); 416 i = s->method->ssl3_enc->mac(s, md, 0 /* not send */);
417 if (i < 0 || mac == NULL || timingsafe_memcmp(md, mac, (size_t)mac_size) != 0) 417 if (i < 0 || mac == NULL ||
418 timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)
418 enc_err = -1; 419 enc_err = -1;
419 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) 420 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
420 enc_err = -1; 421 enc_err = -1;
422 OPENSSL_cleanse(&md, sizeof md);
421 } 423 }
422 424
423 if (enc_err < 0) { 425 if (enc_err < 0) {
diff --git a/src/lib/libssl/src/ssl/s23_srvr.c b/src/lib/libssl/src/ssl/s23_srvr.c
index ee977130fb..5f8ffa8eaf 100644
--- a/src/lib/libssl/src/ssl/s23_srvr.c
+++ b/src/lib/libssl/src/ssl/s23_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s23_srvr.c,v 1.32 2014/08/07 04:49:53 deraadt Exp $ */ 1/* $OpenBSD: s23_srvr.c,v 1.33 2014/08/07 19:46:31 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -448,11 +448,8 @@ ssl23_get_client_hello(SSL *s)
448 } 448 }
449 449
450 j = ssl23_read_bytes(s, n + 2); 450 j = ssl23_read_bytes(s, n + 2);
451 /* We previously read 11 bytes, so if j > 0, we must have 451 if (j != n + 2)
452 * j == n+2 == s->packet_length. We have at least 11 valid 452 return -1;
453 * packet bytes. */
454 if (j <= 0)
455 return (j);
456 453
457 ssl3_finish_mac(s, s->packet + 2, s->packet_length - 2); 454 ssl3_finish_mac(s, s->packet + 2, s->packet_length - 2);
458 if (s->msg_callback) 455 if (s->msg_callback)
diff --git a/src/lib/libssl/src/ssl/s3_both.c b/src/lib/libssl/src/ssl/s3_both.c
index 500387e372..afcaca3c43 100644
--- a/src/lib/libssl/src/ssl/s3_both.c
+++ b/src/lib/libssl/src/ssl/s3_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_both.c,v 1.26 2014/07/10 08:51:14 tedu Exp $ */ 1/* $OpenBSD: s3_both.c,v 1.27 2014/08/07 19:46:31 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -161,7 +161,7 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
161 p = &(d[4]); 161 p = &(d[4]);
162 162
163 i = s->method->ssl3_enc->final_finish_mac(s, 163 i = s->method->ssl3_enc->final_finish_mac(s,
164 sender, slen, s->s3->tmp.finish_md); 164 sender, slen, s->s3->tmp.finish_md);
165 if (i == 0) 165 if (i == 0)
166 return 0; 166 return 0;
167 s->s3->tmp.finish_md_len = i; 167 s->s3->tmp.finish_md_len = i;
@@ -171,15 +171,14 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
171 171
172 /* Copy the finished so we can use it for 172 /* Copy the finished so we can use it for
173 renegotiation checks */ 173 renegotiation checks */
174 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
174 if (s->type == SSL_ST_CONNECT) { 175 if (s->type == SSL_ST_CONNECT) {
175 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
176 memcpy(s->s3->previous_client_finished, 176 memcpy(s->s3->previous_client_finished,
177 s->s3->tmp.finish_md, i); 177 s->s3->tmp.finish_md, i);
178 s->s3->previous_client_finished_len = i; 178 s->s3->previous_client_finished_len = i;
179 } else { 179 } else {
180 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
181 memcpy(s->s3->previous_server_finished, 180 memcpy(s->s3->previous_server_finished,
182 s->s3->tmp.finish_md, i); 181 s->s3->tmp.finish_md, i);
183 s->s3->previous_server_finished_len = i; 182 s->s3->previous_server_finished_len = i;
184 } 183 }
185 184
@@ -216,7 +215,7 @@ ssl3_take_mac(SSL *s)
216 } 215 }
217 216
218 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, 217 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
219 sender, slen, s->s3->tmp.peer_finish_md); 218 sender, slen, s->s3->tmp.peer_finish_md);
220} 219}
221#endif 220#endif
222 221
@@ -250,7 +249,7 @@ ssl3_get_finished(SSL *s, int a, int b)
250 p = (unsigned char *)s->init_msg; 249 p = (unsigned char *)s->init_msg;
251 i = s->s3->tmp.peer_finish_md_len; 250 i = s->s3->tmp.peer_finish_md_len;
252 251
253 if (i != n) { 252 if (i != n || i > EVP_MAX_MD_SIZE) {
254 al = SSL_AD_DECODE_ERROR; 253 al = SSL_AD_DECODE_ERROR;
255 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH); 254 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
256 goto f_err; 255 goto f_err;
@@ -265,14 +264,12 @@ ssl3_get_finished(SSL *s, int a, int b)
265 /* Copy the finished so we can use it for 264 /* Copy the finished so we can use it for
266 renegotiation checks */ 265 renegotiation checks */
267 if (s->type == SSL_ST_ACCEPT) { 266 if (s->type == SSL_ST_ACCEPT) {
268 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
269 memcpy(s->s3->previous_client_finished, 267 memcpy(s->s3->previous_client_finished,
270 s->s3->tmp.peer_finish_md, i); 268 s->s3->tmp.peer_finish_md, i);
271 s->s3->previous_client_finished_len = i; 269 s->s3->previous_client_finished_len = i;
272 } else { 270 } else {
273 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
274 memcpy(s->s3->previous_server_finished, 271 memcpy(s->s3->previous_server_finished,
275 s->s3->tmp.peer_finish_md, i); 272 s->s3->tmp.peer_finish_md, i);
276 s->s3->previous_server_finished_len = i; 273 s->s3->previous_server_finished_len = i;
277 } 274 }
278 275
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index d9fedfbb1a..913a256f28 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_enc.c,v 1.52 2014/07/10 08:51:14 tedu Exp $ */ 1/* $OpenBSD: s3_enc.c,v 1.53 2014/08/07 19:46:31 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -607,7 +607,7 @@ ssl3_handshake_mac(SSL *s, int md_nid, const char *sender, int len,
607 if (!EVP_MD_CTX_copy_ex(&ctx, d)) 607 if (!EVP_MD_CTX_copy_ex(&ctx, d))
608 return 0; 608 return 0;
609 n = EVP_MD_CTX_size(&ctx); 609 n = EVP_MD_CTX_size(&ctx);
610 if (n < 0) 610 if (n <= 0)
611 return 0; 611 return 0;
612 612
613 npad = (48 / n) * n; 613 npad = (48 / n) * n;
@@ -655,7 +655,7 @@ n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
655 } 655 }
656 656
657 t = EVP_MD_CTX_size(hash); 657 t = EVP_MD_CTX_size(hash);
658 if (t < 0) 658 if (t <= 0)
659 return -1; 659 return -1;
660 md_size = t; 660 md_size = t;
661 npad = (48 / md_size) * md_size; 661 npad = (48 / md_size) * md_size;
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index 8a40b758a9..aa091f51c7 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.71 2014/07/13 16:03:10 beck Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.72 2014/08/07 19:46:31 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2333,7 +2333,7 @@ ssl3_new(SSL *s)
2333 SSL3_STATE *s3; 2333 SSL3_STATE *s3;
2334 2334
2335 if ((s3 = calloc(1, sizeof *s3)) == NULL) 2335 if ((s3 = calloc(1, sizeof *s3)) == NULL)
2336 goto err; 2336 return 0;
2337 memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num)); 2337 memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
2338 memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num)); 2338 memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
2339 2339
@@ -2341,8 +2341,6 @@ ssl3_new(SSL *s)
2341 2341
2342 s->method->ssl_clear(s); 2342 s->method->ssl_clear(s);
2343 return (1); 2343 return (1);
2344err:
2345 return (0);
2346} 2344}
2347 2345
2348void 2346void
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c
index e4b54691c6..bec8328269 100644
--- a/src/lib/libssl/src/ssl/t1_enc.c
+++ b/src/lib/libssl/src/ssl/t1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_enc.c,v 1.67 2014/07/10 10:09:54 jsing Exp $ */ 1/* $OpenBSD: t1_enc.c,v 1.68 2014/08/07 19:46:31 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -319,7 +319,7 @@ tls1_aead_ctx_init(SSL_AEAD_CTX **aead_ctx)
319 319
320static int 320static int
321tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key, 321tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,
322 unsigned key_len, const unsigned char *iv, unsigned iv_len) 322 unsigned int key_len, const unsigned char *iv, unsigned int iv_len)
323{ 323{
324 const EVP_AEAD *aead = s->s3->tmp.new_aead; 324 const EVP_AEAD *aead = s->s3->tmp.new_aead;
325 SSL_AEAD_CTX *aead_ctx; 325 SSL_AEAD_CTX *aead_ctx;
@@ -856,6 +856,7 @@ tls1_enc(SSL *s, int send)
856 rec->length += pad; 856 rec->length += pad;
857 } 857 }
858 } else if ((bs != 1) && send) { 858 } else if ((bs != 1) && send) {
859 /* XXX divide by zero if bs == 0 (should not happen) */
859 i = bs - ((int)l % bs); 860 i = bs - ((int)l % bs);
860 861
861 /* Add weird padding of upto 256 bytes */ 862 /* Add weird padding of upto 256 bytes */
@@ -1120,7 +1121,7 @@ tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1120 currentvalpos++; 1121 currentvalpos++;
1121 val[currentvalpos] = contextlen & 0xff; 1122 val[currentvalpos] = contextlen & 0xff;
1122 currentvalpos++; 1123 currentvalpos++;
1123 if ((contextlen > 0) || (context != NULL)) { 1124 if (contextlen != 0 && context != NULL) {
1124 memcpy(val + currentvalpos, context, contextlen); 1125 memcpy(val + currentvalpos, context, contextlen);
1125 } 1126 }
1126 } 1127 }
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index e4b54691c6..bec8328269 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_enc.c,v 1.67 2014/07/10 10:09:54 jsing Exp $ */ 1/* $OpenBSD: t1_enc.c,v 1.68 2014/08/07 19:46:31 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -319,7 +319,7 @@ tls1_aead_ctx_init(SSL_AEAD_CTX **aead_ctx)
319 319
320static int 320static int
321tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key, 321tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,
322 unsigned key_len, const unsigned char *iv, unsigned iv_len) 322 unsigned int key_len, const unsigned char *iv, unsigned int iv_len)
323{ 323{
324 const EVP_AEAD *aead = s->s3->tmp.new_aead; 324 const EVP_AEAD *aead = s->s3->tmp.new_aead;
325 SSL_AEAD_CTX *aead_ctx; 325 SSL_AEAD_CTX *aead_ctx;
@@ -856,6 +856,7 @@ tls1_enc(SSL *s, int send)
856 rec->length += pad; 856 rec->length += pad;
857 } 857 }
858 } else if ((bs != 1) && send) { 858 } else if ((bs != 1) && send) {
859 /* XXX divide by zero if bs == 0 (should not happen) */
859 i = bs - ((int)l % bs); 860 i = bs - ((int)l % bs);
860 861
861 /* Add weird padding of upto 256 bytes */ 862 /* Add weird padding of upto 256 bytes */
@@ -1120,7 +1121,7 @@ tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1120 currentvalpos++; 1121 currentvalpos++;
1121 val[currentvalpos] = contextlen & 0xff; 1122 val[currentvalpos] = contextlen & 0xff;
1122 currentvalpos++; 1123 currentvalpos++;
1123 if ((contextlen > 0) || (context != NULL)) { 1124 if (contextlen != 0 && context != NULL) {
1124 memcpy(val + currentvalpos, context, contextlen); 1125 memcpy(val + currentvalpos, context, contextlen);
1125 } 1126 }
1126 } 1127 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 19:40:48 +0000