summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_srvr.c
diff options
context:
space:
mode:
authorjsing <>2016-12-07 13:18:38 +0000
committerjsing <>2016-12-07 13:18:38 +0000
commitf61118643ea61726c59beeeaf3526e3a5779e2b2 (patch)
tree0541f951577d3d0754e0d47268a83f344cda55f8 /src/lib/libssl/s3_srvr.c
parent973c85af096ef1e747e63f50a048089783f0ea29 (diff)
downloadopenbsd-f61118643ea61726c59beeeaf3526e3a5779e2b2.tar.gz
openbsd-f61118643ea61726c59beeeaf3526e3a5779e2b2.tar.bz2
openbsd-f61118643ea61726c59beeeaf3526e3a5779e2b2.zip
Ensure that we zero memory that contiansthe ASN.1 encoded session, since
this contains the session master key. ok deraadt@ doug@
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/s3_srvr.c55
1 files changed, 29 insertions, 26 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index c979031933..3dd085115d 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.136 2016/12/06 13:17:52 jsing Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.137 2016/12/07 13:18:38 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2564,18 +2564,19 @@ ssl3_send_server_certificate(SSL *s)
2564int 2564int
2565ssl3_send_newsession_ticket(SSL *s) 2565ssl3_send_newsession_ticket(SSL *s)
2566{ 2566{
2567 if (s->state == SSL3_ST_SW_SESSION_TICKET_A) { 2567 unsigned char *d, *p, *macstart;
2568 unsigned char *d, *p, *senc, *macstart; 2568 unsigned char *senc = NULL;
2569 const unsigned char *const_p; 2569 const unsigned char *const_p;
2570 int len, slen_full, slen; 2570 int len, slen_full, slen;
2571 SSL_SESSION *sess; 2571 SSL_SESSION *sess;
2572 unsigned int hlen; 2572 unsigned int hlen;
2573 EVP_CIPHER_CTX ctx; 2573 EVP_CIPHER_CTX ctx;
2574 HMAC_CTX hctx; 2574 HMAC_CTX hctx;
2575 SSL_CTX *tctx = s->initial_ctx; 2575 SSL_CTX *tctx = s->initial_ctx;
2576 unsigned char iv[EVP_MAX_IV_LENGTH]; 2576 unsigned char iv[EVP_MAX_IV_LENGTH];
2577 unsigned char key_name[16]; 2577 unsigned char key_name[16];
2578 2578
2579 if (s->state == SSL3_ST_SW_SESSION_TICKET_A) {
2579 /* get session encoding length */ 2580 /* get session encoding length */
2580 slen_full = i2d_SSL_SESSION(s->session, NULL); 2581 slen_full = i2d_SSL_SESSION(s->session, NULL);
2581 /* 2582 /*
@@ -2583,10 +2584,10 @@ ssl3_send_newsession_ticket(SSL *s)
2583 * too long 2584 * too long
2584 */ 2585 */
2585 if (slen_full > 0xFF00) 2586 if (slen_full > 0xFF00)
2586 return (-1); 2587 goto err;
2587 senc = malloc(slen_full); 2588 senc = malloc(slen_full);
2588 if (!senc) 2589 if (!senc)
2589 return (-1); 2590 goto err;
2590 p = senc; 2591 p = senc;
2591 i2d_SSL_SESSION(s->session, &p); 2592 i2d_SSL_SESSION(s->session, &p);
2592 2593
@@ -2596,10 +2597,8 @@ ssl3_send_newsession_ticket(SSL *s)
2596 */ 2597 */
2597 const_p = senc; 2598 const_p = senc;
2598 sess = d2i_SSL_SESSION(NULL, &const_p, slen_full); 2599 sess = d2i_SSL_SESSION(NULL, &const_p, slen_full);
2599 if (sess == NULL) { 2600 if (sess == NULL)
2600 free(senc); 2601 goto err;
2601 return (-1);
2602 }
2603 2602
2604 /* ID is irrelevant for the ticket */ 2603 /* ID is irrelevant for the ticket */
2605 sess->session_id_length = 0; 2604 sess->session_id_length = 0;
@@ -2607,8 +2606,7 @@ ssl3_send_newsession_ticket(SSL *s)
2607 slen = i2d_SSL_SESSION(sess, NULL); 2606 slen = i2d_SSL_SESSION(sess, NULL);
2608 if (slen > slen_full) { 2607 if (slen > slen_full) {
2609 /* shouldn't ever happen */ 2608 /* shouldn't ever happen */
2610 free(senc); 2609 goto err;
2611 return (-1);
2612 } 2610 }
2613 p = senc; 2611 p = senc;
2614 i2d_SSL_SESSION(sess, &p); 2612 i2d_SSL_SESSION(sess, &p);
@@ -2624,10 +2622,8 @@ ssl3_send_newsession_ticket(SSL *s)
2624 */ 2622 */
2625 if (!BUF_MEM_grow(s->init_buf, ssl3_handshake_msg_hdr_len(s) + 2623 if (!BUF_MEM_grow(s->init_buf, ssl3_handshake_msg_hdr_len(s) +
2626 22 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH + 2624 22 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
2627 EVP_MAX_MD_SIZE + slen)) { 2625 EVP_MAX_MD_SIZE + slen))
2628 free(senc); 2626 goto err;
2629 return (-1);
2630 }
2631 2627
2632 d = p = ssl3_handshake_msg_start(s, SSL3_MT_NEWSESSION_TICKET); 2628 d = p = ssl3_handshake_msg_start(s, SSL3_MT_NEWSESSION_TICKET);
2633 2629
@@ -2642,9 +2638,8 @@ ssl3_send_newsession_ticket(SSL *s)
2642 if (tctx->tlsext_ticket_key_cb) { 2638 if (tctx->tlsext_ticket_key_cb) {
2643 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, 2639 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
2644 &hctx, 1) < 0) { 2640 &hctx, 1) < 0) {
2645 free(senc);
2646 EVP_CIPHER_CTX_cleanup(&ctx); 2641 EVP_CIPHER_CTX_cleanup(&ctx);
2647 return (-1); 2642 goto err;
2648 } 2643 }
2649 } else { 2644 } else {
2650 arc4random_buf(iv, 16); 2645 arc4random_buf(iv, 16);
@@ -2696,11 +2691,19 @@ ssl3_send_newsession_ticket(SSL *s)
2696 2691
2697 s->state = SSL3_ST_SW_SESSION_TICKET_B; 2692 s->state = SSL3_ST_SW_SESSION_TICKET_B;
2698 2693
2694 explicit_bzero(senc, slen_full);
2699 free(senc); 2695 free(senc);
2700 } 2696 }
2701 2697
2702 /* SSL3_ST_SW_SESSION_TICKET_B */ 2698 /* SSL3_ST_SW_SESSION_TICKET_B */
2703 return (ssl3_handshake_write(s)); 2699 return (ssl3_handshake_write(s));
2700
2701 err:
2702 if (senc != NULL)
2703 explicit_bzero(senc, slen_full);
2704 free(senc);
2705
2706 return (-1);
2704} 2707}
2705 2708
2706int 2709int
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-26 18:30:26 +0000