Clean up the TLS handshake digest handling - this refactors some of the

code for improved readability, however it also address two issues. The first of these is a hard-to-hit double free that will occur if EVP_DigestInit_ex() fails. To avoid this and to be more robust, ensure that tls1_digest_cached_records() either completes successfully and sets up all of the necessary digests, or it cleans up and frees everything that was allocated. The second issue is that EVP_DigestUpdate() can fail - detect and handle this in tls1_finish_mac() and change the return type to an int so that a failure can be propagated to the caller (the callers still need to be fixed to handle this, in a later diff). The double-free was reported by Matthew Dillon. ok beck@ doug@ miod@
author: jsing <> 2016-11-03 08:15:22 +0000
committer: jsing <> 2016-11-03 08:15:22 +0000
commit: 463a204c858ff0b4b4b13aed4ed5f6d5670a5c8b (patch)
tree: 2c9e9177516e955488acfb0b61a4dbeb7b177ab5 /src/lib/libssl/ssl_locl.h
parent: 16110475192553519ce33e3c5ab81eed49bdba30 (diff)
download: openbsd-463a204c858ff0b4b4b13aed4ed5f6d5670a5c8b.tar.gz
openbsd-463a204c858ff0b4b4b13aed4ed5f6d5670a5c8b.tar.bz2
openbsd-463a204c858ff0b4b4b13aed4ed5f6d5670a5c8b.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 1b768e3939..b79e9269ce 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.130 2016/10/19 16:38:40 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.131 2016/11/03 08:15:22 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -754,7 +754,7 @@ int ssl_init_wbio_buffer(SSL *s, int push);
 void ssl_free_wbio_buffer(SSL *s);
 int tls1_init_finished_mac(SSL *s);
-void tls1_finish_mac(SSL *s, const unsigned char *buf, int len);
+int tls1_finish_mac(SSL *s, const unsigned char *buf, int len);
 void tls1_free_digest_list(SSL *s);
 void tls1_cleanup_key_block(SSL *s);
 int tls1_digest_cached_records(SSL *s);
author	jsing <>	2016-11-03 08:15:22 +0000
committer	jsing <>	2016-11-03 08:15:22 +0000
commit	463a204c858ff0b4b4b13aed4ed5f6d5670a5c8b (patch)
tree	2c9e9177516e955488acfb0b61a4dbeb7b177ab5 /src/lib/libssl/ssl_locl.h
parent	16110475192553519ce33e3c5ab81eed49bdba30 (diff)
download	openbsd-463a204c858ff0b4b4b13aed4ed5f6d5670a5c8b.tar.gz openbsd-463a204c858ff0b4b4b13aed4ed5f6d5670a5c8b.tar.bz2 openbsd-463a204c858ff0b4b4b13aed4ed5f6d5670a5c8b.zip

diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 1b768e3939..b79e9269ce 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.130 2016/10/19 16:38:40 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.131 2016/11/03 08:15:22 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -754,7 +754,7 @@ int ssl_init_wbio_buffer(SSL *s, int push);
754	void ssl_free_wbio_buffer(SSL *s);	754	void ssl_free_wbio_buffer(SSL *s);
755		755
756	int tls1_init_finished_mac(SSL *s);	756	int tls1_init_finished_mac(SSL *s);
757	void tls1_finish_mac(SSL s, const unsigned char buf, int len);	757	int tls1_finish_mac(SSL s, const unsigned char buf, int len);
758	void tls1_free_digest_list(SSL *s);	758	void tls1_free_digest_list(SSL *s);
759	void tls1_cleanup_key_block(SSL *s);	759	void tls1_cleanup_key_block(SSL *s);
760	int tls1_digest_cached_records(SSL *s);	760	int tls1_digest_cached_records(SSL *s);