summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_srvr.c
diff options
context:
space:
mode:
authorjsing <>2021-10-23 08:34:36 +0000
committerjsing <>2021-10-23 08:34:36 +0000
commit3781592d1cd8ce107960abb543e4eccf20288a82 (patch)
tree84ea9950c0cb3d3c14ebfccb65a931db3ba71bfd /src/lib/libssl/ssl_srvr.c
parent5ee33af93b944cb8cf535f155eb2a489305b5ccc (diff)
downloadopenbsd-3781592d1cd8ce107960abb543e4eccf20288a82.tar.gz
openbsd-3781592d1cd8ce107960abb543e4eccf20288a82.tar.bz2
openbsd-3781592d1cd8ce107960abb543e4eccf20288a82.zip
Untangle ssl3_get_message() return values.
This function currently has a long return type that may be <= 0 on error/retry (which is then cast to an int in order to return it up the stack), or it returns the length of the handshake message (on success). This obviously means that 0 can be returned for both success and failure, which is the reason why a separate 'ok' argument has to exist. Untangle this mess by changing the return value to an int that indicates success (1) or error/retry (<= 0). The length never needs to actually be returned as it is already stored in s->internal->init_num (which is where the return value is read from anyway). ok tb@
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/ssl_srvr.c69
1 files changed, 33 insertions, 36 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 3a37fc7e09..1bbe551b3c 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_srvr.c,v 1.119 2021/09/03 13:18:01 jsing Exp $ */ 1/* $OpenBSD: ssl_srvr.c,v 1.120 2021/10/23 08:34:36 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -779,8 +779,7 @@ ssl3_get_client_hello(SSL *s)
779 uint16_t client_version; 779 uint16_t client_version;
780 uint8_t comp_method; 780 uint8_t comp_method;
781 int comp_null; 781 int comp_null;
782 int i, j, ok, al, ret = -1, cookie_valid = 0; 782 int i, j, al, ret, cookie_valid = 0;
783 long n;
784 unsigned long id; 783 unsigned long id;
785 SSL_CIPHER *c; 784 SSL_CIPHER *c;
786 STACK_OF(SSL_CIPHER) *ciphers = NULL; 785 STACK_OF(SSL_CIPHER) *ciphers = NULL;
@@ -795,22 +794,22 @@ ssl3_get_client_hello(SSL *s)
795 * If we are SSLv3, we will respond with SSLv3, even if prompted with 794 * If we are SSLv3, we will respond with SSLv3, even if prompted with
796 * TLSv1. 795 * TLSv1.
797 */ 796 */
798 if (S3I(s)->hs.state == SSL3_ST_SR_CLNT_HELLO_A) { 797 if (S3I(s)->hs.state == SSL3_ST_SR_CLNT_HELLO_A)
799 S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_B; 798 S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_B;
800 }
801 799
802 s->internal->first_packet = 1; 800 s->internal->first_packet = 1;
803 n = ssl3_get_message(s, SSL3_ST_SR_CLNT_HELLO_B, 801 if ((ret = ssl3_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
804 SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO, 802 SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO,
805 SSL3_RT_MAX_PLAIN_LENGTH, &ok); 803 SSL3_RT_MAX_PLAIN_LENGTH)) <= 0)
806 if (!ok) 804 return ret;
807 return ((int)n);
808 s->internal->first_packet = 0; 805 s->internal->first_packet = 0;
809 806
810 if (n < 0) 807 ret = -1;
808
809 if (s->internal->init_num < 0)
811 goto err; 810 goto err;
812 811
813 CBS_init(&cbs, s->internal->init_msg, n); 812 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
814 813
815 /* Parse client hello up until the extensions (if any). */ 814 /* Parse client hello up until the extensions (if any). */
816 if (!CBS_get_u16(&cbs, &client_version)) 815 if (!CBS_get_u16(&cbs, &client_version))
@@ -2055,20 +2054,18 @@ int
2055ssl3_get_client_key_exchange(SSL *s) 2054ssl3_get_client_key_exchange(SSL *s)
2056{ 2055{
2057 unsigned long alg_k; 2056 unsigned long alg_k;
2058 int al, ok; 2057 int al, ret;
2059 CBS cbs; 2058 CBS cbs;
2060 long n;
2061 2059
2062 /* 2048 maxlen is a guess. How long a key does that permit? */ 2060 /* 2048 maxlen is a guess. How long a key does that permit? */
2063 n = ssl3_get_message(s, SSL3_ST_SR_KEY_EXCH_A, 2061 if ((ret = ssl3_get_message(s, SSL3_ST_SR_KEY_EXCH_A,
2064 SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok); 2062 SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048)) <= 0)
2065 if (!ok) 2063 return ret;
2066 return ((int)n);
2067 2064
2068 if (n < 0) 2065 if (s->internal->init_num < 0)
2069 goto err; 2066 goto err;
2070 2067
2071 CBS_init(&cbs, s->internal->init_msg, n); 2068 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
2072 2069
2073 alg_k = S3I(s)->hs.cipher->algorithm_mkey; 2070 alg_k = S3I(s)->hs.cipher->algorithm_mkey;
2074 2071
@@ -2113,24 +2110,24 @@ ssl3_get_cert_verify(SSL *s)
2113 EVP_PKEY *pkey = NULL; 2110 EVP_PKEY *pkey = NULL;
2114 X509 *peer = NULL; 2111 X509 *peer = NULL;
2115 EVP_MD_CTX mctx; 2112 EVP_MD_CTX mctx;
2116 int al, ok, verify; 2113 int al, verify;
2117 const unsigned char *hdata; 2114 const unsigned char *hdata;
2118 size_t hdatalen; 2115 size_t hdatalen;
2119 int type = 0; 2116 int type = 0;
2120 int ret = 0; 2117 int ret;
2121 long n;
2122 2118
2123 EVP_MD_CTX_init(&mctx); 2119 EVP_MD_CTX_init(&mctx);
2124 2120
2125 n = ssl3_get_message(s, SSL3_ST_SR_CERT_VRFY_A, 2121 if ((ret = ssl3_get_message(s, SSL3_ST_SR_CERT_VRFY_A,
2126 SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH, &ok); 2122 SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH)) <= 0)
2127 if (!ok) 2123 return ret;
2128 return ((int)n);
2129 2124
2130 if (n < 0) 2125 ret = 0;
2126
2127 if (s->internal->init_num < 0)
2131 goto err; 2128 goto err;
2132 2129
2133 CBS_init(&cbs, s->internal->init_msg, n); 2130 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
2134 2131
2135 if (s->session->peer != NULL) { 2132 if (s->session->peer != NULL) {
2136 peer = s->session->peer; 2133 peer = s->session->peer;
@@ -2329,16 +2326,16 @@ int
2329ssl3_get_client_certificate(SSL *s) 2326ssl3_get_client_certificate(SSL *s)
2330{ 2327{
2331 CBS cbs, client_certs; 2328 CBS cbs, client_certs;
2332 int i, ok, al, ret = -1;
2333 X509 *x = NULL; 2329 X509 *x = NULL;
2334 long n;
2335 const unsigned char *q; 2330 const unsigned char *q;
2336 STACK_OF(X509) *sk = NULL; 2331 STACK_OF(X509) *sk = NULL;
2332 int i, al, ret;
2333
2334 if ((ret = ssl3_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
2335 -1, s->internal->max_cert_list)) <= 0)
2336 return ret;
2337 2337
2338 n = ssl3_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B, 2338 ret = -1;
2339 -1, s->internal->max_cert_list, &ok);
2340 if (!ok)
2341 return ((int)n);
2342 2339
2343 if (S3I(s)->hs.tls12.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) { 2340 if (S3I(s)->hs.tls12.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
2344 if ((s->verify_mode & SSL_VERIFY_PEER) && 2341 if ((s->verify_mode & SSL_VERIFY_PEER) &&
@@ -2367,10 +2364,10 @@ ssl3_get_client_certificate(SSL *s)
2367 goto fatal_err; 2364 goto fatal_err;
2368 } 2365 }
2369 2366
2370 if (n < 0) 2367 if (s->internal->init_num < 0)
2371 goto decode_err; 2368 goto decode_err;
2372 2369
2373 CBS_init(&cbs, s->internal->init_msg, n); 2370 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
2374 2371
2375 if ((sk = sk_X509_new_null()) == NULL) { 2372 if ((sk = sk_X509_new_null()) == NULL) {
2376 SSLerror(s, ERR_R_MALLOC_FAILURE); 2373 SSLerror(s, ERR_R_MALLOC_FAILURE);