summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authorjsing <>2014-11-27 16:13:36 +0000
committerjsing <>2014-11-27 16:13:36 +0000
commit2c7127ff682d568ae1a0c5f87f0a41ae420050c7 (patch)
treefbfbaa76cf6ecffa57d79574d681dd7644a9a905 /src/lib
parentd535de59dc5c181a7d99c29fd96670de7865ee1c (diff)
downloadopenbsd-2c7127ff682d568ae1a0c5f87f0a41ae420050c7.tar.gz
openbsd-2c7127ff682d568ae1a0c5f87f0a41ae420050c7.tar.bz2
openbsd-2c7127ff682d568ae1a0c5f87f0a41ae420050c7.zip
Ensure that sess_cert is not NULL at the start of
ssl3_send_client_key_exchange(), rather than checking it in the key exchange algorithm specific code. ok beck@ miod@
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libssl/s3_clnt.c34
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c34
2 files changed, 18 insertions, 50 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 49efb26277..1b94200f14 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.95 2014/11/19 05:51:25 doug Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.96 2014/11/27 16:13:36 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1964,18 +1964,18 @@ ssl3_send_client_key_exchange(SSL *s)
1964 1964
1965 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 1965 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1966 1966
1967 if (s->session->sess_cert == NULL) {
1968 ssl3_send_alert(s, SSL3_AL_FATAL,
1969 SSL_AD_UNEXPECTED_MESSAGE);
1970 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
1971 ERR_R_INTERNAL_ERROR);
1972 goto err;
1973 }
1974
1967 if (alg_k & SSL_kRSA) { 1975 if (alg_k & SSL_kRSA) {
1968 RSA *rsa; 1976 RSA *rsa;
1969 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 1977 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
1970 1978
1971 if (s->session->sess_cert == NULL) {
1972 /* We should always have a server
1973 * certificate with SSL_kRSA. */
1974 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
1975 ERR_R_INTERNAL_ERROR);
1976 goto err;
1977 }
1978
1979 if (s->session->sess_cert->peer_rsa_tmp != NULL) 1979 if (s->session->sess_cert->peer_rsa_tmp != NULL)
1980 rsa = s->session->sess_cert->peer_rsa_tmp; 1980 rsa = s->session->sess_cert->peer_rsa_tmp;
1981 else { 1981 else {
@@ -2026,14 +2026,6 @@ ssl3_send_client_key_exchange(SSL *s)
2026 } else if (alg_k & SSL_kDHE) { 2026 } else if (alg_k & SSL_kDHE) {
2027 DH *dh_srvr, *dh_clnt; 2027 DH *dh_srvr, *dh_clnt;
2028 2028
2029 if (s->session->sess_cert == NULL) {
2030 ssl3_send_alert(s, SSL3_AL_FATAL,
2031 SSL_AD_UNEXPECTED_MESSAGE);
2032 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2033 SSL_R_UNEXPECTED_MESSAGE);
2034 goto err;
2035 }
2036
2037 if (s->session->sess_cert->peer_dh_tmp != NULL) 2029 if (s->session->sess_cert->peer_dh_tmp != NULL)
2038 dh_srvr = s->session->sess_cert->peer_dh_tmp; 2030 dh_srvr = s->session->sess_cert->peer_dh_tmp;
2039 else { 2031 else {
@@ -2093,14 +2085,6 @@ ssl3_send_client_key_exchange(SSL *s)
2093 int ecdh_clnt_cert = 0; 2085 int ecdh_clnt_cert = 0;
2094 int field_size = 0; 2086 int field_size = 0;
2095 2087
2096 if (s->session->sess_cert == NULL) {
2097 ssl3_send_alert(s, SSL3_AL_FATAL,
2098 SSL_AD_UNEXPECTED_MESSAGE);
2099 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2100 SSL_R_UNEXPECTED_MESSAGE);
2101 goto err;
2102 }
2103
2104 /* 2088 /*
2105 * Did we send out the client's ECDH share for use 2089 * Did we send out the client's ECDH share for use
2106 * in premaster computation as part of client 2090 * in premaster computation as part of client
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 49efb26277..1b94200f14 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.95 2014/11/19 05:51:25 doug Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.96 2014/11/27 16:13:36 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1964,18 +1964,18 @@ ssl3_send_client_key_exchange(SSL *s)
1964 1964
1965 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 1965 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1966 1966
1967 if (s->session->sess_cert == NULL) {
1968 ssl3_send_alert(s, SSL3_AL_FATAL,
1969 SSL_AD_UNEXPECTED_MESSAGE);
1970 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
1971 ERR_R_INTERNAL_ERROR);
1972 goto err;
1973 }
1974
1967 if (alg_k & SSL_kRSA) { 1975 if (alg_k & SSL_kRSA) {
1968 RSA *rsa; 1976 RSA *rsa;
1969 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 1977 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
1970 1978
1971 if (s->session->sess_cert == NULL) {
1972 /* We should always have a server
1973 * certificate with SSL_kRSA. */
1974 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
1975 ERR_R_INTERNAL_ERROR);
1976 goto err;
1977 }
1978
1979 if (s->session->sess_cert->peer_rsa_tmp != NULL) 1979 if (s->session->sess_cert->peer_rsa_tmp != NULL)
1980 rsa = s->session->sess_cert->peer_rsa_tmp; 1980 rsa = s->session->sess_cert->peer_rsa_tmp;
1981 else { 1981 else {
@@ -2026,14 +2026,6 @@ ssl3_send_client_key_exchange(SSL *s)
2026 } else if (alg_k & SSL_kDHE) { 2026 } else if (alg_k & SSL_kDHE) {
2027 DH *dh_srvr, *dh_clnt; 2027 DH *dh_srvr, *dh_clnt;
2028 2028
2029 if (s->session->sess_cert == NULL) {
2030 ssl3_send_alert(s, SSL3_AL_FATAL,
2031 SSL_AD_UNEXPECTED_MESSAGE);
2032 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2033 SSL_R_UNEXPECTED_MESSAGE);
2034 goto err;
2035 }
2036
2037 if (s->session->sess_cert->peer_dh_tmp != NULL) 2029 if (s->session->sess_cert->peer_dh_tmp != NULL)
2038 dh_srvr = s->session->sess_cert->peer_dh_tmp; 2030 dh_srvr = s->session->sess_cert->peer_dh_tmp;
2039 else { 2031 else {
@@ -2093,14 +2085,6 @@ ssl3_send_client_key_exchange(SSL *s)
2093 int ecdh_clnt_cert = 0; 2085 int ecdh_clnt_cert = 0;
2094 int field_size = 0; 2086 int field_size = 0;
2095 2087
2096 if (s->session->sess_cert == NULL) {
2097 ssl3_send_alert(s, SSL3_AL_FATAL,
2098 SSL_AD_UNEXPECTED_MESSAGE);
2099 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2100 SSL_R_UNEXPECTED_MESSAGE);
2101 goto err;
2102 }
2103
2104 /* 2088 /*
2105 * Did we send out the client's ECDH share for use 2089 * Did we send out the client's ECDH share for use
2106 * in premaster computation as part of client 2090 * in premaster computation as part of client
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 08:53:04 +0000