diff options
| author | jsing <> | 2014-11-27 16:13:36 +0000 |
|---|---|---|
| committer | jsing <> | 2014-11-27 16:13:36 +0000 |
| commit | 6556bb6672839f2038f454f03642289cfb13d550 (patch) | |
| tree | fbfbaa76cf6ecffa57d79574d681dd7644a9a905 /src | |
| parent | 592644a0e4a109bebb8c932afbc4ca360039d3f9 (diff) | |
| download | openbsd-6556bb6672839f2038f454f03642289cfb13d550.tar.gz openbsd-6556bb6672839f2038f454f03642289cfb13d550.tar.bz2 openbsd-6556bb6672839f2038f454f03642289cfb13d550.zip | |
Ensure that sess_cert is not NULL at the start of
ssl3_send_client_key_exchange(), rather than checking it in the key
exchange algorithm specific code.
ok beck@ miod@
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 34 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_clnt.c | 34 |
2 files changed, 18 insertions, 50 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 49efb26277..1b94200f14 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.95 2014/11/19 05:51:25 doug Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.96 2014/11/27 16:13:36 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1964,18 +1964,18 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 1964 | 1964 | ||
| 1965 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 1965 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; |
| 1966 | 1966 | ||
| 1967 | if (s->session->sess_cert == NULL) { | ||
| 1968 | ssl3_send_alert(s, SSL3_AL_FATAL, | ||
| 1969 | SSL_AD_UNEXPECTED_MESSAGE); | ||
| 1970 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 1971 | ERR_R_INTERNAL_ERROR); | ||
| 1972 | goto err; | ||
| 1973 | } | ||
| 1974 | |||
| 1967 | if (alg_k & SSL_kRSA) { | 1975 | if (alg_k & SSL_kRSA) { |
| 1968 | RSA *rsa; | 1976 | RSA *rsa; |
| 1969 | unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; | 1977 | unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; |
| 1970 | 1978 | ||
| 1971 | if (s->session->sess_cert == NULL) { | ||
| 1972 | /* We should always have a server | ||
| 1973 | * certificate with SSL_kRSA. */ | ||
| 1974 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 1975 | ERR_R_INTERNAL_ERROR); | ||
| 1976 | goto err; | ||
| 1977 | } | ||
| 1978 | |||
| 1979 | if (s->session->sess_cert->peer_rsa_tmp != NULL) | 1979 | if (s->session->sess_cert->peer_rsa_tmp != NULL) |
| 1980 | rsa = s->session->sess_cert->peer_rsa_tmp; | 1980 | rsa = s->session->sess_cert->peer_rsa_tmp; |
| 1981 | else { | 1981 | else { |
| @@ -2026,14 +2026,6 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 2026 | } else if (alg_k & SSL_kDHE) { | 2026 | } else if (alg_k & SSL_kDHE) { |
| 2027 | DH *dh_srvr, *dh_clnt; | 2027 | DH *dh_srvr, *dh_clnt; |
| 2028 | 2028 | ||
| 2029 | if (s->session->sess_cert == NULL) { | ||
| 2030 | ssl3_send_alert(s, SSL3_AL_FATAL, | ||
| 2031 | SSL_AD_UNEXPECTED_MESSAGE); | ||
| 2032 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2033 | SSL_R_UNEXPECTED_MESSAGE); | ||
| 2034 | goto err; | ||
| 2035 | } | ||
| 2036 | |||
| 2037 | if (s->session->sess_cert->peer_dh_tmp != NULL) | 2029 | if (s->session->sess_cert->peer_dh_tmp != NULL) |
| 2038 | dh_srvr = s->session->sess_cert->peer_dh_tmp; | 2030 | dh_srvr = s->session->sess_cert->peer_dh_tmp; |
| 2039 | else { | 2031 | else { |
| @@ -2093,14 +2085,6 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 2093 | int ecdh_clnt_cert = 0; | 2085 | int ecdh_clnt_cert = 0; |
| 2094 | int field_size = 0; | 2086 | int field_size = 0; |
| 2095 | 2087 | ||
| 2096 | if (s->session->sess_cert == NULL) { | ||
| 2097 | ssl3_send_alert(s, SSL3_AL_FATAL, | ||
| 2098 | SSL_AD_UNEXPECTED_MESSAGE); | ||
| 2099 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2100 | SSL_R_UNEXPECTED_MESSAGE); | ||
| 2101 | goto err; | ||
| 2102 | } | ||
| 2103 | |||
| 2104 | /* | 2088 | /* |
| 2105 | * Did we send out the client's ECDH share for use | 2089 | * Did we send out the client's ECDH share for use |
| 2106 | * in premaster computation as part of client | 2090 | * in premaster computation as part of client |
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c index 49efb26277..1b94200f14 100644 --- a/src/lib/libssl/src/ssl/s3_clnt.c +++ b/src/lib/libssl/src/ssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.95 2014/11/19 05:51:25 doug Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.96 2014/11/27 16:13:36 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1964,18 +1964,18 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 1964 | 1964 | ||
| 1965 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 1965 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; |
| 1966 | 1966 | ||
| 1967 | if (s->session->sess_cert == NULL) { | ||
| 1968 | ssl3_send_alert(s, SSL3_AL_FATAL, | ||
| 1969 | SSL_AD_UNEXPECTED_MESSAGE); | ||
| 1970 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 1971 | ERR_R_INTERNAL_ERROR); | ||
| 1972 | goto err; | ||
| 1973 | } | ||
| 1974 | |||
| 1967 | if (alg_k & SSL_kRSA) { | 1975 | if (alg_k & SSL_kRSA) { |
| 1968 | RSA *rsa; | 1976 | RSA *rsa; |
| 1969 | unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; | 1977 | unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; |
| 1970 | 1978 | ||
| 1971 | if (s->session->sess_cert == NULL) { | ||
| 1972 | /* We should always have a server | ||
| 1973 | * certificate with SSL_kRSA. */ | ||
| 1974 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 1975 | ERR_R_INTERNAL_ERROR); | ||
| 1976 | goto err; | ||
| 1977 | } | ||
| 1978 | |||
| 1979 | if (s->session->sess_cert->peer_rsa_tmp != NULL) | 1979 | if (s->session->sess_cert->peer_rsa_tmp != NULL) |
| 1980 | rsa = s->session->sess_cert->peer_rsa_tmp; | 1980 | rsa = s->session->sess_cert->peer_rsa_tmp; |
| 1981 | else { | 1981 | else { |
| @@ -2026,14 +2026,6 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 2026 | } else if (alg_k & SSL_kDHE) { | 2026 | } else if (alg_k & SSL_kDHE) { |
| 2027 | DH *dh_srvr, *dh_clnt; | 2027 | DH *dh_srvr, *dh_clnt; |
| 2028 | 2028 | ||
| 2029 | if (s->session->sess_cert == NULL) { | ||
| 2030 | ssl3_send_alert(s, SSL3_AL_FATAL, | ||
| 2031 | SSL_AD_UNEXPECTED_MESSAGE); | ||
| 2032 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2033 | SSL_R_UNEXPECTED_MESSAGE); | ||
| 2034 | goto err; | ||
| 2035 | } | ||
| 2036 | |||
| 2037 | if (s->session->sess_cert->peer_dh_tmp != NULL) | 2029 | if (s->session->sess_cert->peer_dh_tmp != NULL) |
| 2038 | dh_srvr = s->session->sess_cert->peer_dh_tmp; | 2030 | dh_srvr = s->session->sess_cert->peer_dh_tmp; |
| 2039 | else { | 2031 | else { |
| @@ -2093,14 +2085,6 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 2093 | int ecdh_clnt_cert = 0; | 2085 | int ecdh_clnt_cert = 0; |
| 2094 | int field_size = 0; | 2086 | int field_size = 0; |
| 2095 | 2087 | ||
| 2096 | if (s->session->sess_cert == NULL) { | ||
| 2097 | ssl3_send_alert(s, SSL3_AL_FATAL, | ||
| 2098 | SSL_AD_UNEXPECTED_MESSAGE); | ||
| 2099 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2100 | SSL_R_UNEXPECTED_MESSAGE); | ||
| 2101 | goto err; | ||
| 2102 | } | ||
| 2103 | |||
| 2104 | /* | 2088 | /* |
| 2105 | * Did we send out the client's ECDH share for use | 2089 | * Did we send out the client's ECDH share for use |
| 2106 | * in premaster computation as part of client | 2090 | * in premaster computation as part of client |