Replace the following logic:

if (nothing to allocate) ptr = malloc(1) else { if ((ptr = malloc(size to allocate)) memcpy(ptr, data to copy, size to allocate) } if (ptr == NULL) OMG ERROR with a saner logic where the NULL pointer check if moved to the actual malloc branch, so that we do not need to malloc a single byte, just to avoid having a NULL pointer. Whoever thought allocating a single byte was a smart idea was obviously not taking his meds. ok beck@ guenther@
author: miod <> 2014-05-26 20:54:06 +0000
committer: miod <> 2014-05-26 20:54:06 +0000
commit: cc64a1f7cecec63541a2635f124c914c60d4952a (patch)
tree: c839ab4f405bfea1c43fddd81eb73b59b27f5ef3 /src
parent: 5678643e1eb5747220973202370142ccae43cddd (diff)
download: openbsd-cc64a1f7cecec63541a2635f124c914c60d4952a.tar.gz
openbsd-cc64a1f7cecec63541a2635f124c914c60d4952a.tar.bz2
openbsd-cc64a1f7cecec63541a2635f124c914c60d4952a.zip
4 files changed, 98 insertions, 68 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 8b67e7c36a..d8a186040b 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -2633,16 +2633,18 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                if (s->tlsext_opaque_prf_input != NULL)
                        free(s->tlsext_opaque_prf_input);
                if ((size_t)larg == 0) {
-                        /* dummy byte just to get non-NULL */
+                        s->tlsext_opaque_prf_input = NULL;
-                        s->tlsext_opaque_prf_input = malloc(1);
+                        s->tlsext_opaque_prf_input_len = 0;
-                } else
+                        ret = 1;
+                } else {
                        s->tlsext_opaque_prf_input =
                            BUF_memdup(parg, (size_t)larg);
-                if (s->tlsext_opaque_prf_input != NULL) {
+                        if (s->tlsext_opaque_prf_input != NULL) {
-                        s->tlsext_opaque_prf_input_len = (size_t)larg;
+                                s->tlsext_opaque_prf_input_len = (size_t)larg;
-                        ret = 1;
+                                ret = 1;
-                } else
+                        } else
-                        s->tlsext_opaque_prf_input_len = 0;
+                                s->tlsext_opaque_prf_input_len = 0;
+                }
                break;
 #endif
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index 8b67e7c36a..d8a186040b 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -2633,16 +2633,18 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                if (s->tlsext_opaque_prf_input != NULL)
                        free(s->tlsext_opaque_prf_input);
                if ((size_t)larg == 0) {
-                        /* dummy byte just to get non-NULL */
+                        s->tlsext_opaque_prf_input = NULL;
-                        s->tlsext_opaque_prf_input = malloc(1);
+                        s->tlsext_opaque_prf_input_len = 0;
-                } else
+                        ret = 1;
+                } else {
                        s->tlsext_opaque_prf_input =
                            BUF_memdup(parg, (size_t)larg);
-                if (s->tlsext_opaque_prf_input != NULL) {
+                        if (s->tlsext_opaque_prf_input != NULL) {
-                        s->tlsext_opaque_prf_input_len = (size_t)larg;
+                                s->tlsext_opaque_prf_input_len = (size_t)larg;
-                        ret = 1;
+                                ret = 1;
-                } else
+                        } else
-                        s->tlsext_opaque_prf_input_len = 0;
+                                s->tlsext_opaque_prf_input_len = 0;
+                }
                break;
 #endif
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c
index 99298c1791..c45708bf78 100644
--- a/src/lib/libssl/src/ssl/t1_lib.c
+++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -1154,12 +1154,15 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                        if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
                                free(s->s3->client_opaque_prf_input);
                        if (s->s3->client_opaque_prf_input_len == 0)
-                                s->s3->client_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */
+                                s->s3->client_opaque_prf_input = NULL;
-                        else
+                        else {
-                                s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len);
+                                s->s3->client_opaque_prf_input =
-                        if (s->s3->client_opaque_prf_input == NULL) {
+                                    BUF_memdup(sdata,
-                                *al = TLS1_AD_INTERNAL_ERROR;
+                                      s->s3->client_opaque_prf_input_len);
-                                return 0;
+                                if (s->s3->client_opaque_prf_input == NULL) {
+                                        *al = TLS1_AD_INTERNAL_ERROR;
+                                        return 0;
+                                }
                        }
                }
 #endif
@@ -1458,13 +1461,15 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                        if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
                                free(s->s3->server_opaque_prf_input);
                        if (s->s3->server_opaque_prf_input_len == 0)
-                                s->s3->server_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */
+                                s->s3->server_opaque_prf_input = NULL;
-                        else
+                        else {
-                                s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len);
+                                s->s3->server_opaque_prf_input =
+                                    BUF_memdup(sdata,
-                        if (s->s3->server_opaque_prf_input == NULL) {
+                                      s->s3->server_opaque_prf_input_len);
-                                *al = TLS1_AD_INTERNAL_ERROR;
+                                if (s->s3->server_opaque_prf_input == NULL) {
-                                return 0;
+                                        *al = TLS1_AD_INTERNAL_ERROR;
+                                        return 0;
+                                }
                        }
                }
 #endif
@@ -1639,12 +1644,16 @@ ssl_prepare_clienthello_tlsext(SSL *s)
                                free(s->s3->client_opaque_prf_input);
                        if (s->tlsext_opaque_prf_input_len == 0)
-                                s->s3->client_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */
+                                s->s3->client_opaque_prf_input = NULL;
-                        else
+                        else {
-                                s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
+                                s->s3->client_opaque_prf_input =
-                        if (s->s3->client_opaque_prf_input == NULL) {
+                                    BUF_memdup(s->tlsext_opaque_prf_input,
-                                SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT, ERR_R_MALLOC_FAILURE);
+                                      s->tlsext_opaque_prf_input_len);
-                                return -1;
+                                if (s->s3->client_opaque_prf_input == NULL) {
+                                        SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,
+                                            ERR_R_MALLOC_FAILURE);
+                                        return -1;
+                                }
                        }
                        s->s3->client_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
                }
@@ -1740,13 +1749,17 @@ ssl_check_clienthello_tlsext_early(SSL *s)
                                 * of the same length as the client opaque PRF input! */
                                if (s->tlsext_opaque_prf_input_len == 0)
-                                        s->s3->server_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */
+                                        s->s3->server_opaque_prf_input = NULL;
-                                else
+                                else {
-                                        s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
+                                        s->s3->server_opaque_prf_input =
-                                if (s->s3->server_opaque_prf_input == NULL) {
+                                            BUF_memdup(s->tlsext_opaque_prf_input,
-                                        ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+                                              s->tlsext_opaque_prf_input_len);
-                                        al = SSL_AD_INTERNAL_ERROR;
+                                        if (s->s3->server_opaque_prf_input ==
-                                        goto err;
+                                            NULL) {
+                                                ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+                                                al = SSL_AD_INTERNAL_ERROR;
+                                                goto err;
+                                        }
                                }
                                s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
                        }
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 99298c1791..c45708bf78 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1154,12 +1154,15 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                        if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
                                free(s->s3->client_opaque_prf_input);
                        if (s->s3->client_opaque_prf_input_len == 0)
-                                s->s3->client_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */
+                                s->s3->client_opaque_prf_input = NULL;
-                        else
+                        else {
-                                s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len);
+                                s->s3->client_opaque_prf_input =
-                        if (s->s3->client_opaque_prf_input == NULL) {
+                                    BUF_memdup(sdata,
-                                *al = TLS1_AD_INTERNAL_ERROR;
+                                      s->s3->client_opaque_prf_input_len);
-                                return 0;
+                                if (s->s3->client_opaque_prf_input == NULL) {
+                                        *al = TLS1_AD_INTERNAL_ERROR;
+                                        return 0;
+                                }
                        }
                }
 #endif
@@ -1458,13 +1461,15 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                        if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
                                free(s->s3->server_opaque_prf_input);
                        if (s->s3->server_opaque_prf_input_len == 0)
-                                s->s3->server_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */
+                                s->s3->server_opaque_prf_input = NULL;
-                        else
+                        else {
-                                s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len);
+                                s->s3->server_opaque_prf_input =
+                                    BUF_memdup(sdata,
-                        if (s->s3->server_opaque_prf_input == NULL) {
+                                      s->s3->server_opaque_prf_input_len);
-                                *al = TLS1_AD_INTERNAL_ERROR;
+                                if (s->s3->server_opaque_prf_input == NULL) {
-                                return 0;
+                                        *al = TLS1_AD_INTERNAL_ERROR;
+                                        return 0;
+                                }
                        }
                }
 #endif
@@ -1639,12 +1644,16 @@ ssl_prepare_clienthello_tlsext(SSL *s)
                                free(s->s3->client_opaque_prf_input);
                        if (s->tlsext_opaque_prf_input_len == 0)
-                                s->s3->client_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */
+                                s->s3->client_opaque_prf_input = NULL;
-                        else
+                        else {
-                                s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
+                                s->s3->client_opaque_prf_input =
-                        if (s->s3->client_opaque_prf_input == NULL) {
+                                    BUF_memdup(s->tlsext_opaque_prf_input,
-                                SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT, ERR_R_MALLOC_FAILURE);
+                                      s->tlsext_opaque_prf_input_len);
-                                return -1;
+                                if (s->s3->client_opaque_prf_input == NULL) {
+                                        SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,
+                                            ERR_R_MALLOC_FAILURE);
+                                        return -1;
+                                }
                        }
                        s->s3->client_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
                }
@@ -1740,13 +1749,17 @@ ssl_check_clienthello_tlsext_early(SSL *s)
                                 * of the same length as the client opaque PRF input! */
                                if (s->tlsext_opaque_prf_input_len == 0)
-                                        s->s3->server_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */
+                                        s->s3->server_opaque_prf_input = NULL;
-                                else
+                                else {
-                                        s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
+                                        s->s3->server_opaque_prf_input =
-                                if (s->s3->server_opaque_prf_input == NULL) {
+                                            BUF_memdup(s->tlsext_opaque_prf_input,
-                                        ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+                                              s->tlsext_opaque_prf_input_len);
-                                        al = SSL_AD_INTERNAL_ERROR;
+                                        if (s->s3->server_opaque_prf_input ==
-                                        goto err;
+                                            NULL) {
+                                                ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+                                                al = SSL_AD_INTERNAL_ERROR;
+                                                goto err;
+                                        }
                                }
                                s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
                        }
author	miod <>	2014-05-26 20:54:06 +0000
committer	miod <>	2014-05-26 20:54:06 +0000
commit	cc64a1f7cecec63541a2635f124c914c60d4952a (patch)
tree	c839ab4f405bfea1c43fddd81eb73b59b27f5ef3 /src
parent	5678643e1eb5747220973202370142ccae43cddd (diff)
download	openbsd-cc64a1f7cecec63541a2635f124c914c60d4952a.tar.gz openbsd-cc64a1f7cecec63541a2635f124c914c60d4952a.tar.bz2 openbsd-cc64a1f7cecec63541a2635f124c914c60d4952a.zip

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 8b67e7c36a..d8a186040b 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -2633,16 +2633,18 @@ ssl3_ctrl(SSL s, int cmd, long larg, void parg)
2633	if (s->tlsext_opaque_prf_input != NULL)	2633	if (s->tlsext_opaque_prf_input != NULL)
2634	free(s->tlsext_opaque_prf_input);	2634	free(s->tlsext_opaque_prf_input);
2635	if ((size_t)larg == 0) {	2635	if ((size_t)larg == 0) {
2636	/* dummy byte just to get non-NULL */	2636	s->tlsext_opaque_prf_input = NULL;
2637	s->tlsext_opaque_prf_input = malloc(1);	2637	s->tlsext_opaque_prf_input_len = 0;
2638	} else	2638	ret = 1;
		2639	} else {
2639	s->tlsext_opaque_prf_input =	2640	s->tlsext_opaque_prf_input =
2640	BUF_memdup(parg, (size_t)larg);	2641	BUF_memdup(parg, (size_t)larg);
2641	if (s->tlsext_opaque_prf_input != NULL) {	2642	if (s->tlsext_opaque_prf_input != NULL) {
2642	s->tlsext_opaque_prf_input_len = (size_t)larg;	2643	s->tlsext_opaque_prf_input_len = (size_t)larg;
2643	ret = 1;	2644	ret = 1;
2644	} else	2645	} else
2645	s->tlsext_opaque_prf_input_len = 0;	2646	s->tlsext_opaque_prf_input_len = 0;
		2647	}
2646	break;	2648	break;
2647	#endif	2649	#endif
2648		2650


diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c index 8b67e7c36a..d8a186040b 100644 --- a/src/lib/libssl/src/ssl/s3_lib.c +++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -2633,16 +2633,18 @@ ssl3_ctrl(SSL s, int cmd, long larg, void parg)
2633	if (s->tlsext_opaque_prf_input != NULL)	2633	if (s->tlsext_opaque_prf_input != NULL)
2634	free(s->tlsext_opaque_prf_input);	2634	free(s->tlsext_opaque_prf_input);
2635	if ((size_t)larg == 0) {	2635	if ((size_t)larg == 0) {
2636	/* dummy byte just to get non-NULL */	2636	s->tlsext_opaque_prf_input = NULL;
2637	s->tlsext_opaque_prf_input = malloc(1);	2637	s->tlsext_opaque_prf_input_len = 0;
2638	} else	2638	ret = 1;
		2639	} else {
2639	s->tlsext_opaque_prf_input =	2640	s->tlsext_opaque_prf_input =
2640	BUF_memdup(parg, (size_t)larg);	2641	BUF_memdup(parg, (size_t)larg);
2641	if (s->tlsext_opaque_prf_input != NULL) {	2642	if (s->tlsext_opaque_prf_input != NULL) {
2642	s->tlsext_opaque_prf_input_len = (size_t)larg;	2643	s->tlsext_opaque_prf_input_len = (size_t)larg;
2643	ret = 1;	2644	ret = 1;
2644	} else	2645	} else
2645	s->tlsext_opaque_prf_input_len = 0;	2646	s->tlsext_opaque_prf_input_len = 0;
		2647	}
2646	break;	2648	break;
2647	#endif	2649	#endif
2648		2650


diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c index 99298c1791..c45708bf78 100644 --- a/src/lib/libssl/src/ssl/t1_lib.c +++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -1154,12 +1154,15 @@ ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d,
1154	if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */	1154	if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
1155	free(s->s3->client_opaque_prf_input);	1155	free(s->s3->client_opaque_prf_input);
1156	if (s->s3->client_opaque_prf_input_len == 0)	1156	if (s->s3->client_opaque_prf_input_len == 0)
1157	s->s3->client_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */	1157	s->s3->client_opaque_prf_input = NULL;
1158	else	1158	else {
1159	s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len);	1159	s->s3->client_opaque_prf_input =
1160	if (s->s3->client_opaque_prf_input == NULL) {	1160	BUF_memdup(sdata,
1161	*al = TLS1_AD_INTERNAL_ERROR;	1161	s->s3->client_opaque_prf_input_len);
1162	return 0;	1162	if (s->s3->client_opaque_prf_input == NULL) {
		1163	*al = TLS1_AD_INTERNAL_ERROR;
		1164	return 0;
		1165	}
1163	}	1166	}
1164	}	1167	}
1165	#endif	1168	#endif
@@ -1458,13 +1461,15 @@ ssl_parse_serverhello_tlsext(SSL s, unsigned char p, unsigned char d,
1458	if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */	1461	if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
1459	free(s->s3->server_opaque_prf_input);	1462	free(s->s3->server_opaque_prf_input);
1460	if (s->s3->server_opaque_prf_input_len == 0)	1463	if (s->s3->server_opaque_prf_input_len == 0)
1461	s->s3->server_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */	1464	s->s3->server_opaque_prf_input = NULL;
1462	else	1465	else {
1463	s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len);	1466	s->s3->server_opaque_prf_input =
1464		1467	BUF_memdup(sdata,
1465	if (s->s3->server_opaque_prf_input == NULL) {	1468	s->s3->server_opaque_prf_input_len);
1466	*al = TLS1_AD_INTERNAL_ERROR;	1469	if (s->s3->server_opaque_prf_input == NULL) {
1467	return 0;	1470	*al = TLS1_AD_INTERNAL_ERROR;
		1471	return 0;
		1472	}
1468	}	1473	}
1469	}	1474	}
1470	#endif	1475	#endif
@@ -1639,12 +1644,16 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1639	free(s->s3->client_opaque_prf_input);	1644	free(s->s3->client_opaque_prf_input);
1640		1645
1641	if (s->tlsext_opaque_prf_input_len == 0)	1646	if (s->tlsext_opaque_prf_input_len == 0)
1642	s->s3->client_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */	1647	s->s3->client_opaque_prf_input = NULL;
1643	else	1648	else {
1644	s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);	1649	s->s3->client_opaque_prf_input =
1645	if (s->s3->client_opaque_prf_input == NULL) {	1650	BUF_memdup(s->tlsext_opaque_prf_input,
1646	SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT, ERR_R_MALLOC_FAILURE);	1651	s->tlsext_opaque_prf_input_len);
1647	return -1;	1652	if (s->s3->client_opaque_prf_input == NULL) {
		1653	SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,
		1654	ERR_R_MALLOC_FAILURE);
		1655	return -1;
		1656	}
1648	}	1657	}
1649	s->s3->client_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;	1658	s->s3->client_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
1650	}	1659	}
@@ -1740,13 +1749,17 @@ ssl_check_clienthello_tlsext_early(SSL *s)
1740	* of the same length as the client opaque PRF input! */	1749	* of the same length as the client opaque PRF input! */
1741		1750
1742	if (s->tlsext_opaque_prf_input_len == 0)	1751	if (s->tlsext_opaque_prf_input_len == 0)
1743	s->s3->server_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */	1752	s->s3->server_opaque_prf_input = NULL;
1744	else	1753	else {
1745	s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);	1754	s->s3->server_opaque_prf_input =
1746	if (s->s3->server_opaque_prf_input == NULL) {	1755	BUF_memdup(s->tlsext_opaque_prf_input,
1747	ret = SSL_TLSEXT_ERR_ALERT_FATAL;	1756	s->tlsext_opaque_prf_input_len);
1748	al = SSL_AD_INTERNAL_ERROR;	1757	if (s->s3->server_opaque_prf_input ==
1749	goto err;	1758	NULL) {
		1759	ret = SSL_TLSEXT_ERR_ALERT_FATAL;
		1760	al = SSL_AD_INTERNAL_ERROR;
		1761	goto err;
		1762	}
1750	}	1763	}
1751	s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;	1764	s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
1752	}	1765	}


diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 99298c1791..c45708bf78 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1154,12 +1154,15 @@ ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d,
1154	if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */	1154	if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
1155	free(s->s3->client_opaque_prf_input);	1155	free(s->s3->client_opaque_prf_input);
1156	if (s->s3->client_opaque_prf_input_len == 0)	1156	if (s->s3->client_opaque_prf_input_len == 0)
1157	s->s3->client_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */	1157	s->s3->client_opaque_prf_input = NULL;
1158	else	1158	else {
1159	s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len);	1159	s->s3->client_opaque_prf_input =
1160	if (s->s3->client_opaque_prf_input == NULL) {	1160	BUF_memdup(sdata,
1161	*al = TLS1_AD_INTERNAL_ERROR;	1161	s->s3->client_opaque_prf_input_len);
1162	return 0;	1162	if (s->s3->client_opaque_prf_input == NULL) {
		1163	*al = TLS1_AD_INTERNAL_ERROR;
		1164	return 0;
		1165	}
1163	}	1166	}
1164	}	1167	}
1165	#endif	1168	#endif
@@ -1458,13 +1461,15 @@ ssl_parse_serverhello_tlsext(SSL s, unsigned char p, unsigned char d,
1458	if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */	1461	if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
1459	free(s->s3->server_opaque_prf_input);	1462	free(s->s3->server_opaque_prf_input);
1460	if (s->s3->server_opaque_prf_input_len == 0)	1463	if (s->s3->server_opaque_prf_input_len == 0)
1461	s->s3->server_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */	1464	s->s3->server_opaque_prf_input = NULL;
1462	else	1465	else {
1463	s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len);	1466	s->s3->server_opaque_prf_input =
1464		1467	BUF_memdup(sdata,
1465	if (s->s3->server_opaque_prf_input == NULL) {	1468	s->s3->server_opaque_prf_input_len);
1466	*al = TLS1_AD_INTERNAL_ERROR;	1469	if (s->s3->server_opaque_prf_input == NULL) {
1467	return 0;	1470	*al = TLS1_AD_INTERNAL_ERROR;
		1471	return 0;
		1472	}
1468	}	1473	}
1469	}	1474	}
1470	#endif	1475	#endif
@@ -1639,12 +1644,16 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1639	free(s->s3->client_opaque_prf_input);	1644	free(s->s3->client_opaque_prf_input);
1640		1645
1641	if (s->tlsext_opaque_prf_input_len == 0)	1646	if (s->tlsext_opaque_prf_input_len == 0)
1642	s->s3->client_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */	1647	s->s3->client_opaque_prf_input = NULL;
1643	else	1648	else {
1644	s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);	1649	s->s3->client_opaque_prf_input =
1645	if (s->s3->client_opaque_prf_input == NULL) {	1650	BUF_memdup(s->tlsext_opaque_prf_input,
1646	SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT, ERR_R_MALLOC_FAILURE);	1651	s->tlsext_opaque_prf_input_len);
1647	return -1;	1652	if (s->s3->client_opaque_prf_input == NULL) {
		1653	SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,
		1654	ERR_R_MALLOC_FAILURE);
		1655	return -1;
		1656	}
1648	}	1657	}
1649	s->s3->client_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;	1658	s->s3->client_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
1650	}	1659	}
@@ -1740,13 +1749,17 @@ ssl_check_clienthello_tlsext_early(SSL *s)
1740	* of the same length as the client opaque PRF input! */	1749	* of the same length as the client opaque PRF input! */
1741		1750
1742	if (s->tlsext_opaque_prf_input_len == 0)	1751	if (s->tlsext_opaque_prf_input_len == 0)
1743	s->s3->server_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */	1752	s->s3->server_opaque_prf_input = NULL;
1744	else	1753	else {
1745	s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);	1754	s->s3->server_opaque_prf_input =
1746	if (s->s3->server_opaque_prf_input == NULL) {	1755	BUF_memdup(s->tlsext_opaque_prf_input,
1747	ret = SSL_TLSEXT_ERR_ALERT_FATAL;	1756	s->tlsext_opaque_prf_input_len);
1748	al = SSL_AD_INTERNAL_ERROR;	1757	if (s->s3->server_opaque_prf_input ==
1749	goto err;	1758	NULL) {
		1759	ret = SSL_TLSEXT_ERR_ALERT_FATAL;
		1760	al = SSL_AD_INTERNAL_ERROR;
		1761	goto err;
		1762	}
1750	}	1763	}
1751	s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;	1764	s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
1752	}	1765	}