Ensure that sess_cert is not NULL at the start of

ssl3_send_client_key_exchange(), rather than checking it in the key exchange algorithm specific code. ok beck@ miod@
author: jsing <> 2014-11-27 16:13:36 +0000
committer: jsing <> 2014-11-27 16:13:36 +0000
commit: 2c7127ff682d568ae1a0c5f87f0a41ae420050c7 (patch)
tree: fbfbaa76cf6ecffa57d79574d681dd7644a9a905 /src
parent: d535de59dc5c181a7d99c29fd96670de7865ee1c (diff)
download: openbsd-2c7127ff682d568ae1a0c5f87f0a41ae420050c7.tar.gz
openbsd-2c7127ff682d568ae1a0c5f87f0a41ae420050c7.tar.bz2
openbsd-2c7127ff682d568ae1a0c5f87f0a41ae420050c7.zip
2 files changed, 18 insertions, 50 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 49efb26277..1b94200f14 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.95 2014/11/19 05:51:25 doug Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.96 2014/11/27 16:13:36 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1964,18 +1964,18 @@ ssl3_send_client_key_exchange(SSL *s)
                alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+                if (s->session->sess_cert == NULL) {
+                        ssl3_send_alert(s, SSL3_AL_FATAL,
+                            SSL_AD_UNEXPECTED_MESSAGE);
+                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                            ERR_R_INTERNAL_ERROR);
+                        goto err;
+                }
                if (alg_k & SSL_kRSA) {
                        RSA *rsa;
                        unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
-                        if (s->session->sess_cert == NULL) {
-                                /* We should always have a server
-                                 * certificate with SSL_kRSA. */
-                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                                    ERR_R_INTERNAL_ERROR);
-                                goto err;
-                        }
                        if (s->session->sess_cert->peer_rsa_tmp != NULL)
                                rsa = s->session->sess_cert->peer_rsa_tmp;
                        else {
@@ -2026,14 +2026,6 @@ ssl3_send_client_key_exchange(SSL *s)
                } else if (alg_k & SSL_kDHE) {
                        DH *dh_srvr, *dh_clnt;
-                        if (s->session->sess_cert == NULL) {
-                                ssl3_send_alert(s, SSL3_AL_FATAL,
-                                    SSL_AD_UNEXPECTED_MESSAGE);
-                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                                    SSL_R_UNEXPECTED_MESSAGE);
-                                goto err;
-                        }
                        if (s->session->sess_cert->peer_dh_tmp != NULL)
                                dh_srvr = s->session->sess_cert->peer_dh_tmp;
                        else {
@@ -2093,14 +2085,6 @@ ssl3_send_client_key_exchange(SSL *s)
                        int ecdh_clnt_cert = 0;
                        int field_size = 0;
-                        if (s->session->sess_cert == NULL) {
-                                ssl3_send_alert(s, SSL3_AL_FATAL,
-                                    SSL_AD_UNEXPECTED_MESSAGE);
-                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                                    SSL_R_UNEXPECTED_MESSAGE);
-                                goto err;
-                        }
                        /*
                         * Did we send out the client's ECDH share for use
                         * in premaster computation as part of client
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 49efb26277..1b94200f14 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.95 2014/11/19 05:51:25 doug Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.96 2014/11/27 16:13:36 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1964,18 +1964,18 @@ ssl3_send_client_key_exchange(SSL *s)
                alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+                if (s->session->sess_cert == NULL) {
+                        ssl3_send_alert(s, SSL3_AL_FATAL,
+                            SSL_AD_UNEXPECTED_MESSAGE);
+                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                            ERR_R_INTERNAL_ERROR);
+                        goto err;
+                }
                if (alg_k & SSL_kRSA) {
                        RSA *rsa;
                        unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
-                        if (s->session->sess_cert == NULL) {
-                                /* We should always have a server
-                                 * certificate with SSL_kRSA. */
-                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                                    ERR_R_INTERNAL_ERROR);
-                                goto err;
-                        }
                        if (s->session->sess_cert->peer_rsa_tmp != NULL)
                                rsa = s->session->sess_cert->peer_rsa_tmp;
                        else {
@@ -2026,14 +2026,6 @@ ssl3_send_client_key_exchange(SSL *s)
                } else if (alg_k & SSL_kDHE) {
                        DH *dh_srvr, *dh_clnt;
-                        if (s->session->sess_cert == NULL) {
-                                ssl3_send_alert(s, SSL3_AL_FATAL,
-                                    SSL_AD_UNEXPECTED_MESSAGE);
-                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                                    SSL_R_UNEXPECTED_MESSAGE);
-                                goto err;
-                        }
                        if (s->session->sess_cert->peer_dh_tmp != NULL)
                                dh_srvr = s->session->sess_cert->peer_dh_tmp;
                        else {
@@ -2093,14 +2085,6 @@ ssl3_send_client_key_exchange(SSL *s)
                        int ecdh_clnt_cert = 0;
                        int field_size = 0;
-                        if (s->session->sess_cert == NULL) {
-                                ssl3_send_alert(s, SSL3_AL_FATAL,
-                                    SSL_AD_UNEXPECTED_MESSAGE);
-                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                                    SSL_R_UNEXPECTED_MESSAGE);
-                                goto err;
-                        }
                        /*
                         * Did we send out the client's ECDH share for use
                         * in premaster computation as part of client
author	jsing <>	2014-11-27 16:13:36 +0000
committer	jsing <>	2014-11-27 16:13:36 +0000
commit	2c7127ff682d568ae1a0c5f87f0a41ae420050c7 (patch)
tree	fbfbaa76cf6ecffa57d79574d681dd7644a9a905 /src
parent	d535de59dc5c181a7d99c29fd96670de7865ee1c (diff)
download	openbsd-2c7127ff682d568ae1a0c5f87f0a41ae420050c7.tar.gz openbsd-2c7127ff682d568ae1a0c5f87f0a41ae420050c7.tar.bz2 openbsd-2c7127ff682d568ae1a0c5f87f0a41ae420050c7.zip