diff options
| author | jsing <> | 2014-05-29 11:28:18 +0000 |
|---|---|---|
| committer | jsing <> | 2014-05-29 11:28:18 +0000 |
| commit | 90a27dd2630fc2f77d90209add109a18beb0f2e2 (patch) | |
| tree | 8912bbf31ae0ce261e303eaf575cc5e716a30e1b /src | |
| parent | 2ad70e8a88961d1009c50ccc6d5ee104299eebde (diff) | |
| download | openbsd-90a27dd2630fc2f77d90209add109a18beb0f2e2.tar.gz openbsd-90a27dd2630fc2f77d90209add109a18beb0f2e2.tar.bz2 openbsd-90a27dd2630fc2f77d90209add109a18beb0f2e2.zip | |
Fix another two cases where the return value of ssl_replace_hash() is
unchecked.
In the case of tls1_change_cipher_state(), it is fairly pointless to use
ssl_replace_hash(), since it does not initialise the hash and there is
special handling required in the DTLS write case. Instead, just inline
the part of ssl_replace_hash() that is needed and only
ssl_clear_hash_ctx() the write hash in the non-DTLS case.
Also add a detailed comment explaining why there needs to be specialised
handling for DTLS write context and where the contexts are actually freed.
ok miod@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_enc.c | 26 | ||||
| -rw-r--r-- | src/lib/libssl/t1_enc.c | 26 |
2 files changed, 36 insertions, 16 deletions
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c index 894b521e71..87860feda9 100644 --- a/src/lib/libssl/src/ssl/t1_enc.c +++ b/src/lib/libssl/src/ssl/t1_enc.c | |||
| @@ -386,7 +386,11 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 386 | EVP_CIPHER_CTX_init(s->enc_read_ctx); | 386 | EVP_CIPHER_CTX_init(s->enc_read_ctx); |
| 387 | } | 387 | } |
| 388 | dd = s->enc_read_ctx; | 388 | dd = s->enc_read_ctx; |
| 389 | mac_ctx = ssl_replace_hash(&s->read_hash, NULL); | 389 | |
| 390 | ssl_clear_hash_ctx(&s->read_hash); | ||
| 391 | if ((mac_ctx = EVP_MD_CTX_create()) == NULL) | ||
| 392 | goto err; | ||
| 393 | s->read_hash = mac_ctx; | ||
| 390 | 394 | ||
| 391 | /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ | 395 | /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ |
| 392 | if (s->version != DTLS1_VERSION) | 396 | if (s->version != DTLS1_VERSION) |
| @@ -403,13 +407,19 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 403 | else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) | 407 | else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) |
| 404 | goto err; | 408 | goto err; |
| 405 | dd = s->enc_write_ctx; | 409 | dd = s->enc_write_ctx; |
| 406 | if (SSL_IS_DTLS(s)) { | 410 | |
| 407 | mac_ctx = EVP_MD_CTX_create(); | 411 | /* |
| 408 | if (!mac_ctx) | 412 | * DTLS fragments retain a pointer to the compression, cipher |
| 409 | goto err; | 413 | * and hash contexts, so that it can restore state in order |
| 410 | s->write_hash = mac_ctx; | 414 | * to perform retransmissions. As such, we cannot free write |
| 411 | } else | 415 | * contexts that are used for DTLS - these are instead freed |
| 412 | mac_ctx = ssl_replace_hash(&s->write_hash, NULL); | 416 | * by DTLS when its frees a ChangeCipherSpec fragment. |
| 417 | */ | ||
| 418 | if (!SSL_IS_DTLS(s)) | ||
| 419 | ssl_clear_hash_ctx(&s->write_hash); | ||
| 420 | if ((mac_ctx = EVP_MD_CTX_create()) == NULL) | ||
| 421 | goto err; | ||
| 422 | s->write_hash = mac_ctx; | ||
| 413 | 423 | ||
| 414 | /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ | 424 | /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ |
| 415 | if (s->version != DTLS1_VERSION) | 425 | if (s->version != DTLS1_VERSION) |
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 894b521e71..87860feda9 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c | |||
| @@ -386,7 +386,11 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 386 | EVP_CIPHER_CTX_init(s->enc_read_ctx); | 386 | EVP_CIPHER_CTX_init(s->enc_read_ctx); |
| 387 | } | 387 | } |
| 388 | dd = s->enc_read_ctx; | 388 | dd = s->enc_read_ctx; |
| 389 | mac_ctx = ssl_replace_hash(&s->read_hash, NULL); | 389 | |
| 390 | ssl_clear_hash_ctx(&s->read_hash); | ||
| 391 | if ((mac_ctx = EVP_MD_CTX_create()) == NULL) | ||
| 392 | goto err; | ||
| 393 | s->read_hash = mac_ctx; | ||
| 390 | 394 | ||
| 391 | /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ | 395 | /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ |
| 392 | if (s->version != DTLS1_VERSION) | 396 | if (s->version != DTLS1_VERSION) |
| @@ -403,13 +407,19 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 403 | else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) | 407 | else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) |
| 404 | goto err; | 408 | goto err; |
| 405 | dd = s->enc_write_ctx; | 409 | dd = s->enc_write_ctx; |
| 406 | if (SSL_IS_DTLS(s)) { | 410 | |
| 407 | mac_ctx = EVP_MD_CTX_create(); | 411 | /* |
| 408 | if (!mac_ctx) | 412 | * DTLS fragments retain a pointer to the compression, cipher |
| 409 | goto err; | 413 | * and hash contexts, so that it can restore state in order |
| 410 | s->write_hash = mac_ctx; | 414 | * to perform retransmissions. As such, we cannot free write |
| 411 | } else | 415 | * contexts that are used for DTLS - these are instead freed |
| 412 | mac_ctx = ssl_replace_hash(&s->write_hash, NULL); | 416 | * by DTLS when its frees a ChangeCipherSpec fragment. |
| 417 | */ | ||
| 418 | if (!SSL_IS_DTLS(s)) | ||
| 419 | ssl_clear_hash_ctx(&s->write_hash); | ||
| 420 | if ((mac_ctx = EVP_MD_CTX_create()) == NULL) | ||
| 421 | goto err; | ||
| 422 | s->write_hash = mac_ctx; | ||
| 413 | 423 | ||
| 414 | /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ | 424 | /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ |
| 415 | if (s->version != DTLS1_VERSION) | 425 | if (s->version != DTLS1_VERSION) |