summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libssl/d1_both.c22
-rw-r--r--src/lib/libssl/dtls_locl.h4
-rw-r--r--src/lib/libssl/ssl_both.c31
-rw-r--r--src/lib/libssl/ssl_clnt.c175
-rw-r--r--src/lib/libssl/ssl_locl.h4
-rw-r--r--src/lib/libssl/ssl_srvr.c69
6 files changed, 139 insertions, 166 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index 4c014be6a9..7365968db6 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_both.c,v 1.78 2021/09/04 14:24:28 jsing Exp $ */ 1/* $OpenBSD: d1_both.c,v 1.79 2021/10/23 08:34:36 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -368,13 +368,13 @@ dtls1_do_write(SSL *s, int type)
368 * Read an entire handshake message. Handshake messages arrive in 368 * Read an entire handshake message. Handshake messages arrive in
369 * fragments. 369 * fragments.
370 */ 370 */
371long 371int
372dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) 372dtls1_get_message(SSL *s, int st1, int stn, int mt, long max)
373{ 373{
374 int i, al;
375 struct hm_header_st *msg_hdr; 374 struct hm_header_st *msg_hdr;
376 unsigned char *p; 375 unsigned char *p;
377 unsigned long msg_len; 376 unsigned long msg_len;
377 int i, al, ok;
378 378
379 /* 379 /*
380 * s3->internal->tmp is used to store messages that are unexpected, caused 380 * s3->internal->tmp is used to store messages that are unexpected, caused
@@ -387,21 +387,20 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
387 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); 387 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
388 goto fatal_err; 388 goto fatal_err;
389 } 389 }
390 *ok = 1;
391 s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; 390 s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH;
392 s->internal->init_num = (int)S3I(s)->hs.tls12.message_size; 391 s->internal->init_num = (int)S3I(s)->hs.tls12.message_size;
393 return s->internal->init_num; 392 return 1;
394 } 393 }
395 394
396 msg_hdr = &D1I(s)->r_msg_hdr; 395 msg_hdr = &D1I(s)->r_msg_hdr;
397 memset(msg_hdr, 0, sizeof(struct hm_header_st)); 396 memset(msg_hdr, 0, sizeof(struct hm_header_st));
398 397
399 again: 398 again:
400 i = dtls1_get_message_fragment(s, st1, stn, max, ok); 399 i = dtls1_get_message_fragment(s, st1, stn, max, &ok);
401 if (i == DTLS1_HM_BAD_FRAGMENT || 400 if (i == DTLS1_HM_BAD_FRAGMENT ||
402 i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */ 401 i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */
403 goto again; 402 goto again;
404 else if (i <= 0 && !*ok) 403 else if (i <= 0 && !ok)
405 return i; 404 return i;
406 405
407 p = (unsigned char *)s->internal->init_buf->data; 406 p = (unsigned char *)s->internal->init_buf->data;
@@ -425,15 +424,13 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
425 D1I(s)->handshake_read_seq++; 424 D1I(s)->handshake_read_seq++;
426 425
427 s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; 426 s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH;
428 return s->internal->init_num; 427 return 1;
429 428
430 fatal_err: 429 fatal_err:
431 ssl3_send_alert(s, SSL3_AL_FATAL, al); 430 ssl3_send_alert(s, SSL3_AL_FATAL, al);
432 *ok = 0;
433 return -1; 431 return -1;
434} 432}
435 433
436
437static int 434static int
438dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) 435dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
439{ 436{
@@ -847,8 +844,6 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
847 goto fatal_err; 844 goto fatal_err;
848 } 845 }
849 846
850 *ok = 1;
851
852 /* 847 /*
853 * Note that s->internal->init_num is *not* used as current offset in 848 * Note that s->internal->init_num is *not* used as current offset in
854 * s->internal->init_buf->data, but as a counter summing up fragments' 849 * s->internal->init_buf->data, but as a counter summing up fragments'
@@ -856,6 +851,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
856 * length, we assume we have got all the fragments. 851 * length, we assume we have got all the fragments.
857 */ 852 */
858 s->internal->init_num = frag_len; 853 s->internal->init_num = frag_len;
854 *ok = 1;
859 return frag_len; 855 return frag_len;
860 856
861 fatal_err: 857 fatal_err:
diff --git a/src/lib/libssl/dtls_locl.h b/src/lib/libssl/dtls_locl.h
index 4cf8827ec3..306fab2559 100644
--- a/src/lib/libssl/dtls_locl.h
+++ b/src/lib/libssl/dtls_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: dtls_locl.h,v 1.7 2021/09/04 14:24:28 jsing Exp $ */ 1/* $OpenBSD: dtls_locl.h,v 1.8 2021/10/23 08:34:36 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -223,7 +223,7 @@ void dtls1_free(SSL *s);
223void dtls1_clear(SSL *s); 223void dtls1_clear(SSL *s);
224long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg); 224long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);
225 225
226long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); 226int dtls1_get_message(SSL *s, int st1, int stn, int mt, long max);
227int dtls1_get_record(SSL *s); 227int dtls1_get_record(SSL *s);
228 228
229__END_HIDDEN_DECLS 229__END_HIDDEN_DECLS
diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c
index f3d50d6f9c..637f34582f 100644
--- a/src/lib/libssl/ssl_both.c
+++ b/src/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_both.c,v 1.35 2021/09/03 13:19:12 jsing Exp $ */ 1/* $OpenBSD: ssl_both.c,v 1.36 2021/10/23 08:34:36 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -208,14 +208,12 @@ ssl3_send_finished(SSL *s, int state_a, int state_b)
208int 208int
209ssl3_get_finished(SSL *s, int a, int b) 209ssl3_get_finished(SSL *s, int a, int b)
210{ 210{
211 int al, ok, md_len; 211 int al, md_len, ret;
212 long n;
213 CBS cbs; 212 CBS cbs;
214 213
215 /* should actually be 36+4 :-) */ 214 /* should actually be 36+4 :-) */
216 n = ssl3_get_message(s, a, b, SSL3_MT_FINISHED, 64, &ok); 215 if ((ret = ssl3_get_message(s, a, b, SSL3_MT_FINISHED, 64)) <= 0)
217 if (!ok) 216 return ret;
218 return ((int)n);
219 217
220 /* If this occurs, we have missed a message */ 218 /* If this occurs, we have missed a message */
221 if (!S3I(s)->change_cipher_spec) { 219 if (!S3I(s)->change_cipher_spec) {
@@ -227,13 +225,13 @@ ssl3_get_finished(SSL *s, int a, int b)
227 225
228 md_len = TLS1_FINISH_MAC_LENGTH; 226 md_len = TLS1_FINISH_MAC_LENGTH;
229 227
230 if (n < 0) { 228 if (s->internal->init_num < 0) {
231 al = SSL_AD_DECODE_ERROR; 229 al = SSL_AD_DECODE_ERROR;
232 SSLerror(s, SSL_R_BAD_DIGEST_LENGTH); 230 SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
233 goto fatal_err; 231 goto fatal_err;
234 } 232 }
235 233
236 CBS_init(&cbs, s->internal->init_msg, n); 234 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
237 235
238 if (S3I(s)->hs.peer_finished_len != md_len || 236 if (S3I(s)->hs.peer_finished_len != md_len ||
239 CBS_len(&cbs) != md_len) { 237 CBS_len(&cbs) != md_len) {
@@ -397,8 +395,8 @@ ssl3_output_cert_chain(SSL *s, CBB *cbb, CERT_PKEY *cpk)
397 * The first four bytes (msg_type and length) are read in state 'st1', 395 * The first four bytes (msg_type and length) are read in state 'st1',
398 * the body is read in state 'stn'. 396 * the body is read in state 'stn'.
399 */ 397 */
400long 398int
401ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) 399ssl3_get_message(SSL *s, int st1, int stn, int mt, long max)
402{ 400{
403 unsigned char *p; 401 unsigned char *p;
404 uint32_t l; 402 uint32_t l;
@@ -408,7 +406,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
408 uint8_t u8; 406 uint8_t u8;
409 407
410 if (SSL_is_dtls(s)) 408 if (SSL_is_dtls(s))
411 return (dtls1_get_message(s, st1, stn, mt, max, ok)); 409 return dtls1_get_message(s, st1, stn, mt, max);
412 410
413 if (S3I(s)->hs.tls12.reuse_message) { 411 if (S3I(s)->hs.tls12.reuse_message) {
414 S3I(s)->hs.tls12.reuse_message = 0; 412 S3I(s)->hs.tls12.reuse_message = 0;
@@ -417,11 +415,10 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
417 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); 415 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
418 goto fatal_err; 416 goto fatal_err;
419 } 417 }
420 *ok = 1;
421 s->internal->init_msg = s->internal->init_buf->data + 418 s->internal->init_msg = s->internal->init_buf->data +
422 SSL3_HM_HEADER_LENGTH; 419 SSL3_HM_HEADER_LENGTH;
423 s->internal->init_num = (int)S3I(s)->hs.tls12.message_size; 420 s->internal->init_num = (int)S3I(s)->hs.tls12.message_size;
424 return s->internal->init_num; 421 return 1;
425 } 422 }
426 423
427 p = (unsigned char *)s->internal->init_buf->data; 424 p = (unsigned char *)s->internal->init_buf->data;
@@ -436,7 +433,6 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
436 SSL3_HM_HEADER_LENGTH - s->internal->init_num, 0); 433 SSL3_HM_HEADER_LENGTH - s->internal->init_num, 0);
437 if (i <= 0) { 434 if (i <= 0) {
438 s->internal->rwstate = SSL_READING; 435 s->internal->rwstate = SSL_READING;
439 *ok = 0;
440 return i; 436 return i;
441 } 437 }
442 s->internal->init_num += i; 438 s->internal->init_num += i;
@@ -501,7 +497,6 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
501 &p[s->internal->init_num], n, 0); 497 &p[s->internal->init_num], n, 0);
502 if (i <= 0) { 498 if (i <= 0) {
503 s->internal->rwstate = SSL_READING; 499 s->internal->rwstate = SSL_READING;
504 *ok = 0;
505 return i; 500 return i;
506 } 501 }
507 s->internal->init_num += i; 502 s->internal->init_num += i;
@@ -518,14 +513,12 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
518 (size_t)s->internal->init_num + SSL3_HM_HEADER_LENGTH); 513 (size_t)s->internal->init_num + SSL3_HM_HEADER_LENGTH);
519 } 514 }
520 515
521 *ok = 1; 516 return 1;
522 return (s->internal->init_num);
523 517
524 fatal_err: 518 fatal_err:
525 ssl3_send_alert(s, SSL3_AL_FATAL, al); 519 ssl3_send_alert(s, SSL3_AL_FATAL, al);
526 err: 520 err:
527 *ok = 0; 521 return -1;
528 return (-1);
529} 522}
530 523
531int 524int
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index bcf5108975..8a4c54e7b7 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_clnt.c,v 1.112 2021/10/23 08:13:02 jsing Exp $ */ 1/* $OpenBSD: ssl_clnt.c,v 1.113 2021/10/23 08:34:36 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -779,16 +779,14 @@ ssl3_send_client_hello(SSL *s)
779int 779int
780ssl3_get_dtls_hello_verify(SSL *s) 780ssl3_get_dtls_hello_verify(SSL *s)
781{ 781{
782 long n; 782 CBS hello_verify_request, cookie;
783 int al, ok = 0;
784 size_t cookie_len; 783 size_t cookie_len;
785 uint16_t ssl_version; 784 uint16_t ssl_version;
786 CBS hello_verify_request, cookie; 785 int al, ret;
787 786
788 n = ssl3_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, 787 if ((ret = ssl3_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
789 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->internal->max_cert_list, &ok); 788 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->internal->max_cert_list)) <= 0)
790 if (!ok) 789 return ret;
791 return ((int)n);
792 790
793 if (S3I(s)->hs.tls12.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) { 791 if (S3I(s)->hs.tls12.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
794 D1I(s)->send_cookie = 0; 792 D1I(s)->send_cookie = 0;
@@ -796,10 +794,11 @@ ssl3_get_dtls_hello_verify(SSL *s)
796 return (1); 794 return (1);
797 } 795 }
798 796
799 if (n < 0) 797 if (s->internal->init_num < 0)
800 goto decode_err; 798 goto decode_err;
801 799
802 CBS_init(&hello_verify_request, s->internal->init_msg, n); 800 CBS_init(&hello_verify_request, s->internal->init_msg,
801 s->internal->init_num);
803 802
804 if (!CBS_get_u16(&hello_verify_request, &ssl_version)) 803 if (!CBS_get_u16(&hello_verify_request, &ssl_version))
805 goto decode_err; 804 goto decode_err;
@@ -848,20 +847,18 @@ ssl3_get_server_hello(SSL *s)
848 const SSL_METHOD *method; 847 const SSL_METHOD *method;
849 unsigned long alg_k; 848 unsigned long alg_k;
850 size_t outlen; 849 size_t outlen;
851 int al, ok; 850 int al, ret;
852 long n;
853 851
854 s->internal->first_packet = 1; 852 s->internal->first_packet = 1;
855 n = ssl3_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, 853 if ((ret = ssl3_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
856 SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok); 854 SSL3_ST_CR_SRVR_HELLO_B, -1, 20000 /* ?? */)) <= 0)
857 if (!ok) 855 return ret;
858 return ((int)n);
859 s->internal->first_packet = 0; 856 s->internal->first_packet = 0;
860 857
861 if (n < 0) 858 if (s->internal->init_num < 0)
862 goto decode_err; 859 goto decode_err;
863 860
864 CBS_init(&cbs, s->internal->init_msg, n); 861 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
865 862
866 if (SSL_is_dtls(s)) { 863 if (SSL_is_dtls(s)) {
867 if (S3I(s)->hs.tls12.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { 864 if (S3I(s)->hs.tls12.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
@@ -1103,19 +1100,19 @@ ssl3_get_server_hello(SSL *s)
1103int 1100int
1104ssl3_get_server_certificate(SSL *s) 1101ssl3_get_server_certificate(SSL *s)
1105{ 1102{
1106 int al, i, ok, ret = -1; 1103 int al, i, ret;
1107 long n; 1104 CBS cbs, cert_list;
1108 CBS cbs, cert_list; 1105 X509 *x = NULL;
1109 X509 *x = NULL; 1106 const unsigned char *q;
1110 const unsigned char *q; 1107 STACK_OF(X509) *sk = NULL;
1111 STACK_OF(X509) *sk = NULL; 1108 SESS_CERT *sc;
1112 SESS_CERT *sc; 1109 EVP_PKEY *pkey = NULL;
1113 EVP_PKEY *pkey = NULL; 1110
1114 1111 if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_A,
1115 n = ssl3_get_message(s, SSL3_ST_CR_CERT_A, 1112 SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list)) <= 0)
1116 SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok); 1113 return ret;
1117 if (!ok) 1114
1118 return ((int)n); 1115 ret = -1;
1119 1116
1120 if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) { 1117 if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
1121 S3I(s)->hs.tls12.reuse_message = 1; 1118 S3I(s)->hs.tls12.reuse_message = 1;
@@ -1128,16 +1125,15 @@ ssl3_get_server_certificate(SSL *s)
1128 goto fatal_err; 1125 goto fatal_err;
1129 } 1126 }
1130 1127
1131
1132 if ((sk = sk_X509_new_null()) == NULL) { 1128 if ((sk = sk_X509_new_null()) == NULL) {
1133 SSLerror(s, ERR_R_MALLOC_FAILURE); 1129 SSLerror(s, ERR_R_MALLOC_FAILURE);
1134 goto err; 1130 goto err;
1135 } 1131 }
1136 1132
1137 if (n < 0) 1133 if (s->internal->init_num < 0)
1138 goto decode_err; 1134 goto decode_err;
1139 1135
1140 CBS_init(&cbs, s->internal->init_msg, n); 1136 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
1141 if (CBS_len(&cbs) < 3) 1137 if (CBS_len(&cbs) < 3)
1142 goto decode_err; 1138 goto decode_err;
1143 1139
@@ -1463,9 +1459,9 @@ ssl3_get_server_key_exchange(SSL *s)
1463 EVP_PKEY *pkey = NULL; 1459 EVP_PKEY *pkey = NULL;
1464 EVP_MD_CTX md_ctx; 1460 EVP_MD_CTX md_ctx;
1465 const unsigned char *param; 1461 const unsigned char *param;
1466 long n, alg_k, alg_a;
1467 int al, ok;
1468 size_t param_len; 1462 size_t param_len;
1463 long alg_k, alg_a;
1464 int al, ret;
1469 1465
1470 EVP_MD_CTX_init(&md_ctx); 1466 EVP_MD_CTX_init(&md_ctx);
1471 1467
@@ -1476,15 +1472,14 @@ ssl3_get_server_key_exchange(SSL *s)
1476 * Use same message size as in ssl3_get_certificate_request() 1472 * Use same message size as in ssl3_get_certificate_request()
1477 * as ServerKeyExchange message may be skipped. 1473 * as ServerKeyExchange message may be skipped.
1478 */ 1474 */
1479 n = ssl3_get_message(s, SSL3_ST_CR_KEY_EXCH_A, 1475 if ((ret = ssl3_get_message(s, SSL3_ST_CR_KEY_EXCH_A,
1480 SSL3_ST_CR_KEY_EXCH_B, -1, s->internal->max_cert_list, &ok); 1476 SSL3_ST_CR_KEY_EXCH_B, -1, s->internal->max_cert_list)) <= 0)
1481 if (!ok) 1477 return ret;
1482 return ((int)n);
1483 1478
1484 if (n < 0) 1479 if (s->internal->init_num < 0)
1485 goto err; 1480 goto err;
1486 1481
1487 CBS_init(&cbs, s->internal->init_msg, n); 1482 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
1488 1483
1489 if (S3I(s)->hs.tls12.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { 1484 if (S3I(s)->hs.tls12.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
1490 /* 1485 /*
@@ -1617,17 +1612,17 @@ ssl3_get_server_key_exchange(SSL *s)
1617int 1612int
1618ssl3_get_certificate_request(SSL *s) 1613ssl3_get_certificate_request(SSL *s)
1619{ 1614{
1620 int ok, ret = 0; 1615 CBS cert_request, cert_types, rdn_list;
1621 long n; 1616 X509_NAME *xn = NULL;
1622 CBS cert_request, cert_types, rdn_list; 1617 const unsigned char *q;
1623 X509_NAME *xn = NULL; 1618 STACK_OF(X509_NAME) *ca_sk = NULL;
1624 const unsigned char *q; 1619 int ret;
1625 STACK_OF(X509_NAME) *ca_sk = NULL; 1620
1626 1621 if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_REQ_A,
1627 n = ssl3_get_message(s, SSL3_ST_CR_CERT_REQ_A, 1622 SSL3_ST_CR_CERT_REQ_B, -1, s->internal->max_cert_list)) <= 0)
1628 SSL3_ST_CR_CERT_REQ_B, -1, s->internal->max_cert_list, &ok); 1623 return ret;
1629 if (!ok) 1624
1630 return ((int)n); 1625 ret = 0;
1631 1626
1632 S3I(s)->hs.tls12.cert_request = 0; 1627 S3I(s)->hs.tls12.cert_request = 0;
1633 1628
@@ -1654,9 +1649,9 @@ ssl3_get_certificate_request(SSL *s)
1654 goto err; 1649 goto err;
1655 } 1650 }
1656 1651
1657 if (n < 0) 1652 if (s->internal->init_num < 0)
1658 goto decode_err; 1653 goto decode_err;
1659 CBS_init(&cert_request, s->internal->init_msg, n); 1654 CBS_init(&cert_request, s->internal->init_msg, s->internal->init_num);
1660 1655
1661 if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) { 1656 if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {
1662 SSLerror(s, ERR_R_MALLOC_FAILURE); 1657 SSLerror(s, ERR_R_MALLOC_FAILURE);
@@ -1761,15 +1756,15 @@ ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
1761int 1756int
1762ssl3_get_new_session_ticket(SSL *s) 1757ssl3_get_new_session_ticket(SSL *s)
1763{ 1758{
1764 int ok, al, ret = 0; 1759 uint32_t lifetime_hint;
1765 uint32_t lifetime_hint; 1760 CBS cbs, session_ticket;
1766 long n; 1761 int al, ret;
1767 CBS cbs, session_ticket; 1762
1763 if ((ret = ssl3_get_message(s, SSL3_ST_CR_SESSION_TICKET_A,
1764 SSL3_ST_CR_SESSION_TICKET_B, -1, 16384)) <= 0)
1765 return ret;
1768 1766
1769 n = ssl3_get_message(s, SSL3_ST_CR_SESSION_TICKET_A, 1767 ret = 0;
1770 SSL3_ST_CR_SESSION_TICKET_B, -1, 16384, &ok);
1771 if (!ok)
1772 return ((int)n);
1773 1768
1774 if (S3I(s)->hs.tls12.message_type == SSL3_MT_FINISHED) { 1769 if (S3I(s)->hs.tls12.message_type == SSL3_MT_FINISHED) {
1775 S3I(s)->hs.tls12.reuse_message = 1; 1770 S3I(s)->hs.tls12.reuse_message = 1;
@@ -1781,13 +1776,13 @@ ssl3_get_new_session_ticket(SSL *s)
1781 goto fatal_err; 1776 goto fatal_err;
1782 } 1777 }
1783 1778
1784 if (n < 0) { 1779 if (s->internal->init_num < 0) {
1785 al = SSL_AD_DECODE_ERROR; 1780 al = SSL_AD_DECODE_ERROR;
1786 SSLerror(s, SSL_R_LENGTH_MISMATCH); 1781 SSLerror(s, SSL_R_LENGTH_MISMATCH);
1787 goto fatal_err; 1782 goto fatal_err;
1788 } 1783 }
1789 1784
1790 CBS_init(&cbs, s->internal->init_msg, n); 1785 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
1791 if (!CBS_get_u32(&cbs, &lifetime_hint) || 1786 if (!CBS_get_u32(&cbs, &lifetime_hint) ||
1792 !CBS_get_u16_length_prefixed(&cbs, &session_ticket) || 1787 !CBS_get_u16_length_prefixed(&cbs, &session_ticket) ||
1793 CBS_len(&cbs) != 0) { 1788 CBS_len(&cbs) != 0) {
@@ -1833,15 +1828,13 @@ ssl3_get_new_session_ticket(SSL *s)
1833int 1828int
1834ssl3_get_cert_status(SSL *s) 1829ssl3_get_cert_status(SSL *s)
1835{ 1830{
1836 CBS cert_status, response; 1831 CBS cert_status, response;
1837 int ok, al; 1832 uint8_t status_type;
1838 long n; 1833 int al, ret;
1839 uint8_t status_type;
1840 1834
1841 n = ssl3_get_message(s, SSL3_ST_CR_CERT_STATUS_A, 1835 if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_STATUS_A,
1842 SSL3_ST_CR_CERT_STATUS_B, -1, 16384, &ok); 1836 SSL3_ST_CR_CERT_STATUS_B, -1, 16384)) <= 0)
1843 if (!ok) 1837 return ret;
1844 return ((int)n);
1845 1838
1846 if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) { 1839 if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
1847 /* 1840 /*
@@ -1849,8 +1842,6 @@ ssl3_get_cert_status(SSL *s)
1849 * response, and has decided to head directly to key exchange. 1842 * response, and has decided to head directly to key exchange.
1850 */ 1843 */
1851 if (s->ctx->internal->tlsext_status_cb) { 1844 if (s->ctx->internal->tlsext_status_cb) {
1852 int ret;
1853
1854 free(s->internal->tlsext_ocsp_resp); 1845 free(s->internal->tlsext_ocsp_resp);
1855 s->internal->tlsext_ocsp_resp = NULL; 1846 s->internal->tlsext_ocsp_resp = NULL;
1856 s->internal->tlsext_ocsp_resp_len = 0; 1847 s->internal->tlsext_ocsp_resp_len = 0;
@@ -1879,14 +1870,14 @@ ssl3_get_cert_status(SSL *s)
1879 goto fatal_err; 1870 goto fatal_err;
1880 } 1871 }
1881 1872
1882 if (n < 0) { 1873 if (s->internal->init_num < 0) {
1883 /* need at least status type + length */ 1874 /* need at least status type + length */
1884 al = SSL_AD_DECODE_ERROR; 1875 al = SSL_AD_DECODE_ERROR;
1885 SSLerror(s, SSL_R_LENGTH_MISMATCH); 1876 SSLerror(s, SSL_R_LENGTH_MISMATCH);
1886 goto fatal_err; 1877 goto fatal_err;
1887 } 1878 }
1888 1879
1889 CBS_init(&cert_status, s->internal->init_msg, n); 1880 CBS_init(&cert_status, s->internal->init_msg, s->internal->init_num);
1890 if (!CBS_get_u8(&cert_status, &status_type) || 1881 if (!CBS_get_u8(&cert_status, &status_type) ||
1891 CBS_len(&cert_status) < 3) { 1882 CBS_len(&cert_status) < 3) {
1892 /* need at least status type + length */ 1883 /* need at least status type + length */
@@ -1939,23 +1930,21 @@ ssl3_get_cert_status(SSL *s)
1939int 1930int
1940ssl3_get_server_done(SSL *s) 1931ssl3_get_server_done(SSL *s)
1941{ 1932{
1942 int ok, ret = 0; 1933 int ret;
1943 long n;
1944 1934
1945 n = ssl3_get_message(s, SSL3_ST_CR_SRVR_DONE_A, 1935 if ((ret = ssl3_get_message(s, SSL3_ST_CR_SRVR_DONE_A,
1946 SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE, 1936 SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE,
1947 30, /* should be very small, like 0 :-) */ &ok); 1937 30 /* should be very small, like 0 :-) */)) <= 0)
1948 if (!ok) 1938 return ret;
1949 return ((int)n);
1950 1939
1951 if (n > 0) { 1940 if (s->internal->init_num != 0) {
1952 /* should contain no data */ 1941 /* should contain no data */
1953 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1942 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1954 SSLerror(s, SSL_R_LENGTH_MISMATCH); 1943 SSLerror(s, SSL_R_LENGTH_MISMATCH);
1955 return (-1); 1944 return -1;
1956 } 1945 }
1957 ret = 1; 1946
1958 return (ret); 1947 return 1;
1959} 1948}
1960 1949
1961static int 1950static int
@@ -2756,18 +2745,16 @@ ssl3_check_cert_and_algorithm(SSL *s)
2756int 2745int
2757ssl3_check_finished(SSL *s) 2746ssl3_check_finished(SSL *s)
2758{ 2747{
2759 int ok; 2748 int ret;
2760 long n;
2761 2749
2762 /* If we have no ticket it cannot be a resumed session. */ 2750 /* If we have no ticket it cannot be a resumed session. */
2763 if (!s->session->tlsext_tick) 2751 if (!s->session->tlsext_tick)
2764 return (1); 2752 return (1);
2765 /* this function is called when we really expect a Certificate 2753 /* this function is called when we really expect a Certificate
2766 * message, so permit appropriate message length */ 2754 * message, so permit appropriate message length */
2767 n = ssl3_get_message(s, SSL3_ST_CR_CERT_A, 2755 if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_A,
2768 SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok); 2756 SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list)) <= 0)
2769 if (!ok) 2757 return ret;
2770 return ((int)n);
2771 2758
2772 S3I(s)->hs.tls12.reuse_message = 1; 2759 S3I(s)->hs.tls12.reuse_message = 1;
2773 if ((S3I(s)->hs.tls12.message_type == SSL3_MT_FINISHED) || 2760 if ((S3I(s)->hs.tls12.message_type == SSL3_MT_FINISHED) ||
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 6a6903d95b..62f874061e 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.360 2021/10/23 08:13:02 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.361 2021/10/23 08:34:36 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1365,7 +1365,7 @@ int ssl3_send_change_cipher_spec(SSL *s, int state_a, int state_b);
1365int ssl3_do_write(SSL *s, int type); 1365int ssl3_do_write(SSL *s, int type);
1366int ssl3_send_alert(SSL *s, int level, int desc); 1366int ssl3_send_alert(SSL *s, int level, int desc);
1367int ssl3_get_req_cert_types(SSL *s, CBB *cbb); 1367int ssl3_get_req_cert_types(SSL *s, CBB *cbb);
1368long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); 1368int ssl3_get_message(SSL *s, int st1, int stn, int mt, long max);
1369int ssl3_send_finished(SSL *s, int state_a, int state_b); 1369int ssl3_send_finished(SSL *s, int state_a, int state_b);
1370int ssl3_num_ciphers(void); 1370int ssl3_num_ciphers(void);
1371const SSL_CIPHER *ssl3_get_cipher(unsigned int u); 1371const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 3a37fc7e09..1bbe551b3c 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_srvr.c,v 1.119 2021/09/03 13:18:01 jsing Exp $ */ 1/* $OpenBSD: ssl_srvr.c,v 1.120 2021/10/23 08:34:36 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -779,8 +779,7 @@ ssl3_get_client_hello(SSL *s)
779 uint16_t client_version; 779 uint16_t client_version;
780 uint8_t comp_method; 780 uint8_t comp_method;
781 int comp_null; 781 int comp_null;
782 int i, j, ok, al, ret = -1, cookie_valid = 0; 782 int i, j, al, ret, cookie_valid = 0;
783 long n;
784 unsigned long id; 783 unsigned long id;
785 SSL_CIPHER *c; 784 SSL_CIPHER *c;
786 STACK_OF(SSL_CIPHER) *ciphers = NULL; 785 STACK_OF(SSL_CIPHER) *ciphers = NULL;
@@ -795,22 +794,22 @@ ssl3_get_client_hello(SSL *s)
795 * If we are SSLv3, we will respond with SSLv3, even if prompted with 794 * If we are SSLv3, we will respond with SSLv3, even if prompted with
796 * TLSv1. 795 * TLSv1.
797 */ 796 */
798 if (S3I(s)->hs.state == SSL3_ST_SR_CLNT_HELLO_A) { 797 if (S3I(s)->hs.state == SSL3_ST_SR_CLNT_HELLO_A)
799 S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_B; 798 S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_B;
800 }
801 799
802 s->internal->first_packet = 1; 800 s->internal->first_packet = 1;
803 n = ssl3_get_message(s, SSL3_ST_SR_CLNT_HELLO_B, 801 if ((ret = ssl3_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
804 SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO, 802 SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO,
805 SSL3_RT_MAX_PLAIN_LENGTH, &ok); 803 SSL3_RT_MAX_PLAIN_LENGTH)) <= 0)
806 if (!ok) 804 return ret;
807 return ((int)n);
808 s->internal->first_packet = 0; 805 s->internal->first_packet = 0;
809 806
810 if (n < 0) 807 ret = -1;
808
809 if (s->internal->init_num < 0)
811 goto err; 810 goto err;
812 811
813 CBS_init(&cbs, s->internal->init_msg, n); 812 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
814 813
815 /* Parse client hello up until the extensions (if any). */ 814 /* Parse client hello up until the extensions (if any). */
816 if (!CBS_get_u16(&cbs, &client_version)) 815 if (!CBS_get_u16(&cbs, &client_version))
@@ -2055,20 +2054,18 @@ int
2055ssl3_get_client_key_exchange(SSL *s) 2054ssl3_get_client_key_exchange(SSL *s)
2056{ 2055{
2057 unsigned long alg_k; 2056 unsigned long alg_k;
2058 int al, ok; 2057 int al, ret;
2059 CBS cbs; 2058 CBS cbs;
2060 long n;
2061 2059
2062 /* 2048 maxlen is a guess. How long a key does that permit? */ 2060 /* 2048 maxlen is a guess. How long a key does that permit? */
2063 n = ssl3_get_message(s, SSL3_ST_SR_KEY_EXCH_A, 2061 if ((ret = ssl3_get_message(s, SSL3_ST_SR_KEY_EXCH_A,
2064 SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok); 2062 SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048)) <= 0)
2065 if (!ok) 2063 return ret;
2066 return ((int)n);
2067 2064
2068 if (n < 0) 2065 if (s->internal->init_num < 0)
2069 goto err; 2066 goto err;
2070 2067
2071 CBS_init(&cbs, s->internal->init_msg, n); 2068 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
2072 2069
2073 alg_k = S3I(s)->hs.cipher->algorithm_mkey; 2070 alg_k = S3I(s)->hs.cipher->algorithm_mkey;
2074 2071
@@ -2113,24 +2110,24 @@ ssl3_get_cert_verify(SSL *s)
2113 EVP_PKEY *pkey = NULL; 2110 EVP_PKEY *pkey = NULL;
2114 X509 *peer = NULL; 2111 X509 *peer = NULL;
2115 EVP_MD_CTX mctx; 2112 EVP_MD_CTX mctx;
2116 int al, ok, verify; 2113 int al, verify;
2117 const unsigned char *hdata; 2114 const unsigned char *hdata;
2118 size_t hdatalen; 2115 size_t hdatalen;
2119 int type = 0; 2116 int type = 0;
2120 int ret = 0; 2117 int ret;
2121 long n;
2122 2118
2123 EVP_MD_CTX_init(&mctx); 2119 EVP_MD_CTX_init(&mctx);
2124 2120
2125 n = ssl3_get_message(s, SSL3_ST_SR_CERT_VRFY_A, 2121 if ((ret = ssl3_get_message(s, SSL3_ST_SR_CERT_VRFY_A,
2126 SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH, &ok); 2122 SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH)) <= 0)
2127 if (!ok) 2123 return ret;
2128 return ((int)n);
2129 2124
2130 if (n < 0) 2125 ret = 0;
2126
2127 if (s->internal->init_num < 0)
2131 goto err; 2128 goto err;
2132 2129
2133 CBS_init(&cbs, s->internal->init_msg, n); 2130 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
2134 2131
2135 if (s->session->peer != NULL) { 2132 if (s->session->peer != NULL) {
2136 peer = s->session->peer; 2133 peer = s->session->peer;
@@ -2329,16 +2326,16 @@ int
2329ssl3_get_client_certificate(SSL *s) 2326ssl3_get_client_certificate(SSL *s)
2330{ 2327{
2331 CBS cbs, client_certs; 2328 CBS cbs, client_certs;
2332 int i, ok, al, ret = -1;
2333 X509 *x = NULL; 2329 X509 *x = NULL;
2334 long n;
2335 const unsigned char *q; 2330 const unsigned char *q;
2336 STACK_OF(X509) *sk = NULL; 2331 STACK_OF(X509) *sk = NULL;
2332 int i, al, ret;
2333
2334 if ((ret = ssl3_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
2335 -1, s->internal->max_cert_list)) <= 0)
2336 return ret;
2337 2337
2338 n = ssl3_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B, 2338 ret = -1;
2339 -1, s->internal->max_cert_list, &ok);
2340 if (!ok)
2341 return ((int)n);
2342 2339
2343 if (S3I(s)->hs.tls12.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) { 2340 if (S3I(s)->hs.tls12.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
2344 if ((s->verify_mode & SSL_VERIFY_PEER) && 2341 if ((s->verify_mode & SSL_VERIFY_PEER) &&
@@ -2367,10 +2364,10 @@ ssl3_get_client_certificate(SSL *s)
2367 goto fatal_err; 2364 goto fatal_err;
2368 } 2365 }
2369 2366
2370 if (n < 0) 2367 if (s->internal->init_num < 0)
2371 goto decode_err; 2368 goto decode_err;
2372 2369
2373 CBS_init(&cbs, s->internal->init_msg, n); 2370 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
2374 2371
2375 if ((sk = sk_X509_new_null()) == NULL) { 2372 if ((sk = sk_X509_new_null()) == NULL) {
2376 SSLerror(s, ERR_R_MALLOC_FAILURE); 2373 SSLerror(s, ERR_R_MALLOC_FAILURE);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 04:22:32 +0000