summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_both.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_both.c')
-rw-r--r--src/lib/libssl/ssl_both.c31
1 files changed, 12 insertions, 19 deletions
diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c
index f3d50d6f9c..637f34582f 100644
--- a/src/lib/libssl/ssl_both.c
+++ b/src/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_both.c,v 1.35 2021/09/03 13:19:12 jsing Exp $ */ 1/* $OpenBSD: ssl_both.c,v 1.36 2021/10/23 08:34:36 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -208,14 +208,12 @@ ssl3_send_finished(SSL *s, int state_a, int state_b)
208int 208int
209ssl3_get_finished(SSL *s, int a, int b) 209ssl3_get_finished(SSL *s, int a, int b)
210{ 210{
211 int al, ok, md_len; 211 int al, md_len, ret;
212 long n;
213 CBS cbs; 212 CBS cbs;
214 213
215 /* should actually be 36+4 :-) */ 214 /* should actually be 36+4 :-) */
216 n = ssl3_get_message(s, a, b, SSL3_MT_FINISHED, 64, &ok); 215 if ((ret = ssl3_get_message(s, a, b, SSL3_MT_FINISHED, 64)) <= 0)
217 if (!ok) 216 return ret;
218 return ((int)n);
219 217
220 /* If this occurs, we have missed a message */ 218 /* If this occurs, we have missed a message */
221 if (!S3I(s)->change_cipher_spec) { 219 if (!S3I(s)->change_cipher_spec) {
@@ -227,13 +225,13 @@ ssl3_get_finished(SSL *s, int a, int b)
227 225
228 md_len = TLS1_FINISH_MAC_LENGTH; 226 md_len = TLS1_FINISH_MAC_LENGTH;
229 227
230 if (n < 0) { 228 if (s->internal->init_num < 0) {
231 al = SSL_AD_DECODE_ERROR; 229 al = SSL_AD_DECODE_ERROR;
232 SSLerror(s, SSL_R_BAD_DIGEST_LENGTH); 230 SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
233 goto fatal_err; 231 goto fatal_err;
234 } 232 }
235 233
236 CBS_init(&cbs, s->internal->init_msg, n); 234 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
237 235
238 if (S3I(s)->hs.peer_finished_len != md_len || 236 if (S3I(s)->hs.peer_finished_len != md_len ||
239 CBS_len(&cbs) != md_len) { 237 CBS_len(&cbs) != md_len) {
@@ -397,8 +395,8 @@ ssl3_output_cert_chain(SSL *s, CBB *cbb, CERT_PKEY *cpk)
397 * The first four bytes (msg_type and length) are read in state 'st1', 395 * The first four bytes (msg_type and length) are read in state 'st1',
398 * the body is read in state 'stn'. 396 * the body is read in state 'stn'.
399 */ 397 */
400long 398int
401ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) 399ssl3_get_message(SSL *s, int st1, int stn, int mt, long max)
402{ 400{
403 unsigned char *p; 401 unsigned char *p;
404 uint32_t l; 402 uint32_t l;
@@ -408,7 +406,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
408 uint8_t u8; 406 uint8_t u8;
409 407
410 if (SSL_is_dtls(s)) 408 if (SSL_is_dtls(s))
411 return (dtls1_get_message(s, st1, stn, mt, max, ok)); 409 return dtls1_get_message(s, st1, stn, mt, max);
412 410
413 if (S3I(s)->hs.tls12.reuse_message) { 411 if (S3I(s)->hs.tls12.reuse_message) {
414 S3I(s)->hs.tls12.reuse_message = 0; 412 S3I(s)->hs.tls12.reuse_message = 0;
@@ -417,11 +415,10 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
417 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); 415 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
418 goto fatal_err; 416 goto fatal_err;
419 } 417 }
420 *ok = 1;
421 s->internal->init_msg = s->internal->init_buf->data + 418 s->internal->init_msg = s->internal->init_buf->data +
422 SSL3_HM_HEADER_LENGTH; 419 SSL3_HM_HEADER_LENGTH;
423 s->internal->init_num = (int)S3I(s)->hs.tls12.message_size; 420 s->internal->init_num = (int)S3I(s)->hs.tls12.message_size;
424 return s->internal->init_num; 421 return 1;
425 } 422 }
426 423
427 p = (unsigned char *)s->internal->init_buf->data; 424 p = (unsigned char *)s->internal->init_buf->data;
@@ -436,7 +433,6 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
436 SSL3_HM_HEADER_LENGTH - s->internal->init_num, 0); 433 SSL3_HM_HEADER_LENGTH - s->internal->init_num, 0);
437 if (i <= 0) { 434 if (i <= 0) {
438 s->internal->rwstate = SSL_READING; 435 s->internal->rwstate = SSL_READING;
439 *ok = 0;
440 return i; 436 return i;
441 } 437 }
442 s->internal->init_num += i; 438 s->internal->init_num += i;
@@ -501,7 +497,6 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
501 &p[s->internal->init_num], n, 0); 497 &p[s->internal->init_num], n, 0);
502 if (i <= 0) { 498 if (i <= 0) {
503 s->internal->rwstate = SSL_READING; 499 s->internal->rwstate = SSL_READING;
504 *ok = 0;
505 return i; 500 return i;
506 } 501 }
507 s->internal->init_num += i; 502 s->internal->init_num += i;
@@ -518,14 +513,12 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
518 (size_t)s->internal->init_num + SSL3_HM_HEADER_LENGTH); 513 (size_t)s->internal->init_num + SSL3_HM_HEADER_LENGTH);
519 } 514 }
520 515
521 *ok = 1; 516 return 1;
522 return (s->internal->init_num);
523 517
524 fatal_err: 518 fatal_err:
525 ssl3_send_alert(s, SSL3_AL_FATAL, al); 519 ssl3_send_alert(s, SSL3_AL_FATAL, al);
526 err: 520 err:
527 *ok = 0; 521 return -1;
528 return (-1);
529} 522}
530 523
531int 524int
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-15 08:08:06 +0000