1 files changed, 18 insertions, 18 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 330f9176d8..0496985351 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.129 2021/12/26 15:10:59 tb Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.130 2022/01/04 12:53:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1361,7 +1361,7 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
 err:
        DH_free(dh);
-        return -1;
+        return 0;
 }
 static int
@@ -1417,12 +1417,12 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
        if (!CBB_flush(cbb))
                goto err;
-        return (1);
+        return 1;
 fatal_err:
        ssl3_send_alert(s, SSL3_AL_FATAL, al);
 err:
-        return (-1);
+        return 0;
 }
 static int
@@ -1431,7 +1431,7 @@ ssl3_send_server_kex_ecdhe_ecx(SSL *s, int nid, CBB *cbb)
        uint8_t *public_key = NULL, *private_key = NULL;
        uint16_t curve_id;
        CBB ecpoint;
-        int ret = -1;
+        int ret = 0;
        /* Generate an X25519 key pair. */
        if (S3I(s)->tmp.x25519 != NULL) {
@@ -1469,7 +1469,7 @@ ssl3_send_server_kex_ecdhe_ecx(SSL *s, int nid, CBB *cbb)
        free(public_key);
        freezero(private_key, X25519_KEY_LENGTH);
-        return (ret);
+        return ret;
 }
 static int
@@ -1518,10 +1518,10 @@ ssl3_send_server_key_exchange(SSL *s)
                type = S3I(s)->hs.cipher->algorithm_mkey;
                if (type & SSL_kDHE) {
-                        if (ssl3_send_server_kex_dhe(s, &cbb_params) != 1)
+                        if (!ssl3_send_server_kex_dhe(s, &cbb_params))
                                goto err;
                } else if (type & SSL_kECDHE) {
-                        if (ssl3_send_server_kex_ecdhe(s, &cbb_params) != 1)
+                        if (!ssl3_send_server_kex_ecdhe(s, &cbb_params))
                                goto err;
                } else {
                        al = SSL_AD_HANDSHAKE_FAILURE;
@@ -1775,7 +1775,7 @@ ssl3_get_client_kex_rsa(SSL *s, CBS *cbs)
        freezero(pms, pms_len);
-        return (1);
+        return 1;
 decode_err:
        al = SSL_AD_DECODE_ERROR;
@@ -1785,7 +1785,7 @@ ssl3_get_client_kex_rsa(SSL *s, CBS *cbs)
 err:
        freezero(pms, pms_len);
-        return (-1);
+        return 0;
 }
 static int
@@ -1796,7 +1796,7 @@ ssl3_get_client_kex_dhe(SSL *s, CBS *cbs)
        int invalid_key;
        uint8_t *key = NULL;
        size_t key_len = 0;
-        int ret = -1;
+        int ret = 0;
        if ((dh_srvr = S3I(s)->tmp.dh) == NULL) {
                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
@@ -1844,7 +1844,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, CBS *cbs)
        EC_KEY *ecdh_peer = NULL;
        EC_KEY *ecdh;
        CBS public;
-        int ret = -1;
+        int ret = 0;
        /*
         * Use the ephemeral values we saved when generating the
@@ -1887,7 +1887,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, CBS *cbs)
        freezero(key, key_len);
        EC_KEY_free(ecdh_peer);
-        return (ret);
+        return ret;
 }
 static int
@@ -1895,7 +1895,7 @@ ssl3_get_client_kex_ecdhe_ecx(SSL *s, CBS *cbs)
 {
        uint8_t *shared_key = NULL;
        CBS ecpoint;
-        int ret = -1;
+        int ret = 0;
        if (!CBS_get_u8_length_prefixed(cbs, &ecpoint))
                goto err;
@@ -1920,7 +1920,7 @@ ssl3_get_client_kex_ecdhe_ecx(SSL *s, CBS *cbs)
 err:
        freezero(shared_key, X25519_KEY_LENGTH);
-        return (ret);
+        return ret;
 }
 static int
@@ -2023,13 +2023,13 @@ ssl3_get_client_key_exchange(SSL *s)
        alg_k = S3I(s)->hs.cipher->algorithm_mkey;
        if (alg_k & SSL_kRSA) {
-                if (ssl3_get_client_kex_rsa(s, &cbs) != 1)
+                if (!ssl3_get_client_kex_rsa(s, &cbs))
                        goto err;
        } else if (alg_k & SSL_kDHE) {
-                if (ssl3_get_client_kex_dhe(s, &cbs) != 1)
+                if (!ssl3_get_client_kex_dhe(s, &cbs))
                        goto err;
        } else if (alg_k & SSL_kECDHE) {
-                if (ssl3_get_client_kex_ecdhe(s, &cbs) != 1)
+                if (!ssl3_get_client_kex_ecdhe(s, &cbs))
                        goto err;
        } else if (alg_k & SSL_kGOST) {
                if (ssl3_get_client_kex_gost(s, &cbs) != 1)

diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 330f9176d8..0496985351 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.129 2021/12/26 15:10:59 tb Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.130 2022/01/04 12:53:31 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1361,7 +1361,7 @@ ssl3_send_server_kex_dhe(SSL s, CBB cbb)
1361	err:	1361	err:
1362	DH_free(dh);	1362	DH_free(dh);
1363		1363
1364	return -1;	1364	return 0;
1365	}	1365	}
1366		1366
1367	static int	1367	static int
@@ -1417,12 +1417,12 @@ ssl3_send_server_kex_ecdhe_ecp(SSL s, int nid, CBB cbb)
1417	if (!CBB_flush(cbb))	1417	if (!CBB_flush(cbb))
1418	goto err;	1418	goto err;
1419		1419
1420	return (1);	1420	return 1;
1421		1421
1422	fatal_err:	1422	fatal_err:
1423	ssl3_send_alert(s, SSL3_AL_FATAL, al);	1423	ssl3_send_alert(s, SSL3_AL_FATAL, al);
1424	err:	1424	err:
1425	return (-1);	1425	return 0;
1426	}	1426	}
1427		1427
1428	static int	1428	static int
@@ -1431,7 +1431,7 @@ ssl3_send_server_kex_ecdhe_ecx(SSL s, int nid, CBB cbb)
1431	uint8_t public_key = NULL, private_key = NULL;	1431	uint8_t public_key = NULL, private_key = NULL;
1432	uint16_t curve_id;	1432	uint16_t curve_id;
1433	CBB ecpoint;	1433	CBB ecpoint;
1434	int ret = -1;	1434	int ret = 0;
1435		1435
1436	/* Generate an X25519 key pair. */	1436	/* Generate an X25519 key pair. */
1437	if (S3I(s)->tmp.x25519 != NULL) {	1437	if (S3I(s)->tmp.x25519 != NULL) {
@@ -1469,7 +1469,7 @@ ssl3_send_server_kex_ecdhe_ecx(SSL s, int nid, CBB cbb)
1469	free(public_key);	1469	free(public_key);
1470	freezero(private_key, X25519_KEY_LENGTH);	1470	freezero(private_key, X25519_KEY_LENGTH);
1471		1471
1472	return (ret);	1472	return ret;
1473	}	1473	}
1474		1474
1475	static int	1475	static int
@@ -1518,10 +1518,10 @@ ssl3_send_server_key_exchange(SSL *s)
1518		1518
1519	type = S3I(s)->hs.cipher->algorithm_mkey;	1519	type = S3I(s)->hs.cipher->algorithm_mkey;
1520	if (type & SSL_kDHE) {	1520	if (type & SSL_kDHE) {
1521	if (ssl3_send_server_kex_dhe(s, &cbb_params) != 1)	1521	if (!ssl3_send_server_kex_dhe(s, &cbb_params))
1522	goto err;	1522	goto err;
1523	} else if (type & SSL_kECDHE) {	1523	} else if (type & SSL_kECDHE) {
1524	if (ssl3_send_server_kex_ecdhe(s, &cbb_params) != 1)	1524	if (!ssl3_send_server_kex_ecdhe(s, &cbb_params))
1525	goto err;	1525	goto err;
1526	} else {	1526	} else {
1527	al = SSL_AD_HANDSHAKE_FAILURE;	1527	al = SSL_AD_HANDSHAKE_FAILURE;
@@ -1775,7 +1775,7 @@ ssl3_get_client_kex_rsa(SSL s, CBS cbs)
1775		1775
1776	freezero(pms, pms_len);	1776	freezero(pms, pms_len);
1777		1777
1778	return (1);	1778	return 1;
1779		1779
1780	decode_err:	1780	decode_err:
1781	al = SSL_AD_DECODE_ERROR;	1781	al = SSL_AD_DECODE_ERROR;
@@ -1785,7 +1785,7 @@ ssl3_get_client_kex_rsa(SSL s, CBS cbs)
1785	err:	1785	err:
1786	freezero(pms, pms_len);	1786	freezero(pms, pms_len);
1787		1787
1788	return (-1);	1788	return 0;
1789	}	1789	}
1790		1790
1791	static int	1791	static int
@@ -1796,7 +1796,7 @@ ssl3_get_client_kex_dhe(SSL s, CBS cbs)
1796	int invalid_key;	1796	int invalid_key;
1797	uint8_t *key = NULL;	1797	uint8_t *key = NULL;
1798	size_t key_len = 0;	1798	size_t key_len = 0;
1799	int ret = -1;	1799	int ret = 0;
1800		1800
1801	if ((dh_srvr = S3I(s)->tmp.dh) == NULL) {	1801	if ((dh_srvr = S3I(s)->tmp.dh) == NULL) {
1802	ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);	1802	ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
@@ -1844,7 +1844,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL s, CBS cbs)
1844	EC_KEY *ecdh_peer = NULL;	1844	EC_KEY *ecdh_peer = NULL;
1845	EC_KEY *ecdh;	1845	EC_KEY *ecdh;
1846	CBS public;	1846	CBS public;
1847	int ret = -1;	1847	int ret = 0;
1848		1848
1849	/*	1849	/*
1850	* Use the ephemeral values we saved when generating the	1850	* Use the ephemeral values we saved when generating the
@@ -1887,7 +1887,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL s, CBS cbs)
1887	freezero(key, key_len);	1887	freezero(key, key_len);
1888	EC_KEY_free(ecdh_peer);	1888	EC_KEY_free(ecdh_peer);
1889		1889
1890	return (ret);	1890	return ret;
1891	}	1891	}
1892		1892
1893	static int	1893	static int
@@ -1895,7 +1895,7 @@ ssl3_get_client_kex_ecdhe_ecx(SSL s, CBS cbs)
1895	{	1895	{
1896	uint8_t *shared_key = NULL;	1896	uint8_t *shared_key = NULL;
1897	CBS ecpoint;	1897	CBS ecpoint;
1898	int ret = -1;	1898	int ret = 0;
1899		1899
1900	if (!CBS_get_u8_length_prefixed(cbs, &ecpoint))	1900	if (!CBS_get_u8_length_prefixed(cbs, &ecpoint))
1901	goto err;	1901	goto err;
@@ -1920,7 +1920,7 @@ ssl3_get_client_kex_ecdhe_ecx(SSL s, CBS cbs)
1920	err:	1920	err:
1921	freezero(shared_key, X25519_KEY_LENGTH);	1921	freezero(shared_key, X25519_KEY_LENGTH);
1922		1922
1923	return (ret);	1923	return ret;
1924	}	1924	}
1925		1925
1926	static int	1926	static int
@@ -2023,13 +2023,13 @@ ssl3_get_client_key_exchange(SSL *s)
2023	alg_k = S3I(s)->hs.cipher->algorithm_mkey;	2023	alg_k = S3I(s)->hs.cipher->algorithm_mkey;
2024		2024
2025	if (alg_k & SSL_kRSA) {	2025	if (alg_k & SSL_kRSA) {
2026	if (ssl3_get_client_kex_rsa(s, &cbs) != 1)	2026	if (!ssl3_get_client_kex_rsa(s, &cbs))
2027	goto err;	2027	goto err;
2028	} else if (alg_k & SSL_kDHE) {	2028	} else if (alg_k & SSL_kDHE) {
2029	if (ssl3_get_client_kex_dhe(s, &cbs) != 1)	2029	if (!ssl3_get_client_kex_dhe(s, &cbs))
2030	goto err;	2030	goto err;
2031	} else if (alg_k & SSL_kECDHE) {	2031	} else if (alg_k & SSL_kECDHE) {
2032	if (ssl3_get_client_kex_ecdhe(s, &cbs) != 1)	2032	if (!ssl3_get_client_kex_ecdhe(s, &cbs))
2033	goto err;	2033	goto err;
2034	} else if (alg_k & SSL_kGOST) {	2034	} else if (alg_k & SSL_kGOST) {
2035	if (ssl3_get_client_kex_gost(s, &cbs) != 1)	2035	if (ssl3_get_client_kex_gost(s, &cbs) != 1)