summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libssl/d1_both.c5
-rw-r--r--src/lib/libssl/d1_clnt.c8
-rw-r--r--src/lib/libssl/d1_pkt.c6
-rw-r--r--src/lib/libssl/s23_srvr.c9
-rw-r--r--src/lib/libssl/s3_both.c21
-rw-r--r--src/lib/libssl/s3_lib.c6
-rw-r--r--src/lib/libssl/src/ssl/d1_both.c5
-rw-r--r--src/lib/libssl/src/ssl/d1_clnt.c8
-rw-r--r--src/lib/libssl/src/ssl/d1_pkt.c6
-rw-r--r--src/lib/libssl/src/ssl/s23_srvr.c9
-rw-r--r--src/lib/libssl/src/ssl/s3_both.c21
-rw-r--r--src/lib/libssl/src/ssl/s3_enc.c6
-rw-r--r--src/lib/libssl/src/ssl/s3_lib.c6
-rw-r--r--src/lib/libssl/src/ssl/t1_enc.c7
-rw-r--r--src/lib/libssl/t1_enc.c7
15 files changed, 59 insertions, 71 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index e25f69dbb6..2391d52994 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_both.c,v 1.24 2014/07/10 08:51:14 tedu Exp $ */ 1/* $OpenBSD: d1_both.c,v 1.25 2014/08/07 19:46:31 miod Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -903,6 +903,7 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
903 903
904 i = s->method->ssl3_enc->final_finish_mac(s, sender, slen, 904 i = s->method->ssl3_enc->final_finish_mac(s, sender, slen,
905 s->s3->tmp.finish_md); 905 s->s3->tmp.finish_md);
906 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
906 s->s3->tmp.finish_md_len = i; 907 s->s3->tmp.finish_md_len = i;
907 memcpy(p, s->s3->tmp.finish_md, i); 908 memcpy(p, s->s3->tmp.finish_md, i);
908 p += i; 909 p += i;
@@ -913,12 +914,10 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
913 * renegotiation checks 914 * renegotiation checks
914 */ 915 */
915 if (s->type == SSL_ST_CONNECT) { 916 if (s->type == SSL_ST_CONNECT) {
916 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
917 memcpy(s->s3->previous_client_finished, 917 memcpy(s->s3->previous_client_finished,
918 s->s3->tmp.finish_md, i); 918 s->s3->tmp.finish_md, i);
919 s->s3->previous_client_finished_len = i; 919 s->s3->previous_client_finished_len = i;
920 } else { 920 } else {
921 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
922 memcpy(s->s3->previous_server_finished, 921 memcpy(s->s3->previous_server_finished,
923 s->s3->tmp.finish_md, i); 922 s->s3->tmp.finish_md, i);
924 s->s3->previous_server_finished_len = i; 923 s->s3->previous_server_finished_len = i;
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 552667f6c1..165f9441f6 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.31 2014/07/12 22:33:39 jsing Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.32 2014/08/07 19:46:31 miod Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -778,8 +778,9 @@ dtls1_client_hello(SSL *s)
778 778
779 /* if client_random is initialized, reuse it, we are 779 /* if client_random is initialized, reuse it, we are
780 * required to use same upon reply to HelloVerify */ 780 * required to use same upon reply to HelloVerify */
781 for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++) 781 for (i = 0; i < sizeof(s->s3->client_random); i++)
782 ; 782 if (p[i] != '\0')
783 break;
783 if (i == sizeof(s->s3->client_random)) 784 if (i == sizeof(s->s3->client_random))
784 RAND_pseudo_bytes(p, sizeof(s->s3->client_random)); 785 RAND_pseudo_bytes(p, sizeof(s->s3->client_random));
785 786
@@ -1338,7 +1339,6 @@ dtls1_send_client_certificate(SSL *s)
1338 /* If we get an error, we need to 1339 /* If we get an error, we need to
1339 * ssl->rwstate=SSL_X509_LOOKUP; return(-1); 1340 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
1340 * We then get retied later */ 1341 * We then get retied later */
1341 i = 0;
1342 i = ssl_do_client_cert_cb(s, &x509, &pkey); 1342 i = ssl_do_client_cert_cb(s, &x509, &pkey);
1343 if (i < 0) { 1343 if (i < 0) {
1344 s->rwstate = SSL_X509_LOOKUP; 1344 s->rwstate = SSL_X509_LOOKUP;
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index c9ffab1f3c..5be89f0955 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_pkt.c,v 1.32 2014/07/10 08:51:14 tedu Exp $ */ 1/* $OpenBSD: d1_pkt.c,v 1.33 2014/08/07 19:46:31 miod Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -414,10 +414,12 @@ dtls1_process_record(SSL *s)
414 } 414 }
415 415
416 i = s->method->ssl3_enc->mac(s, md, 0 /* not send */); 416 i = s->method->ssl3_enc->mac(s, md, 0 /* not send */);
417 if (i < 0 || mac == NULL || timingsafe_memcmp(md, mac, (size_t)mac_size) != 0) 417 if (i < 0 || mac == NULL ||
418 timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)
418 enc_err = -1; 419 enc_err = -1;
419 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) 420 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
420 enc_err = -1; 421 enc_err = -1;
422 OPENSSL_cleanse(&md, sizeof md);
421 } 423 }
422 424
423 if (enc_err < 0) { 425 if (enc_err < 0) {
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index ee977130fb..5f8ffa8eaf 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s23_srvr.c,v 1.32 2014/08/07 04:49:53 deraadt Exp $ */ 1/* $OpenBSD: s23_srvr.c,v 1.33 2014/08/07 19:46:31 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -448,11 +448,8 @@ ssl23_get_client_hello(SSL *s)
448 } 448 }
449 449
450 j = ssl23_read_bytes(s, n + 2); 450 j = ssl23_read_bytes(s, n + 2);
451 /* We previously read 11 bytes, so if j > 0, we must have 451 if (j != n + 2)
452 * j == n+2 == s->packet_length. We have at least 11 valid 452 return -1;
453 * packet bytes. */
454 if (j <= 0)
455 return (j);
456 453
457 ssl3_finish_mac(s, s->packet + 2, s->packet_length - 2); 454 ssl3_finish_mac(s, s->packet + 2, s->packet_length - 2);
458 if (s->msg_callback) 455 if (s->msg_callback)
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index 500387e372..afcaca3c43 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_both.c,v 1.26 2014/07/10 08:51:14 tedu Exp $ */ 1/* $OpenBSD: s3_both.c,v 1.27 2014/08/07 19:46:31 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -161,7 +161,7 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
161 p = &(d[4]); 161 p = &(d[4]);
162 162
163 i = s->method->ssl3_enc->final_finish_mac(s, 163 i = s->method->ssl3_enc->final_finish_mac(s,
164 sender, slen, s->s3->tmp.finish_md); 164 sender, slen, s->s3->tmp.finish_md);
165 if (i == 0) 165 if (i == 0)
166 return 0; 166 return 0;
167 s->s3->tmp.finish_md_len = i; 167 s->s3->tmp.finish_md_len = i;
@@ -171,15 +171,14 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
171 171
172 /* Copy the finished so we can use it for 172 /* Copy the finished so we can use it for
173 renegotiation checks */ 173 renegotiation checks */
174 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
174 if (s->type == SSL_ST_CONNECT) { 175 if (s->type == SSL_ST_CONNECT) {
175 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
176 memcpy(s->s3->previous_client_finished, 176 memcpy(s->s3->previous_client_finished,
177 s->s3->tmp.finish_md, i); 177 s->s3->tmp.finish_md, i);
178 s->s3->previous_client_finished_len = i; 178 s->s3->previous_client_finished_len = i;
179 } else { 179 } else {
180 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
181 memcpy(s->s3->previous_server_finished, 180 memcpy(s->s3->previous_server_finished,
182 s->s3->tmp.finish_md, i); 181 s->s3->tmp.finish_md, i);
183 s->s3->previous_server_finished_len = i; 182 s->s3->previous_server_finished_len = i;
184 } 183 }
185 184
@@ -216,7 +215,7 @@ ssl3_take_mac(SSL *s)
216 } 215 }
217 216
218 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, 217 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
219 sender, slen, s->s3->tmp.peer_finish_md); 218 sender, slen, s->s3->tmp.peer_finish_md);
220} 219}
221#endif 220#endif
222 221
@@ -250,7 +249,7 @@ ssl3_get_finished(SSL *s, int a, int b)
250 p = (unsigned char *)s->init_msg; 249 p = (unsigned char *)s->init_msg;
251 i = s->s3->tmp.peer_finish_md_len; 250 i = s->s3->tmp.peer_finish_md_len;
252 251
253 if (i != n) { 252 if (i != n || i > EVP_MAX_MD_SIZE) {
254 al = SSL_AD_DECODE_ERROR; 253 al = SSL_AD_DECODE_ERROR;
255 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH); 254 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
256 goto f_err; 255 goto f_err;
@@ -265,14 +264,12 @@ ssl3_get_finished(SSL *s, int a, int b)
265 /* Copy the finished so we can use it for 264 /* Copy the finished so we can use it for
266 renegotiation checks */ 265 renegotiation checks */
267 if (s->type == SSL_ST_ACCEPT) { 266 if (s->type == SSL_ST_ACCEPT) {
268 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
269 memcpy(s->s3->previous_client_finished, 267 memcpy(s->s3->previous_client_finished,
270 s->s3->tmp.peer_finish_md, i); 268 s->s3->tmp.peer_finish_md, i);
271 s->s3->previous_client_finished_len = i; 269 s->s3->previous_client_finished_len = i;
272 } else { 270 } else {
273 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
274 memcpy(s->s3->previous_server_finished, 271 memcpy(s->s3->previous_server_finished,
275 s->s3->tmp.peer_finish_md, i); 272 s->s3->tmp.peer_finish_md, i);
276 s->s3->previous_server_finished_len = i; 273 s->s3->previous_server_finished_len = i;
277 } 274 }
278 275
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 8a40b758a9..aa091f51c7 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.71 2014/07/13 16:03:10 beck Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.72 2014/08/07 19:46:31 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2333,7 +2333,7 @@ ssl3_new(SSL *s)
2333 SSL3_STATE *s3; 2333 SSL3_STATE *s3;
2334 2334
2335 if ((s3 = calloc(1, sizeof *s3)) == NULL) 2335 if ((s3 = calloc(1, sizeof *s3)) == NULL)
2336 goto err; 2336 return 0;
2337 memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num)); 2337 memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
2338 memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num)); 2338 memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
2339 2339
@@ -2341,8 +2341,6 @@ ssl3_new(SSL *s)
2341 2341
2342 s->method->ssl_clear(s); 2342 s->method->ssl_clear(s);
2343 return (1); 2343 return (1);
2344err:
2345 return (0);
2346} 2344}
2347 2345
2348void 2346void
diff --git a/src/lib/libssl/src/ssl/d1_both.c b/src/lib/libssl/src/ssl/d1_both.c
index e25f69dbb6..2391d52994 100644
--- a/src/lib/libssl/src/ssl/d1_both.c
+++ b/src/lib/libssl/src/ssl/d1_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_both.c,v 1.24 2014/07/10 08:51:14 tedu Exp $ */ 1/* $OpenBSD: d1_both.c,v 1.25 2014/08/07 19:46:31 miod Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -903,6 +903,7 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
903 903
904 i = s->method->ssl3_enc->final_finish_mac(s, sender, slen, 904 i = s->method->ssl3_enc->final_finish_mac(s, sender, slen,
905 s->s3->tmp.finish_md); 905 s->s3->tmp.finish_md);
906 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
906 s->s3->tmp.finish_md_len = i; 907 s->s3->tmp.finish_md_len = i;
907 memcpy(p, s->s3->tmp.finish_md, i); 908 memcpy(p, s->s3->tmp.finish_md, i);
908 p += i; 909 p += i;
@@ -913,12 +914,10 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
913 * renegotiation checks 914 * renegotiation checks
914 */ 915 */
915 if (s->type == SSL_ST_CONNECT) { 916 if (s->type == SSL_ST_CONNECT) {
916 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
917 memcpy(s->s3->previous_client_finished, 917 memcpy(s->s3->previous_client_finished,
918 s->s3->tmp.finish_md, i); 918 s->s3->tmp.finish_md, i);
919 s->s3->previous_client_finished_len = i; 919 s->s3->previous_client_finished_len = i;
920 } else { 920 } else {
921 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
922 memcpy(s->s3->previous_server_finished, 921 memcpy(s->s3->previous_server_finished,
923 s->s3->tmp.finish_md, i); 922 s->s3->tmp.finish_md, i);
924 s->s3->previous_server_finished_len = i; 923 s->s3->previous_server_finished_len = i;
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index 552667f6c1..165f9441f6 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.31 2014/07/12 22:33:39 jsing Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.32 2014/08/07 19:46:31 miod Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -778,8 +778,9 @@ dtls1_client_hello(SSL *s)
778 778
779 /* if client_random is initialized, reuse it, we are 779 /* if client_random is initialized, reuse it, we are
780 * required to use same upon reply to HelloVerify */ 780 * required to use same upon reply to HelloVerify */
781 for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++) 781 for (i = 0; i < sizeof(s->s3->client_random); i++)
782 ; 782 if (p[i] != '\0')
783 break;
783 if (i == sizeof(s->s3->client_random)) 784 if (i == sizeof(s->s3->client_random))
784 RAND_pseudo_bytes(p, sizeof(s->s3->client_random)); 785 RAND_pseudo_bytes(p, sizeof(s->s3->client_random));
785 786
@@ -1338,7 +1339,6 @@ dtls1_send_client_certificate(SSL *s)
1338 /* If we get an error, we need to 1339 /* If we get an error, we need to
1339 * ssl->rwstate=SSL_X509_LOOKUP; return(-1); 1340 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
1340 * We then get retied later */ 1341 * We then get retied later */
1341 i = 0;
1342 i = ssl_do_client_cert_cb(s, &x509, &pkey); 1342 i = ssl_do_client_cert_cb(s, &x509, &pkey);
1343 if (i < 0) { 1343 if (i < 0) {
1344 s->rwstate = SSL_X509_LOOKUP; 1344 s->rwstate = SSL_X509_LOOKUP;
diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c
index c9ffab1f3c..5be89f0955 100644
--- a/src/lib/libssl/src/ssl/d1_pkt.c
+++ b/src/lib/libssl/src/ssl/d1_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_pkt.c,v 1.32 2014/07/10 08:51:14 tedu Exp $ */ 1/* $OpenBSD: d1_pkt.c,v 1.33 2014/08/07 19:46:31 miod Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -414,10 +414,12 @@ dtls1_process_record(SSL *s)
414 } 414 }
415 415
416 i = s->method->ssl3_enc->mac(s, md, 0 /* not send */); 416 i = s->method->ssl3_enc->mac(s, md, 0 /* not send */);
417 if (i < 0 || mac == NULL || timingsafe_memcmp(md, mac, (size_t)mac_size) != 0) 417 if (i < 0 || mac == NULL ||
418 timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)
418 enc_err = -1; 419 enc_err = -1;
419 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) 420 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
420 enc_err = -1; 421 enc_err = -1;
422 OPENSSL_cleanse(&md, sizeof md);
421 } 423 }
422 424
423 if (enc_err < 0) { 425 if (enc_err < 0) {
diff --git a/src/lib/libssl/src/ssl/s23_srvr.c b/src/lib/libssl/src/ssl/s23_srvr.c
index ee977130fb..5f8ffa8eaf 100644
--- a/src/lib/libssl/src/ssl/s23_srvr.c
+++ b/src/lib/libssl/src/ssl/s23_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s23_srvr.c,v 1.32 2014/08/07 04:49:53 deraadt Exp $ */ 1/* $OpenBSD: s23_srvr.c,v 1.33 2014/08/07 19:46:31 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -448,11 +448,8 @@ ssl23_get_client_hello(SSL *s)
448 } 448 }
449 449
450 j = ssl23_read_bytes(s, n + 2); 450 j = ssl23_read_bytes(s, n + 2);
451 /* We previously read 11 bytes, so if j > 0, we must have 451 if (j != n + 2)
452 * j == n+2 == s->packet_length. We have at least 11 valid 452 return -1;
453 * packet bytes. */
454 if (j <= 0)
455 return (j);
456 453
457 ssl3_finish_mac(s, s->packet + 2, s->packet_length - 2); 454 ssl3_finish_mac(s, s->packet + 2, s->packet_length - 2);
458 if (s->msg_callback) 455 if (s->msg_callback)
diff --git a/src/lib/libssl/src/ssl/s3_both.c b/src/lib/libssl/src/ssl/s3_both.c
index 500387e372..afcaca3c43 100644
--- a/src/lib/libssl/src/ssl/s3_both.c
+++ b/src/lib/libssl/src/ssl/s3_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_both.c,v 1.26 2014/07/10 08:51:14 tedu Exp $ */ 1/* $OpenBSD: s3_both.c,v 1.27 2014/08/07 19:46:31 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -161,7 +161,7 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
161 p = &(d[4]); 161 p = &(d[4]);
162 162
163 i = s->method->ssl3_enc->final_finish_mac(s, 163 i = s->method->ssl3_enc->final_finish_mac(s,
164 sender, slen, s->s3->tmp.finish_md); 164 sender, slen, s->s3->tmp.finish_md);
165 if (i == 0) 165 if (i == 0)
166 return 0; 166 return 0;
167 s->s3->tmp.finish_md_len = i; 167 s->s3->tmp.finish_md_len = i;
@@ -171,15 +171,14 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
171 171
172 /* Copy the finished so we can use it for 172 /* Copy the finished so we can use it for
173 renegotiation checks */ 173 renegotiation checks */
174 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
174 if (s->type == SSL_ST_CONNECT) { 175 if (s->type == SSL_ST_CONNECT) {
175 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
176 memcpy(s->s3->previous_client_finished, 176 memcpy(s->s3->previous_client_finished,
177 s->s3->tmp.finish_md, i); 177 s->s3->tmp.finish_md, i);
178 s->s3->previous_client_finished_len = i; 178 s->s3->previous_client_finished_len = i;
179 } else { 179 } else {
180 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
181 memcpy(s->s3->previous_server_finished, 180 memcpy(s->s3->previous_server_finished,
182 s->s3->tmp.finish_md, i); 181 s->s3->tmp.finish_md, i);
183 s->s3->previous_server_finished_len = i; 182 s->s3->previous_server_finished_len = i;
184 } 183 }
185 184
@@ -216,7 +215,7 @@ ssl3_take_mac(SSL *s)
216 } 215 }
217 216
218 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, 217 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
219 sender, slen, s->s3->tmp.peer_finish_md); 218 sender, slen, s->s3->tmp.peer_finish_md);
220} 219}
221#endif 220#endif
222 221
@@ -250,7 +249,7 @@ ssl3_get_finished(SSL *s, int a, int b)
250 p = (unsigned char *)s->init_msg; 249 p = (unsigned char *)s->init_msg;
251 i = s->s3->tmp.peer_finish_md_len; 250 i = s->s3->tmp.peer_finish_md_len;
252 251
253 if (i != n) { 252 if (i != n || i > EVP_MAX_MD_SIZE) {
254 al = SSL_AD_DECODE_ERROR; 253 al = SSL_AD_DECODE_ERROR;
255 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH); 254 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
256 goto f_err; 255 goto f_err;
@@ -265,14 +264,12 @@ ssl3_get_finished(SSL *s, int a, int b)
265 /* Copy the finished so we can use it for 264 /* Copy the finished so we can use it for
266 renegotiation checks */ 265 renegotiation checks */
267 if (s->type == SSL_ST_ACCEPT) { 266 if (s->type == SSL_ST_ACCEPT) {
268 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
269 memcpy(s->s3->previous_client_finished, 267 memcpy(s->s3->previous_client_finished,
270 s->s3->tmp.peer_finish_md, i); 268 s->s3->tmp.peer_finish_md, i);
271 s->s3->previous_client_finished_len = i; 269 s->s3->previous_client_finished_len = i;
272 } else { 270 } else {
273 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
274 memcpy(s->s3->previous_server_finished, 271 memcpy(s->s3->previous_server_finished,
275 s->s3->tmp.peer_finish_md, i); 272 s->s3->tmp.peer_finish_md, i);
276 s->s3->previous_server_finished_len = i; 273 s->s3->previous_server_finished_len = i;
277 } 274 }
278 275
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index d9fedfbb1a..913a256f28 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_enc.c,v 1.52 2014/07/10 08:51:14 tedu Exp $ */ 1/* $OpenBSD: s3_enc.c,v 1.53 2014/08/07 19:46:31 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -607,7 +607,7 @@ ssl3_handshake_mac(SSL *s, int md_nid, const char *sender, int len,
607 if (!EVP_MD_CTX_copy_ex(&ctx, d)) 607 if (!EVP_MD_CTX_copy_ex(&ctx, d))
608 return 0; 608 return 0;
609 n = EVP_MD_CTX_size(&ctx); 609 n = EVP_MD_CTX_size(&ctx);
610 if (n < 0) 610 if (n <= 0)
611 return 0; 611 return 0;
612 612
613 npad = (48 / n) * n; 613 npad = (48 / n) * n;
@@ -655,7 +655,7 @@ n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
655 } 655 }
656 656
657 t = EVP_MD_CTX_size(hash); 657 t = EVP_MD_CTX_size(hash);
658 if (t < 0) 658 if (t <= 0)
659 return -1; 659 return -1;
660 md_size = t; 660 md_size = t;
661 npad = (48 / md_size) * md_size; 661 npad = (48 / md_size) * md_size;
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index 8a40b758a9..aa091f51c7 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.71 2014/07/13 16:03:10 beck Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.72 2014/08/07 19:46:31 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2333,7 +2333,7 @@ ssl3_new(SSL *s)
2333 SSL3_STATE *s3; 2333 SSL3_STATE *s3;
2334 2334
2335 if ((s3 = calloc(1, sizeof *s3)) == NULL) 2335 if ((s3 = calloc(1, sizeof *s3)) == NULL)
2336 goto err; 2336 return 0;
2337 memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num)); 2337 memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
2338 memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num)); 2338 memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
2339 2339
@@ -2341,8 +2341,6 @@ ssl3_new(SSL *s)
2341 2341
2342 s->method->ssl_clear(s); 2342 s->method->ssl_clear(s);
2343 return (1); 2343 return (1);
2344err:
2345 return (0);
2346} 2344}
2347 2345
2348void 2346void
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c
index e4b54691c6..bec8328269 100644
--- a/src/lib/libssl/src/ssl/t1_enc.c
+++ b/src/lib/libssl/src/ssl/t1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_enc.c,v 1.67 2014/07/10 10:09:54 jsing Exp $ */ 1/* $OpenBSD: t1_enc.c,v 1.68 2014/08/07 19:46:31 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -319,7 +319,7 @@ tls1_aead_ctx_init(SSL_AEAD_CTX **aead_ctx)
319 319
320static int 320static int
321tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key, 321tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,
322 unsigned key_len, const unsigned char *iv, unsigned iv_len) 322 unsigned int key_len, const unsigned char *iv, unsigned int iv_len)
323{ 323{
324 const EVP_AEAD *aead = s->s3->tmp.new_aead; 324 const EVP_AEAD *aead = s->s3->tmp.new_aead;
325 SSL_AEAD_CTX *aead_ctx; 325 SSL_AEAD_CTX *aead_ctx;
@@ -856,6 +856,7 @@ tls1_enc(SSL *s, int send)
856 rec->length += pad; 856 rec->length += pad;
857 } 857 }
858 } else if ((bs != 1) && send) { 858 } else if ((bs != 1) && send) {
859 /* XXX divide by zero if bs == 0 (should not happen) */
859 i = bs - ((int)l % bs); 860 i = bs - ((int)l % bs);
860 861
861 /* Add weird padding of upto 256 bytes */ 862 /* Add weird padding of upto 256 bytes */
@@ -1120,7 +1121,7 @@ tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1120 currentvalpos++; 1121 currentvalpos++;
1121 val[currentvalpos] = contextlen & 0xff; 1122 val[currentvalpos] = contextlen & 0xff;
1122 currentvalpos++; 1123 currentvalpos++;
1123 if ((contextlen > 0) || (context != NULL)) { 1124 if (contextlen != 0 && context != NULL) {
1124 memcpy(val + currentvalpos, context, contextlen); 1125 memcpy(val + currentvalpos, context, contextlen);
1125 } 1126 }
1126 } 1127 }
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index e4b54691c6..bec8328269 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_enc.c,v 1.67 2014/07/10 10:09:54 jsing Exp $ */ 1/* $OpenBSD: t1_enc.c,v 1.68 2014/08/07 19:46:31 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -319,7 +319,7 @@ tls1_aead_ctx_init(SSL_AEAD_CTX **aead_ctx)
319 319
320static int 320static int
321tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key, 321tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,
322 unsigned key_len, const unsigned char *iv, unsigned iv_len) 322 unsigned int key_len, const unsigned char *iv, unsigned int iv_len)
323{ 323{
324 const EVP_AEAD *aead = s->s3->tmp.new_aead; 324 const EVP_AEAD *aead = s->s3->tmp.new_aead;
325 SSL_AEAD_CTX *aead_ctx; 325 SSL_AEAD_CTX *aead_ctx;
@@ -856,6 +856,7 @@ tls1_enc(SSL *s, int send)
856 rec->length += pad; 856 rec->length += pad;
857 } 857 }
858 } else if ((bs != 1) && send) { 858 } else if ((bs != 1) && send) {
859 /* XXX divide by zero if bs == 0 (should not happen) */
859 i = bs - ((int)l % bs); 860 i = bs - ((int)l % bs);
860 861
861 /* Add weird padding of upto 256 bytes */ 862 /* Add weird padding of upto 256 bytes */
@@ -1120,7 +1121,7 @@ tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1120 currentvalpos++; 1121 currentvalpos++;
1121 val[currentvalpos] = contextlen & 0xff; 1122 val[currentvalpos] = contextlen & 0xff;
1122 currentvalpos++; 1123 currentvalpos++;
1123 if ((contextlen > 0) || (context != NULL)) { 1124 if (contextlen != 0 && context != NULL) {
1124 memcpy(val + currentvalpos, context, contextlen); 1125 memcpy(val + currentvalpos, context, contextlen);
1125 } 1126 }
1126 } 1127 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-23 09:16:16 +0000