aboutsummaryrefslogtreecommitdiffstats
path: root/ssl/t1_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r--ssl/t1_lib.c65
1 files changed, 36 insertions, 29 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 210a5e87430f..3176d1e3baba 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -497,7 +497,7 @@ static int tls1_get_curvelist(SSL *s, int sess,
} else
# endif
{
- if (!s->server || (s->cert && s->cert->ecdh_tmp_auto)) {
+ if (!s->server || s->cert->ecdh_tmp_auto) {
*pcurves = eccurves_auto;
pcurveslen = sizeof(eccurves_auto);
} else {
@@ -1837,7 +1837,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
* 10.8..10.8.3 (which don't work).
*/
static void ssl_check_for_safari(SSL *s, const unsigned char *data,
- const unsigned char *d, int n)
+ const unsigned char *limit)
{
unsigned short type, size;
static const unsigned char kSafariExtensionsBlock[] = {
@@ -1866,11 +1866,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
0x02, 0x03, /* SHA-1/ECDSA */
};
- if (data >= (d + n - 2))
+ if (data >= (limit - 2))
return;
data += 2;
- if (data > (d + n - 4))
+ if (data > (limit - 4))
return;
n2s(data, type);
n2s(data, size);
@@ -1878,7 +1878,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
if (type != TLSEXT_TYPE_server_name)
return;
- if (data + size > d + n)
+ if (data + size > limit)
return;
data += size;
@@ -1886,7 +1886,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
const size_t len1 = sizeof(kSafariExtensionsBlock);
const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
- if (data + len1 + len2 != d + n)
+ if (data + len1 + len2 != limit)
return;
if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
return;
@@ -1895,7 +1895,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
} else {
const size_t len = sizeof(kSafariExtensionsBlock);
- if (data + len != d + n)
+ if (data + len != limit)
return;
if (memcmp(data, kSafariExtensionsBlock, len) != 0)
return;
@@ -1974,7 +1974,7 @@ static int tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data,
}
static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
- unsigned char *d, int n, int *al)
+ unsigned char *limit, int *al)
{
unsigned short type;
unsigned short size;
@@ -1999,7 +1999,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
# ifndef OPENSSL_NO_EC
if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
- ssl_check_for_safari(s, data, d, n);
+ ssl_check_for_safari(s, data, limit);
# endif /* !OPENSSL_NO_EC */
/* Clear any signature algorithms extension received */
@@ -2016,22 +2016,22 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
s->srtp_profile = NULL;
- if (data == d + n)
+ if (data == limit)
goto ri_check;
- if (data > (d + n - 2))
+ if (data > (limit - 2))
goto err;
n2s(data, len);
- if (data > (d + n - len))
+ if (data + len != limit)
goto err;
- while (data <= (d + n - 4)) {
+ while (data <= (limit - 4)) {
n2s(data, type);
n2s(data, size);
- if (data + size > (d + n))
+ if (data + size > (limit))
goto err;
# if 0
fprintf(stderr, "Received extension type %d size %d\n", type, size);
@@ -2405,7 +2405,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
}
/* Spurious data on the end */
- if (data != d + n)
+ if (data != limit)
goto err;
*p = data;
@@ -2465,8 +2465,8 @@ static int ssl_scan_clienthello_custom_tlsext(SSL *s,
return 1;
}
-int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
- int n)
+int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p,
+ unsigned char *limit)
{
int al = -1;
unsigned char *ptmp = *p;
@@ -2476,7 +2476,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
* switch the parent context using SSL_set_SSL_CTX and custom extensions
* need to be handled by the new SSL_CTX structure.
*/
- if (ssl_scan_clienthello_tlsext(s, p, d, n, &al) <= 0) {
+ if (ssl_scan_clienthello_tlsext(s, p, limit, &al) <= 0) {
ssl3_send_alert(s, SSL3_AL_FATAL, al);
return 0;
}
@@ -2487,7 +2487,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
}
custom_ext_init(&s->cert->srv_ext);
- if (ssl_scan_clienthello_custom_tlsext(s, ptmp, d + n, &al) <= 0) {
+ if (ssl_scan_clienthello_custom_tlsext(s, ptmp, limit, &al) <= 0) {
ssl3_send_alert(s, SSL3_AL_FATAL, al);
return 0;
}
@@ -3385,10 +3385,13 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
/* Check key name matches */
if (memcmp(etick, tctx->tlsext_tick_key_name, 16))
return 2;
- HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
- tlsext_tick_md(), NULL);
- EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
- tctx->tlsext_tick_aes_key, etick + 16);
+ if (HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
+ tlsext_tick_md(), NULL) <= 0
+ || EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
+ tctx->tlsext_tick_aes_key,
+ etick + 16) <= 0) {
+ goto err;
+ }
}
/*
* Attempt to process session ticket, first conduct sanity and integrity
@@ -3396,13 +3399,14 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
*/
mlen = HMAC_size(&hctx);
if (mlen < 0) {
- EVP_CIPHER_CTX_cleanup(&ctx);
- return -1;
+ goto err;
}
eticklen -= mlen;
/* Check HMAC of encrypted ticket */
- HMAC_Update(&hctx, etick, eticklen);
- HMAC_Final(&hctx, tick_hmac, NULL);
+ if (HMAC_Update(&hctx, etick, eticklen) <= 0
+ || HMAC_Final(&hctx, tick_hmac, NULL) <= 0) {
+ goto err;
+ }
HMAC_CTX_cleanup(&hctx);
if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) {
EVP_CIPHER_CTX_cleanup(&ctx);
@@ -3413,11 +3417,10 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
sdec = OPENSSL_malloc(eticklen);
- if (!sdec) {
+ if (!sdec || EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen) <= 0) {
EVP_CIPHER_CTX_cleanup(&ctx);
return -1;
}
- EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen);
if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) {
EVP_CIPHER_CTX_cleanup(&ctx);
OPENSSL_free(sdec);
@@ -3450,6 +3453,10 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
* For session parse failure, indicate that we need to send a new ticket.
*/
return 2;
+err:
+ EVP_CIPHER_CTX_cleanup(&ctx);
+ HMAC_CTX_cleanup(&hctx);
+ return -1;
}
/* Tables to translate from NIDs to TLS v1.2 ids */