diff options
Diffstat (limited to 'crypto/openssl/ssl/t1_lib.c')
| -rw-r--r-- | crypto/openssl/ssl/t1_lib.c | 65 |
1 files changed, 36 insertions, 29 deletions
diff --git a/crypto/openssl/ssl/t1_lib.c b/crypto/openssl/ssl/t1_lib.c index 210a5e8..3176d1e 100644 --- a/crypto/openssl/ssl/t1_lib.c +++ b/crypto/openssl/ssl/t1_lib.c @@ -497,7 +497,7 @@ static int tls1_get_curvelist(SSL *s, int sess, } else # endif { - if (!s->server || (s->cert && s->cert->ecdh_tmp_auto)) { + if (!s->server || s->cert->ecdh_tmp_auto) { *pcurves = eccurves_auto; pcurveslen = sizeof(eccurves_auto); } else { @@ -1837,7 +1837,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, * 10.8..10.8.3 (which don't work). */ static void ssl_check_for_safari(SSL *s, const unsigned char *data, - const unsigned char *d, int n) + const unsigned char *limit) { unsigned short type, size; static const unsigned char kSafariExtensionsBlock[] = { @@ -1866,11 +1866,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, 0x02, 0x03, /* SHA-1/ECDSA */ }; - if (data >= (d + n - 2)) + if (data >= (limit - 2)) return; data += 2; - if (data > (d + n - 4)) + if (data > (limit - 4)) return; n2s(data, type); n2s(data, size); @@ -1878,7 +1878,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, if (type != TLSEXT_TYPE_server_name) return; - if (data + size > d + n) + if (data + size > limit) return; data += size; @@ -1886,7 +1886,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, const size_t len1 = sizeof(kSafariExtensionsBlock); const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock); - if (data + len1 + len2 != d + n) + if (data + len1 + len2 != limit) return; if (memcmp(data, kSafariExtensionsBlock, len1) != 0) return; @@ -1895,7 +1895,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, } else { const size_t len = sizeof(kSafariExtensionsBlock); - if (data + len != d + n) + if (data + len != limit) return; if (memcmp(data, kSafariExtensionsBlock, len) != 0) return; @@ -1974,7 +1974,7 @@ static int tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data, } static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, - unsigned char *d, int n, int *al) + unsigned char *limit, int *al) { unsigned short type; unsigned short size; @@ -1999,7 +1999,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, # ifndef OPENSSL_NO_EC if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG) - ssl_check_for_safari(s, data, d, n); + ssl_check_for_safari(s, data, limit); # endif /* !OPENSSL_NO_EC */ /* Clear any signature algorithms extension received */ @@ -2016,22 +2016,22 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, s->srtp_profile = NULL; - if (data == d + n) + if (data == limit) goto ri_check; - if (data > (d + n - 2)) + if (data > (limit - 2)) goto err; n2s(data, len); - if (data > (d + n - len)) + if (data + len != limit) goto err; - while (data <= (d + n - 4)) { + while (data <= (limit - 4)) { n2s(data, type); n2s(data, size); - if (data + size > (d + n)) + if (data + size > (limit)) goto err; # if 0 fprintf(stderr, "Received extension type %d size %d\n", type, size); @@ -2405,7 +2405,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, } /* Spurious data on the end */ - if (data != d + n) + if (data != limit) goto err; *p = data; @@ -2465,8 +2465,8 @@ static int ssl_scan_clienthello_custom_tlsext(SSL *s, return 1; } -int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, - int n) +int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, + unsigned char *limit) { int al = -1; unsigned char *ptmp = *p; @@ -2476,7 +2476,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, * switch the parent context using SSL_set_SSL_CTX and custom extensions * need to be handled by the new SSL_CTX structure. */ - if (ssl_scan_clienthello_tlsext(s, p, d, n, &al) <= 0) { + if (ssl_scan_clienthello_tlsext(s, p, limit, &al) <= 0) { ssl3_send_alert(s, SSL3_AL_FATAL, al); return 0; } @@ -2487,7 +2487,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, } custom_ext_init(&s->cert->srv_ext); - if (ssl_scan_clienthello_custom_tlsext(s, ptmp, d + n, &al) <= 0) { + if (ssl_scan_clienthello_custom_tlsext(s, ptmp, limit, &al) <= 0) { ssl3_send_alert(s, SSL3_AL_FATAL, al); return 0; } @@ -3385,10 +3385,13 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, /* Check key name matches */ if (memcmp(etick, tctx->tlsext_tick_key_name, 16)) return 2; - HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, - tlsext_tick_md(), NULL); - EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, - tctx->tlsext_tick_aes_key, etick + 16); + if (HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, + tlsext_tick_md(), NULL) <= 0 + || EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, + tctx->tlsext_tick_aes_key, + etick + 16) <= 0) { + goto err; + } } /* * Attempt to process session ticket, first conduct sanity and integrity @@ -3396,13 +3399,14 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, */ mlen = HMAC_size(&hctx); if (mlen < 0) { - EVP_CIPHER_CTX_cleanup(&ctx); - return -1; + goto err; } eticklen -= mlen; /* Check HMAC of encrypted ticket */ - HMAC_Update(&hctx, etick, eticklen); - HMAC_Final(&hctx, tick_hmac, NULL); + if (HMAC_Update(&hctx, etick, eticklen) <= 0 + || HMAC_Final(&hctx, tick_hmac, NULL) <= 0) { + goto err; + } HMAC_CTX_cleanup(&hctx); if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) { EVP_CIPHER_CTX_cleanup(&ctx); @@ -3413,11 +3417,10 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx); eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx); sdec = OPENSSL_malloc(eticklen); - if (!sdec) { + if (!sdec || EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen) <= 0) { EVP_CIPHER_CTX_cleanup(&ctx); return -1; } - EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen); if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) { EVP_CIPHER_CTX_cleanup(&ctx); OPENSSL_free(sdec); @@ -3450,6 +3453,10 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, * For session parse failure, indicate that we need to send a new ticket. */ return 2; +err: + EVP_CIPHER_CTX_cleanup(&ctx); + HMAC_CTX_cleanup(&hctx); + return -1; } /* Tables to translate from NIDs to TLS v1.2 ids */ |
