From: miod Date: Thu, 7 Aug 2014 20:02:23 +0000 (+0000) Subject: Oops, revert changes commited by mistake. The previous commit was supposed X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=7e9f0113965a38b7be16a68c4ca4d4925fa428eb;p=openbsd Oops, revert changes commited by mistake. The previous commit was supposed to only apply to s23_srvr.c. --- diff --git a/lib/libssl/d1_both.c b/lib/libssl/d1_both.c index 2391d529947..aec6e272bfe 100644 --- a/lib/libssl/d1_both.c +++ b/lib/libssl/d1_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_both.c,v 1.25 2014/08/07 19:46:31 miod Exp $ */ +/* $OpenBSD: d1_both.c,v 1.26 2014/08/07 20:02:23 miod Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -903,7 +903,6 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen) i = s->method->ssl3_enc->final_finish_mac(s, sender, slen, s->s3->tmp.finish_md); - OPENSSL_assert(i <= EVP_MAX_MD_SIZE); s->s3->tmp.finish_md_len = i; memcpy(p, s->s3->tmp.finish_md, i); p += i; @@ -914,10 +913,12 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen) * renegotiation checks */ if (s->type == SSL_ST_CONNECT) { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, i); s->s3->previous_client_finished_len = i; } else { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, i); s->s3->previous_server_finished_len = i; diff --git a/lib/libssl/d1_clnt.c b/lib/libssl/d1_clnt.c index 165f9441f60..c9ec32173bd 100644 --- a/lib/libssl/d1_clnt.c +++ b/lib/libssl/d1_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_clnt.c,v 1.32 2014/08/07 19:46:31 miod Exp $ */ +/* $OpenBSD: d1_clnt.c,v 1.33 2014/08/07 20:02:23 miod Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -778,9 +778,8 @@ dtls1_client_hello(SSL *s) /* if client_random is initialized, reuse it, we are * required to use same upon reply to HelloVerify */ - for (i = 0; i < sizeof(s->s3->client_random); i++) - if (p[i] != '\0') - break; + for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++) + ; if (i == sizeof(s->s3->client_random)) RAND_pseudo_bytes(p, sizeof(s->s3->client_random)); @@ -1339,6 +1338,7 @@ dtls1_send_client_certificate(SSL *s) /* If we get an error, we need to * ssl->rwstate=SSL_X509_LOOKUP; return(-1); * We then get retied later */ + i = 0; i = ssl_do_client_cert_cb(s, &x509, &pkey); if (i < 0) { s->rwstate = SSL_X509_LOOKUP; diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c index 5be89f0955b..7b0d67bf151 100644 --- a/lib/libssl/d1_pkt.c +++ b/lib/libssl/d1_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_pkt.c,v 1.33 2014/08/07 19:46:31 miod Exp $ */ +/* $OpenBSD: d1_pkt.c,v 1.34 2014/08/07 20:02:23 miod Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -414,12 +414,10 @@ dtls1_process_record(SSL *s) } i = s->method->ssl3_enc->mac(s, md, 0 /* not send */); - if (i < 0 || mac == NULL || - timingsafe_memcmp(md, mac, (size_t)mac_size) != 0) + if (i < 0 || mac == NULL || timingsafe_memcmp(md, mac, (size_t)mac_size) != 0) enc_err = -1; if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) enc_err = -1; - OPENSSL_cleanse(&md, sizeof md); } if (enc_err < 0) { diff --git a/lib/libssl/s3_both.c b/lib/libssl/s3_both.c index afcaca3c434..6ba3d4bfcef 100644 --- a/lib/libssl/s3_both.c +++ b/lib/libssl/s3_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_both.c,v 1.27 2014/08/07 19:46:31 miod Exp $ */ +/* $OpenBSD: s3_both.c,v 1.28 2014/08/07 20:02:23 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -161,7 +161,7 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) p = &(d[4]); i = s->method->ssl3_enc->final_finish_mac(s, - sender, slen, s->s3->tmp.finish_md); + sender, slen, s->s3->tmp.finish_md); if (i == 0) return 0; s->s3->tmp.finish_md_len = i; @@ -171,14 +171,15 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) /* Copy the finished so we can use it for renegotiation checks */ - OPENSSL_assert(i <= EVP_MAX_MD_SIZE); if (s->type == SSL_ST_CONNECT) { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); memcpy(s->s3->previous_client_finished, - s->s3->tmp.finish_md, i); + s->s3->tmp.finish_md, i); s->s3->previous_client_finished_len = i; } else { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); memcpy(s->s3->previous_server_finished, - s->s3->tmp.finish_md, i); + s->s3->tmp.finish_md, i); s->s3->previous_server_finished_len = i; } @@ -215,7 +216,7 @@ ssl3_take_mac(SSL *s) } s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, - sender, slen, s->s3->tmp.peer_finish_md); + sender, slen, s->s3->tmp.peer_finish_md); } #endif @@ -249,7 +250,7 @@ ssl3_get_finished(SSL *s, int a, int b) p = (unsigned char *)s->init_msg; i = s->s3->tmp.peer_finish_md_len; - if (i != n || i > EVP_MAX_MD_SIZE) { + if (i != n) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH); goto f_err; @@ -264,12 +265,14 @@ ssl3_get_finished(SSL *s, int a, int b) /* Copy the finished so we can use it for renegotiation checks */ if (s->type == SSL_ST_ACCEPT) { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); memcpy(s->s3->previous_client_finished, - s->s3->tmp.peer_finish_md, i); + s->s3->tmp.peer_finish_md, i); s->s3->previous_client_finished_len = i; } else { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); memcpy(s->s3->previous_server_finished, - s->s3->tmp.peer_finish_md, i); + s->s3->tmp.peer_finish_md, i); s->s3->previous_server_finished_len = i; } diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index aa091f51c7c..4631c517ccc 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.72 2014/08/07 19:46:31 miod Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.73 2014/08/07 20:02:23 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2333,7 +2333,7 @@ ssl3_new(SSL *s) SSL3_STATE *s3; if ((s3 = calloc(1, sizeof *s3)) == NULL) - return 0; + goto err; memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num)); memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num)); @@ -2341,6 +2341,8 @@ ssl3_new(SSL *s) s->method->ssl_clear(s); return (1); +err: + return (0); } void diff --git a/lib/libssl/src/ssl/d1_both.c b/lib/libssl/src/ssl/d1_both.c index 2391d529947..aec6e272bfe 100644 --- a/lib/libssl/src/ssl/d1_both.c +++ b/lib/libssl/src/ssl/d1_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_both.c,v 1.25 2014/08/07 19:46:31 miod Exp $ */ +/* $OpenBSD: d1_both.c,v 1.26 2014/08/07 20:02:23 miod Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -903,7 +903,6 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen) i = s->method->ssl3_enc->final_finish_mac(s, sender, slen, s->s3->tmp.finish_md); - OPENSSL_assert(i <= EVP_MAX_MD_SIZE); s->s3->tmp.finish_md_len = i; memcpy(p, s->s3->tmp.finish_md, i); p += i; @@ -914,10 +913,12 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen) * renegotiation checks */ if (s->type == SSL_ST_CONNECT) { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, i); s->s3->previous_client_finished_len = i; } else { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, i); s->s3->previous_server_finished_len = i; diff --git a/lib/libssl/src/ssl/d1_clnt.c b/lib/libssl/src/ssl/d1_clnt.c index 165f9441f60..c9ec32173bd 100644 --- a/lib/libssl/src/ssl/d1_clnt.c +++ b/lib/libssl/src/ssl/d1_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_clnt.c,v 1.32 2014/08/07 19:46:31 miod Exp $ */ +/* $OpenBSD: d1_clnt.c,v 1.33 2014/08/07 20:02:23 miod Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -778,9 +778,8 @@ dtls1_client_hello(SSL *s) /* if client_random is initialized, reuse it, we are * required to use same upon reply to HelloVerify */ - for (i = 0; i < sizeof(s->s3->client_random); i++) - if (p[i] != '\0') - break; + for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++) + ; if (i == sizeof(s->s3->client_random)) RAND_pseudo_bytes(p, sizeof(s->s3->client_random)); @@ -1339,6 +1338,7 @@ dtls1_send_client_certificate(SSL *s) /* If we get an error, we need to * ssl->rwstate=SSL_X509_LOOKUP; return(-1); * We then get retied later */ + i = 0; i = ssl_do_client_cert_cb(s, &x509, &pkey); if (i < 0) { s->rwstate = SSL_X509_LOOKUP; diff --git a/lib/libssl/src/ssl/d1_pkt.c b/lib/libssl/src/ssl/d1_pkt.c index 5be89f0955b..7b0d67bf151 100644 --- a/lib/libssl/src/ssl/d1_pkt.c +++ b/lib/libssl/src/ssl/d1_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_pkt.c,v 1.33 2014/08/07 19:46:31 miod Exp $ */ +/* $OpenBSD: d1_pkt.c,v 1.34 2014/08/07 20:02:23 miod Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -414,12 +414,10 @@ dtls1_process_record(SSL *s) } i = s->method->ssl3_enc->mac(s, md, 0 /* not send */); - if (i < 0 || mac == NULL || - timingsafe_memcmp(md, mac, (size_t)mac_size) != 0) + if (i < 0 || mac == NULL || timingsafe_memcmp(md, mac, (size_t)mac_size) != 0) enc_err = -1; if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) enc_err = -1; - OPENSSL_cleanse(&md, sizeof md); } if (enc_err < 0) { diff --git a/lib/libssl/src/ssl/s3_both.c b/lib/libssl/src/ssl/s3_both.c index afcaca3c434..6ba3d4bfcef 100644 --- a/lib/libssl/src/ssl/s3_both.c +++ b/lib/libssl/src/ssl/s3_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_both.c,v 1.27 2014/08/07 19:46:31 miod Exp $ */ +/* $OpenBSD: s3_both.c,v 1.28 2014/08/07 20:02:23 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -161,7 +161,7 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) p = &(d[4]); i = s->method->ssl3_enc->final_finish_mac(s, - sender, slen, s->s3->tmp.finish_md); + sender, slen, s->s3->tmp.finish_md); if (i == 0) return 0; s->s3->tmp.finish_md_len = i; @@ -171,14 +171,15 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) /* Copy the finished so we can use it for renegotiation checks */ - OPENSSL_assert(i <= EVP_MAX_MD_SIZE); if (s->type == SSL_ST_CONNECT) { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); memcpy(s->s3->previous_client_finished, - s->s3->tmp.finish_md, i); + s->s3->tmp.finish_md, i); s->s3->previous_client_finished_len = i; } else { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); memcpy(s->s3->previous_server_finished, - s->s3->tmp.finish_md, i); + s->s3->tmp.finish_md, i); s->s3->previous_server_finished_len = i; } @@ -215,7 +216,7 @@ ssl3_take_mac(SSL *s) } s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, - sender, slen, s->s3->tmp.peer_finish_md); + sender, slen, s->s3->tmp.peer_finish_md); } #endif @@ -249,7 +250,7 @@ ssl3_get_finished(SSL *s, int a, int b) p = (unsigned char *)s->init_msg; i = s->s3->tmp.peer_finish_md_len; - if (i != n || i > EVP_MAX_MD_SIZE) { + if (i != n) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH); goto f_err; @@ -264,12 +265,14 @@ ssl3_get_finished(SSL *s, int a, int b) /* Copy the finished so we can use it for renegotiation checks */ if (s->type == SSL_ST_ACCEPT) { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); memcpy(s->s3->previous_client_finished, - s->s3->tmp.peer_finish_md, i); + s->s3->tmp.peer_finish_md, i); s->s3->previous_client_finished_len = i; } else { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); memcpy(s->s3->previous_server_finished, - s->s3->tmp.peer_finish_md, i); + s->s3->tmp.peer_finish_md, i); s->s3->previous_server_finished_len = i; } diff --git a/lib/libssl/src/ssl/s3_enc.c b/lib/libssl/src/ssl/s3_enc.c index 913a256f28e..f268a2a265c 100644 --- a/lib/libssl/src/ssl/s3_enc.c +++ b/lib/libssl/src/ssl/s3_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_enc.c,v 1.53 2014/08/07 19:46:31 miod Exp $ */ +/* $OpenBSD: s3_enc.c,v 1.54 2014/08/07 20:02:23 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -607,7 +607,7 @@ ssl3_handshake_mac(SSL *s, int md_nid, const char *sender, int len, if (!EVP_MD_CTX_copy_ex(&ctx, d)) return 0; n = EVP_MD_CTX_size(&ctx); - if (n <= 0) + if (n < 0) return 0; npad = (48 / n) * n; @@ -655,7 +655,7 @@ n_ssl3_mac(SSL *ssl, unsigned char *md, int send) } t = EVP_MD_CTX_size(hash); - if (t <= 0) + if (t < 0) return -1; md_size = t; npad = (48 / md_size) * md_size; diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c index aa091f51c7c..4631c517ccc 100644 --- a/lib/libssl/src/ssl/s3_lib.c +++ b/lib/libssl/src/ssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.72 2014/08/07 19:46:31 miod Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.73 2014/08/07 20:02:23 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2333,7 +2333,7 @@ ssl3_new(SSL *s) SSL3_STATE *s3; if ((s3 = calloc(1, sizeof *s3)) == NULL) - return 0; + goto err; memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num)); memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num)); @@ -2341,6 +2341,8 @@ ssl3_new(SSL *s) s->method->ssl_clear(s); return (1); +err: + return (0); } void diff --git a/lib/libssl/src/ssl/t1_enc.c b/lib/libssl/src/ssl/t1_enc.c index bec8328269b..6ad721bd8ae 100644 --- a/lib/libssl/src/ssl/t1_enc.c +++ b/lib/libssl/src/ssl/t1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_enc.c,v 1.68 2014/08/07 19:46:31 miod Exp $ */ +/* $OpenBSD: t1_enc.c,v 1.69 2014/08/07 20:02:23 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -319,7 +319,7 @@ tls1_aead_ctx_init(SSL_AEAD_CTX **aead_ctx) static int tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key, - unsigned int key_len, const unsigned char *iv, unsigned int iv_len) + unsigned key_len, const unsigned char *iv, unsigned iv_len) { const EVP_AEAD *aead = s->s3->tmp.new_aead; SSL_AEAD_CTX *aead_ctx; @@ -856,7 +856,6 @@ tls1_enc(SSL *s, int send) rec->length += pad; } } else if ((bs != 1) && send) { - /* XXX divide by zero if bs == 0 (should not happen) */ i = bs - ((int)l % bs); /* Add weird padding of upto 256 bytes */ @@ -1121,7 +1120,7 @@ tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, currentvalpos++; val[currentvalpos] = contextlen & 0xff; currentvalpos++; - if (contextlen != 0 && context != NULL) { + if ((contextlen > 0) || (context != NULL)) { memcpy(val + currentvalpos, context, contextlen); } } diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c index bec8328269b..6ad721bd8ae 100644 --- a/lib/libssl/t1_enc.c +++ b/lib/libssl/t1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_enc.c,v 1.68 2014/08/07 19:46:31 miod Exp $ */ +/* $OpenBSD: t1_enc.c,v 1.69 2014/08/07 20:02:23 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -319,7 +319,7 @@ tls1_aead_ctx_init(SSL_AEAD_CTX **aead_ctx) static int tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key, - unsigned int key_len, const unsigned char *iv, unsigned int iv_len) + unsigned key_len, const unsigned char *iv, unsigned iv_len) { const EVP_AEAD *aead = s->s3->tmp.new_aead; SSL_AEAD_CTX *aead_ctx; @@ -856,7 +856,6 @@ tls1_enc(SSL *s, int send) rec->length += pad; } } else if ((bs != 1) && send) { - /* XXX divide by zero if bs == 0 (should not happen) */ i = bs - ((int)l % bs); /* Add weird padding of upto 256 bytes */ @@ -1121,7 +1120,7 @@ tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, currentvalpos++; val[currentvalpos] = contextlen & 0xff; currentvalpos++; - if (contextlen != 0 && context != NULL) { + if ((contextlen > 0) || (context != NULL)) { memcpy(val + currentvalpos, context, contextlen); } }