Handle the unlikely event that BIO_get_mem_data() returns -ve.
This commit is contained in:
Ben Laurie
parent
4ded7b44a8
commit
6ba71a7173
@ -871,7 +871,8 @@ int ssl3_get_server_hello(SSL *s)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
s->s3->tmp.new_cipher=c;
|
s->s3->tmp.new_cipher=c;
|
||||||
ssl3_digest_cached_records(s);
|
if (!ssl3_digest_cached_records(s))
|
||||||
|
goto f_err;
|
||||||
|
|
||||||
/* lets get the compression algorithm */
|
/* lets get the compression algorithm */
|
||||||
/* COMPRESSION */
|
/* COMPRESSION */
|
||||||
|
|||||||
16
ssl/s3_enc.c
16
ssl/s3_enc.c
@ -580,18 +580,26 @@ void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
void ssl3_digest_cached_records(SSL *s)
|
|
||||||
|
int ssl3_digest_cached_records(SSL *s)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
long mask;
|
long mask;
|
||||||
const EVP_MD *md;
|
const EVP_MD *md;
|
||||||
long hdatalen;
|
long hdatalen;
|
||||||
void *hdata;
|
void *hdata;
|
||||||
|
|
||||||
/* Allocate handshake_dgst array */
|
/* Allocate handshake_dgst array */
|
||||||
ssl3_free_digest_list(s);
|
ssl3_free_digest_list(s);
|
||||||
s->s3->handshake_dgst = OPENSSL_malloc(SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *));
|
s->s3->handshake_dgst = OPENSSL_malloc(SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *));
|
||||||
memset(s->s3->handshake_dgst,0,SSL_MAX_DIGEST *sizeof(EVP_MD_CTX *));
|
memset(s->s3->handshake_dgst,0,SSL_MAX_DIGEST *sizeof(EVP_MD_CTX *));
|
||||||
hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,&hdata);
|
hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,&hdata);
|
||||||
|
if (hdatalen <= 0)
|
||||||
|
{
|
||||||
|
SSLerr(SSL_F_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
/* Loop through bitso of algorithm2 field and create MD_CTX-es */
|
/* Loop through bitso of algorithm2 field and create MD_CTX-es */
|
||||||
for (i=0;ssl_get_handshake_digest(i,&mask,&md); i++)
|
for (i=0;ssl_get_handshake_digest(i,&mask,&md); i++)
|
||||||
{
|
{
|
||||||
@ -610,7 +618,9 @@ void ssl3_digest_cached_records(SSL *s)
|
|||||||
BIO_free(s->s3->handshake_buffer);
|
BIO_free(s->s3->handshake_buffer);
|
||||||
s->s3->handshake_buffer = NULL;
|
s->s3->handshake_buffer = NULL;
|
||||||
|
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p)
|
int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p)
|
||||||
{
|
{
|
||||||
return(ssl3_handshake_mac(s,md_nid,NULL,0,p));
|
return(ssl3_handshake_mac(s,md_nid,NULL,0,p));
|
||||||
@ -632,8 +642,10 @@ static int ssl3_handshake_mac(SSL *s, int md_nid,
|
|||||||
unsigned int i;
|
unsigned int i;
|
||||||
unsigned char md_buf[EVP_MAX_MD_SIZE];
|
unsigned char md_buf[EVP_MAX_MD_SIZE];
|
||||||
EVP_MD_CTX ctx,*d=NULL;
|
EVP_MD_CTX ctx,*d=NULL;
|
||||||
|
|
||||||
if (s->s3->handshake_buffer)
|
if (s->s3->handshake_buffer)
|
||||||
ssl3_digest_cached_records(s);
|
if (!ssl3_digest_cached_records(s))
|
||||||
|
return 0;
|
||||||
|
|
||||||
/* Search for djgest of specified type in the handshake_dgst
|
/* Search for djgest of specified type in the handshake_dgst
|
||||||
* array*/
|
* array*/
|
||||||
|
|||||||
@ -531,7 +531,8 @@ int ssl3_accept(SSL *s)
|
|||||||
* should be generalized. But it is next step
|
* should be generalized. But it is next step
|
||||||
*/
|
*/
|
||||||
if (s->s3->handshake_buffer)
|
if (s->s3->handshake_buffer)
|
||||||
ssl3_digest_cached_records(s);
|
if (!ssl3_digest_cached_records(s))
|
||||||
|
return -1;
|
||||||
for (dgst_num=0; dgst_num<SSL_MAX_DIGEST;dgst_num++)
|
for (dgst_num=0; dgst_num<SSL_MAX_DIGEST;dgst_num++)
|
||||||
if (s->s3->handshake_dgst[dgst_num])
|
if (s->s3->handshake_dgst[dgst_num])
|
||||||
{
|
{
|
||||||
@ -1158,7 +1159,8 @@ int ssl3_get_client_hello(SSL *s)
|
|||||||
s->s3->tmp.new_cipher=s->session->cipher;
|
s->s3->tmp.new_cipher=s->session->cipher;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl3_digest_cached_records(s);
|
if (!ssl3_digest_cached_records(s))
|
||||||
|
goto f_err;
|
||||||
|
|
||||||
/* we now have the following setup.
|
/* we now have the following setup.
|
||||||
* client_random
|
* client_random
|
||||||
|
|||||||
@ -1784,6 +1784,7 @@ void ERR_load_SSL_strings(void);
|
|||||||
#define SSL_F_CLIENT_HELLO 101
|
#define SSL_F_CLIENT_HELLO 101
|
||||||
#define SSL_F_CLIENT_MASTER_KEY 102
|
#define SSL_F_CLIENT_MASTER_KEY 102
|
||||||
#define SSL_F_D2I_SSL_SESSION 103
|
#define SSL_F_D2I_SSL_SESSION 103
|
||||||
|
#define SSL_F_DIGEST_CACHED_RECORDS 293
|
||||||
#define SSL_F_DO_DTLS1_WRITE 245
|
#define SSL_F_DO_DTLS1_WRITE 245
|
||||||
#define SSL_F_DO_SSL3_WRITE 104
|
#define SSL_F_DO_SSL3_WRITE 104
|
||||||
#define SSL_F_DTLS1_ACCEPT 246
|
#define SSL_F_DTLS1_ACCEPT 246
|
||||||
@ -1945,6 +1946,7 @@ void ERR_load_SSL_strings(void);
|
|||||||
#define SSL_F_SSL_SET_RFD 194
|
#define SSL_F_SSL_SET_RFD 194
|
||||||
#define SSL_F_SSL_SET_SESSION 195
|
#define SSL_F_SSL_SET_SESSION 195
|
||||||
#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218
|
#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218
|
||||||
|
#define SSL_F_SSL_SET_SESSION_TICKET_EXT 294
|
||||||
#define SSL_F_SSL_SET_TRUST 228
|
#define SSL_F_SSL_SET_TRUST 228
|
||||||
#define SSL_F_SSL_SET_WFD 196
|
#define SSL_F_SSL_SET_WFD 196
|
||||||
#define SSL_F_SSL_SHUTDOWN 224
|
#define SSL_F_SSL_SHUTDOWN 224
|
||||||
@ -1972,7 +1974,6 @@ void ERR_load_SSL_strings(void);
|
|||||||
#define SSL_F_TLS1_PRF 284
|
#define SSL_F_TLS1_PRF 284
|
||||||
#define SSL_F_TLS1_SETUP_KEY_BLOCK 211
|
#define SSL_F_TLS1_SETUP_KEY_BLOCK 211
|
||||||
#define SSL_F_WRITE_PENDING 212
|
#define SSL_F_WRITE_PENDING 212
|
||||||
#define SSL_F_SSL_SET_SESSION_TICKET_EXT 213
|
|
||||||
|
|
||||||
/* Reason codes. */
|
/* Reason codes. */
|
||||||
#define SSL_R_APP_DATA_IN_HANDSHAKE 100
|
#define SSL_R_APP_DATA_IN_HANDSHAKE 100
|
||||||
@ -1991,6 +1992,7 @@ void ERR_load_SSL_strings(void);
|
|||||||
#define SSL_R_BAD_ECC_CERT 304
|
#define SSL_R_BAD_ECC_CERT 304
|
||||||
#define SSL_R_BAD_ECDSA_SIGNATURE 305
|
#define SSL_R_BAD_ECDSA_SIGNATURE 305
|
||||||
#define SSL_R_BAD_ECPOINT 306
|
#define SSL_R_BAD_ECPOINT 306
|
||||||
|
#define SSL_R_BAD_HANDSHAKE_LENGTH 332
|
||||||
#define SSL_R_BAD_HELLO_REQUEST 105
|
#define SSL_R_BAD_HELLO_REQUEST 105
|
||||||
#define SSL_R_BAD_LENGTH 271
|
#define SSL_R_BAD_LENGTH 271
|
||||||
#define SSL_R_BAD_MAC_DECODE 113
|
#define SSL_R_BAD_MAC_DECODE 113
|
||||||
|
|||||||
@ -75,6 +75,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
|
|||||||
{ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"},
|
{ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"},
|
||||||
{ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"},
|
{ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"},
|
||||||
{ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"},
|
{ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"},
|
||||||
|
{ERR_FUNC(SSL_F_DIGEST_CACHED_RECORDS), "DIGEST_CACHED_RECORDS"},
|
||||||
{ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"},
|
{ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"},
|
||||||
{ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"},
|
{ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"},
|
||||||
{ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"},
|
{ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"},
|
||||||
@ -236,6 +237,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
|
|||||||
{ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"},
|
{ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"},
|
||||||
{ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"},
|
{ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"},
|
||||||
{ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"},
|
{ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"},
|
||||||
|
{ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"},
|
||||||
{ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"},
|
{ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"},
|
||||||
{ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"},
|
{ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"},
|
||||||
{ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"},
|
{ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"},
|
||||||
@ -263,7 +265,6 @@ static ERR_STRING_DATA SSL_str_functs[]=
|
|||||||
{ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"},
|
{ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"},
|
||||||
{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"},
|
{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"},
|
||||||
{ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"},
|
{ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"},
|
||||||
{ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"},
|
|
||||||
{0,NULL}
|
{0,NULL}
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -285,6 +286,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
|
|||||||
{ERR_REASON(SSL_R_BAD_ECC_CERT) ,"bad ecc cert"},
|
{ERR_REASON(SSL_R_BAD_ECC_CERT) ,"bad ecc cert"},
|
||||||
{ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) ,"bad ecdsa signature"},
|
{ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) ,"bad ecdsa signature"},
|
||||||
{ERR_REASON(SSL_R_BAD_ECPOINT) ,"bad ecpoint"},
|
{ERR_REASON(SSL_R_BAD_ECPOINT) ,"bad ecpoint"},
|
||||||
|
{ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH) ,"bad handshake length"},
|
||||||
{ERR_REASON(SSL_R_BAD_HELLO_REQUEST) ,"bad hello request"},
|
{ERR_REASON(SSL_R_BAD_HELLO_REQUEST) ,"bad hello request"},
|
||||||
{ERR_REASON(SSL_R_BAD_LENGTH) ,"bad length"},
|
{ERR_REASON(SSL_R_BAD_LENGTH) ,"bad length"},
|
||||||
{ERR_REASON(SSL_R_BAD_MAC_DECODE) ,"bad mac decode"},
|
{ERR_REASON(SSL_R_BAD_MAC_DECODE) ,"bad mac decode"},
|
||||||
|
|||||||
@ -880,7 +880,7 @@ int ssl3_setup_read_buffer(SSL *s);
|
|||||||
int ssl3_setup_write_buffer(SSL *s);
|
int ssl3_setup_write_buffer(SSL *s);
|
||||||
int ssl3_release_read_buffer(SSL *s);
|
int ssl3_release_read_buffer(SSL *s);
|
||||||
int ssl3_release_write_buffer(SSL *s);
|
int ssl3_release_write_buffer(SSL *s);
|
||||||
void ssl3_digest_cached_records(SSL *s);
|
int ssl3_digest_cached_records(SSL *s);
|
||||||
int ssl3_new(SSL *s);
|
int ssl3_new(SSL *s);
|
||||||
void ssl3_free(SSL *s);
|
void ssl3_free(SSL *s);
|
||||||
int ssl3_accept(SSL *s);
|
int ssl3_accept(SSL *s);
|
||||||
|
|||||||
11
ssl/t1_enc.c
11
ssl/t1_enc.c
@ -749,7 +749,9 @@ int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
|
|||||||
int i;
|
int i;
|
||||||
|
|
||||||
if (s->s3->handshake_buffer)
|
if (s->s3->handshake_buffer)
|
||||||
ssl3_digest_cached_records(s);
|
if (!ssl3_digest_cached_records(s))
|
||||||
|
return 0;
|
||||||
|
|
||||||
for (i=0;i<SSL_MAX_DIGEST;i++)
|
for (i=0;i<SSL_MAX_DIGEST;i++)
|
||||||
{
|
{
|
||||||
if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid)
|
if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid)
|
||||||
@ -784,10 +786,11 @@ int tls1_final_finish_mac(SSL *s,
|
|||||||
|
|
||||||
q=buf;
|
q=buf;
|
||||||
|
|
||||||
EVP_MD_CTX_init(&ctx);
|
|
||||||
|
|
||||||
if (s->s3->handshake_buffer)
|
if (s->s3->handshake_buffer)
|
||||||
ssl3_digest_cached_records(s);
|
if (!ssl3_digest_cached_records(s))
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
EVP_MD_CTX_init(&ctx);
|
||||||
|
|
||||||
for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++)
|
for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++)
|
||||||
{
|
{
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user