* Return values are:
* 1: Yes
* 0: No
- * -1: Error
*/
static int key_exchange_expected(SSL *s)
{
}
} else {
ske_expected = key_exchange_expected(s);
- if (ske_expected < 0)
- return 0;
/* SKE is optional for some PSK ciphersuites */
if (ske_expected
|| ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)
case TLS_ST_CR_CERT_STATUS:
ske_expected = key_exchange_expected(s);
- if (ske_expected < 0)
- return 0;
/* SKE is optional for some PSK ciphersuites */
if (ske_expected
|| ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)
st->hand_state = TLS_ST_CR_KEY_EXCH;
return 1;
}
- return 0;
+ goto err;
}
/* Fall through */
st->hand_state = TLS_ST_CR_CERT_REQ;
return 1;
}
- return 0;
+ goto err;
}
/* Fall through */
break;
}
+ err:
/* No valid transition found */
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL3_AD_UNEXPECTED_MESSAGE);
+ SSLerr(SSL_F_READ_STATE_MACHINE, SSL_R_UNEXPECTED_MESSAGE);
return 0;
}
}
break;
- case TLS_ST_CW_CERT:
- return tls_prepare_client_certificate(s, wst);
-
case TLS_ST_CW_CHANGE:
if (SSL_IS_DTLS(s)) {
if (s->hit) {
OSSL_STATEM *st = &s->statem;
switch(st->hand_state) {
+ case TLS_ST_CR_CERT_REQ:
+ return tls_prepare_client_certificate(s, wst);
+
#ifndef OPENSSL_NO_SCTP
case TLS_ST_CR_SRVR_DONE:
/* We only get here if we are using SCTP and we are renegotiating */
s->s3->tmp.ca_names = ca_sk;
ca_sk = NULL;
- ret = MSG_PROCESS_CONTINUE_READING;
+ ret = MSG_PROCESS_CONTINUE_PROCESSING;
goto done;
err:
ossl_statem_set_error(s);
* elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is
* SHA256 is disabled) hash of the ticket.
*/
- EVP_Digest(s->session->tlsext_tick, ticklen,
- s->session->session_id, &s->session->session_id_length,
- EVP_sha256(), NULL);
+ if (!EVP_Digest(s->session->tlsext_tick, ticklen,
+ s->session->session_id, &s->session->session_id_length,
+ EVP_sha256(), NULL)) {
+ SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_EVP_LIB);
+ goto err;
+ }
return MSG_PROCESS_CONTINUE_READING;
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
size_t pskhdrlen = 0;
#endif
unsigned long alg_k;
-#ifndef OPENSSL_NO_RSA
- unsigned char *q;
- EVP_PKEY *pkey = NULL;
- EVP_PKEY_CTX *pctx = NULL;
-#endif
-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
- EVP_PKEY *ckey = NULL, *skey = NULL;
-#endif
-#ifndef OPENSSL_NO_EC
- unsigned char *encodedPoint = NULL;
- int encoded_pt_len = 0;
-#endif
- unsigned char *pms = NULL;
- size_t pmslen = 0;
+
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
p = ssl_handshake_start(s);
char identity[PSK_MAX_IDENTITY_LEN + 1];
size_t identitylen;
unsigned char psk[PSK_MAX_PSK_LEN];
+ unsigned char *tmppsk;
+ char *tmpidentity;
size_t psklen;
if (s->psk_client_callback == NULL) {
SSL_R_PSK_IDENTITY_NOT_FOUND);
goto psk_err;
}
- OPENSSL_free(s->s3->tmp.psk);
- s->s3->tmp.psk = OPENSSL_memdup(psk, psklen);
- OPENSSL_cleanse(psk, psklen);
- if (s->s3->tmp.psk == NULL) {
- OPENSSL_cleanse(identity, sizeof(identity));
- goto memerr;
- }
-
- s->s3->tmp.psklen = psklen;
identitylen = strlen(identity);
if (identitylen > PSK_MAX_IDENTITY_LEN) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
goto psk_err;
}
- OPENSSL_free(s->session->psk_identity);
- s->session->psk_identity = OPENSSL_strdup(identity);
- if (s->session->psk_identity == NULL) {
+
+ tmppsk = OPENSSL_memdup(psk, psklen);
+ tmpidentity = OPENSSL_strdup(identity);
+ if (tmppsk == NULL || tmpidentity == NULL) {
OPENSSL_cleanse(identity, sizeof(identity));
+ OPENSSL_cleanse(psk, psklen);
+ OPENSSL_clear_free(tmppsk, psklen);
+ OPENSSL_clear_free(tmpidentity, identitylen);
goto memerr;
}
+ OPENSSL_free(s->s3->tmp.psk);
+ s->s3->tmp.psk = tmppsk;
+ s->s3->tmp.psklen = psklen;
+ OPENSSL_free(s->session->psk_identity);
+ s->session->psk_identity = tmpidentity;
s2n(identitylen, p);
memcpy(p, identity, identitylen);
pskhdrlen = 2 + identitylen;
p += identitylen;
psk_err = 0;
psk_err:
+ OPENSSL_cleanse(psk, psklen);
OPENSSL_cleanse(identity, sizeof(identity));
if (psk_err != 0) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
}
#ifndef OPENSSL_NO_RSA
else if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {
+ unsigned char *q;
+ EVP_PKEY *pkey = NULL;
+ EVP_PKEY_CTX *pctx = NULL;
size_t enclen;
- pmslen = SSL_MAX_MASTER_KEY_LENGTH;
- pms = OPENSSL_malloc(pmslen);
- if (pms == NULL)
- goto memerr;
+ unsigned char *pms = NULL;
+ size_t pmslen = 0;
if (s->session->peer == NULL) {
/*
goto err;
}
+ pmslen = SSL_MAX_MASTER_KEY_LENGTH;
+ pms = OPENSSL_malloc(pmslen);
+ if (pms == NULL)
+ goto memerr;
+
pms[0] = s->client_version >> 8;
pms[1] = s->client_version & 0xff;
- if (RAND_bytes(pms + 2, pmslen - 2) <= 0)
+ if (RAND_bytes(pms + 2, pmslen - 2) <= 0) {
+ OPENSSL_clear_free(pms, pmslen);
goto err;
+ }
q = p;
/* Fix buf for TLS and beyond */
pctx = EVP_PKEY_CTX_new(pkey, NULL);
if (pctx == NULL || EVP_PKEY_encrypt_init(pctx) <= 0
|| EVP_PKEY_encrypt(pctx, NULL, &enclen, pms, pmslen) <= 0) {
+ OPENSSL_clear_free(pms, pmslen);
+ EVP_PKEY_CTX_free(pctx);
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
ERR_R_EVP_LIB);
goto err;
}
if (EVP_PKEY_encrypt(pctx, p, &enclen, pms, pmslen) <= 0) {
+ OPENSSL_clear_free(pms, pmslen);
+ EVP_PKEY_CTX_free(pctx);
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
SSL_R_BAD_RSA_ENCRYPT);
goto err;
s2n(n, q);
n += 2;
}
+
+ s->s3->tmp.pms = pms;
+ s->s3->tmp.pmslen = pmslen;
}
#endif
#ifndef OPENSSL_NO_DH
else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
DH *dh_clnt = NULL;
const BIGNUM *pub_key;
+ EVP_PKEY *ckey = NULL, *skey = NULL;
+
skey = s->s3->peer_tmp;
if (skey == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
if (dh_clnt == NULL || ssl_derive(s, ckey, skey) == 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
+ EVP_PKEY_free(ckey);
goto err;
}
#ifndef OPENSSL_NO_EC
else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
+ unsigned char *encodedPoint = NULL;
+ int encoded_pt_len = 0;
+ EVP_PKEY *ckey = NULL, *skey = NULL;
skey = s->s3->peer_tmp;
if ((skey == NULL) || EVP_PKEY_get0_EC_KEY(skey) == NULL) {
if (ssl_derive(s, ckey, skey) == 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_EVP_LIB);
+ EVP_PKEY_free(ckey);
goto err;
}
if (encoded_pt_len == 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
+ EVP_PKEY_free(ckey);
goto err;
}
unsigned char shared_ukm[32], tmp[256];
EVP_MD_CTX *ukm_hash;
int dgst_nid = NID_id_GostR3411_94;
+ unsigned char *pms = NULL;
+ size_t pmslen = 0;
+
if ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aGOST12) != 0)
dgst_nid = NID_id_GostR3411_2012_256;
- pmslen = 32;
- pms = OPENSSL_malloc(pmslen);
- if (pms == NULL)
- goto memerr;
-
/*
* Get server sertificate PKEY and create ctx from it
*/
*/
/* Otherwise, generate ephemeral key pair */
+ pmslen = 32;
+ pms = OPENSSL_malloc(pmslen);
+ if (pms == NULL)
+ goto memerr;
if (pkey_ctx == NULL
|| EVP_PKEY_encrypt_init(pkey_ctx) <= 0
/* Generate session key */
|| RAND_bytes(pms, pmslen) <= 0) {
EVP_PKEY_CTX_free(pkey_ctx);
+ OPENSSL_clear_free(pms, pmslen);
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
goto err;
SSL3_RANDOM_SIZE) <= 0
|| EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) {
EVP_MD_CTX_free(ukm_hash);
+ OPENSSL_clear_free(pms, pmslen);
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
goto err;
if (EVP_PKEY_CTX_ctrl
(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, EVP_PKEY_CTRL_SET_IV, 8,
shared_ukm) < 0) {
+ OPENSSL_clear_free(pms, pmslen);
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
SSL_R_LIBRARY_BUG);
goto err;
*(p++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
msglen = 255;
if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, pms, pmslen) <= 0) {
+ OPENSSL_clear_free(pms, pmslen);
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
SSL_R_LIBRARY_BUG);
goto err;
s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
}
EVP_PKEY_CTX_free(pkey_ctx);
-
+ s->s3->tmp.pms = pms;
+ s->s3->tmp.pmslen = pmslen;
}
#endif
#ifndef OPENSSL_NO_SRP
goto err;
}
- if (pms != NULL) {
- s->s3->tmp.pms = pms;
- s->s3->tmp.pmslen = pmslen;
- }
-
return 1;
memerr:
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
err:
- OPENSSL_clear_free(pms, pmslen);
+ OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
s->s3->tmp.pms = NULL;
-#ifndef OPENSSL_NO_RSA
- EVP_PKEY_CTX_free(pctx);
-#endif
-#ifndef OPENSSL_NO_EC
- OPENSSL_free(encodedPoint);
-#endif
-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
- EVP_PKEY_free(ckey);
-#endif
#ifndef OPENSSL_NO_PSK
OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
s->s3->tmp.psk = NULL;
projects / oweals / openssl.git / blobdiff