[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

Matt Caswell matt at openssl.org
Fri Feb 27 15:30:43 UTC 2015


The branch OpenSSL_1_0_1-stable has been updated
       via  d58a852fbd3c7ae2d71949c090a474235b69d693 (commit)
       via  323a7e76e61d977ff9f00a8cff396033a6dc37d2 (commit)
      from  059907771b89549cbd07a81df1a5bdf51e062066 (commit)


- Log -----------------------------------------------------------------
commit d58a852fbd3c7ae2d71949c090a474235b69d693
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Feb 26 11:54:58 2015 +0000

    Fixed missing return value checks.
    
    Added various missing return value checks in tls1_change_cipher_state.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    
    Conflicts:
    	ssl/t1_enc.c

commit 323a7e76e61d977ff9f00a8cff396033a6dc37d2
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Feb 26 11:53:55 2015 +0000

    Fix missing return value checks.
    
    Fixed various missing return value checks in ssl3_send_newsession_ticket.
    Also a mem leak on error.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    
    Conflicts:
    	ssl/s3_srvr.c
    
    Conflicts:
    	ssl/s3_srvr.c

-----------------------------------------------------------------------

Summary of changes:
 ssl/s3_srvr.c |   78 +++++++++++++++++++++++++++++++++++----------------------
 ssl/t1_enc.c  |   25 ++++++++++++------
 2 files changed, 65 insertions(+), 38 deletions(-)

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index ef3964a..b8f91bc 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -3295,14 +3295,16 @@ int ssl3_send_server_certificate(SSL *s)
 /* send a new session ticket (not necessarily for a new session) */
 int ssl3_send_newsession_ticket(SSL *s)
 {
+    unsigned char *senc = NULL;
+    EVP_CIPHER_CTX ctx;
+    HMAC_CTX hctx;
+
     if (s->state == SSL3_ST_SW_SESSION_TICKET_A) {
-        unsigned char *p, *senc, *macstart;
+        unsigned char *p, *macstart;
         const unsigned char *const_p;
         int len, slen_full, slen;
         SSL_SESSION *sess;
         unsigned int hlen;
-        EVP_CIPHER_CTX ctx;
-        HMAC_CTX hctx;
         SSL_CTX *tctx = s->initial_ctx;
         unsigned char iv[EVP_MAX_IV_LENGTH];
         unsigned char key_name[16];
@@ -3313,32 +3315,38 @@ int ssl3_send_newsession_ticket(SSL *s)
          * Some length values are 16 bits, so forget it if session is too
          * long
          */
-        if (slen_full > 0xFF00)
+        if (slen_full == 0 || slen_full > 0xFF00)
             return -1;
         senc = OPENSSL_malloc(slen_full);
         if (!senc)
             return -1;
+
+        EVP_CIPHER_CTX_init(&ctx);
+        HMAC_CTX_init(&hctx);
+
         p = senc;
-        i2d_SSL_SESSION(s->session, &p);
+        if (!i2d_SSL_SESSION(s->session, &p))
+            goto err;
 
         /*
          * create a fresh copy (not shared with other threads) to clean up
          */
         const_p = senc;
         sess = d2i_SSL_SESSION(NULL, &const_p, slen_full);
-        if (sess == NULL) {
-            OPENSSL_free(senc);
-            return -1;
-        }
+        if (sess == NULL)
+            goto err;
         sess->session_id_length = 0; /* ID is irrelevant for the ticket */
 
         slen = i2d_SSL_SESSION(sess, NULL);
-        if (slen > slen_full) { /* shouldn't ever happen */
-            OPENSSL_free(senc);
-            return -1;
+        if (slen == 0 || slen > slen_full) { /* shouldn't ever happen */
+            SSL_SESSION_free(sess);
+            goto err;
         }
         p = senc;
-        i2d_SSL_SESSION(sess, &p);
+        if (!i2d_SSL_SESSION(sess, &p)) {
+            SSL_SESSION_free(sess);
+            goto err;
+        }
         SSL_SESSION_free(sess);
 
         /*-
@@ -3352,31 +3360,30 @@ int ssl3_send_newsession_ticket(SSL *s)
         if (!BUF_MEM_grow(s->init_buf,
                           26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
                           EVP_MAX_MD_SIZE + slen))
-            return -1;
+            goto err;
 
         p = (unsigned char *)s->init_buf->data;
         /* do the header */
         *(p++) = SSL3_MT_NEWSESSION_TICKET;
         /* Skip message length for now */
         p += 3;
-        EVP_CIPHER_CTX_init(&ctx);
-        HMAC_CTX_init(&hctx);
         /*
          * Initialize HMAC and cipher contexts. If callback present it does
          * all the work otherwise use generated values from parent ctx.
          */
         if (tctx->tlsext_ticket_key_cb) {
             if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
-                                           &hctx, 1) < 0) {
-                OPENSSL_free(senc);
-                return -1;
-            }
+                                           &hctx, 1) < 0)
+                goto err;
         } else {
-            RAND_pseudo_bytes(iv, 16);
-            EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
-                               tctx->tlsext_tick_aes_key, iv);
-            HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
-                         tlsext_tick_md(), NULL);
+            if (RAND_bytes(iv, 16) <= 0)
+                goto err;
+            if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
+                                    tctx->tlsext_tick_aes_key, iv))
+                goto err;
+            if (!HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
+                              tlsext_tick_md(), NULL))
+                goto err;
             memcpy(key_name, tctx->tlsext_tick_key_name, 16);
         }
 
@@ -3397,14 +3404,19 @@ int ssl3_send_newsession_ticket(SSL *s)
         memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
         p += EVP_CIPHER_CTX_iv_length(&ctx);
         /* Encrypt session data */
-        EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
+        if (!EVP_EncryptUpdate(&ctx, p, &len, senc, slen))
+            goto err;
         p += len;
-        EVP_EncryptFinal(&ctx, p, &len);
+        if (!EVP_EncryptFinal(&ctx, p, &len))
+            goto err;
         p += len;
-        EVP_CIPHER_CTX_cleanup(&ctx);
 
-        HMAC_Update(&hctx, macstart, p - macstart);
-        HMAC_Final(&hctx, p, &hlen);
+        if (!HMAC_Update(&hctx, macstart, p - macstart))
+            goto err;
+        if (!HMAC_Final(&hctx, p, &hlen))
+            goto err;
+
+        EVP_CIPHER_CTX_cleanup(&ctx);
         HMAC_CTX_cleanup(&hctx);
 
         p += hlen;
@@ -3425,6 +3437,12 @@ int ssl3_send_newsession_ticket(SSL *s)
 
     /* SSL3_ST_SW_SESSION_TICKET_B */
     return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+ err:
+    if (senc)
+        OPENSSL_free(senc);
+    EVP_CIPHER_CTX_cleanup(&ctx);
+    HMAC_CTX_cleanup(&hctx);
+    return -1;
 }
 
 int ssl3_send_cert_status(SSL *s)
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 741dc0b..0d70116 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -551,15 +551,24 @@ int tls1_change_cipher_state(SSL *s, int which)
 #endif                          /* KSSL_DEBUG */
 
     if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) {
-        EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE));
-        EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, k, iv);
-    } else
-        EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE));
-
+        if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE))
+            || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, k, iv)) {
+            SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+            goto err2;
+        }
+    } else {
+        if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) {
+            SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+            goto err2;
+        }
+    }
     /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
-    if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size)
-        EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY,
-                            *mac_secret_size, mac_secret);
+    if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size
+        && !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY,
+                                *mac_secret_size, mac_secret)) {
+        SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+        goto err2;
+    }
 
 #ifdef TLS_DEBUG
     printf("which = %04X\nkey=", which);


More information about the openssl-commits mailing list