Commit 6ba71a71 authored by Ben Laurie's avatar Ben Laurie
Browse files

Handle the unlikely event that BIO_get_mem_data() returns -ve.

parent 4ded7b44

ssl/s3_clnt.c

+2 −1
Original line number Diff line number Diff line
@@ -871,7 +871,8 @@ int ssl3_get_server_hello(SSL *s) 
			}

		}

	s->s3->tmp.new_cipher=c;

	ssl3_digest_cached_records(s);

	if (!ssl3_digest_cached_records(s))

		goto f_err;



	/* lets get the compression algorithm */

	/* COMPRESSION */

ssl/s3_enc.c

+39 −27
Original line number Diff line number Diff line
@@ -580,18 +580,26 @@ void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len) 
			}

		}	

	}

void ssl3_digest_cached_records(SSL *s)



int ssl3_digest_cached_records(SSL *s)

	{

	int i;

	long mask;

	const EVP_MD *md;

	long hdatalen;

	void *hdata;



	/* Allocate handshake_dgst array */

	ssl3_free_digest_list(s);

	s->s3->handshake_dgst = OPENSSL_malloc(SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *));

	memset(s->s3->handshake_dgst,0,SSL_MAX_DIGEST *sizeof(EVP_MD_CTX *));

	hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,&hdata);

	if (hdatalen <= 0)

		{

		SSLerr(SSL_F_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH);

		return 0;

		}



	/* Loop through bitso of algorithm2 field and create MD_CTX-es */

	for (i=0;ssl_get_handshake_digest(i,&mask,&md); i++) 

		{
@@ -610,7 +618,9 @@ void ssl3_digest_cached_records(SSL *s) 
	BIO_free(s->s3->handshake_buffer);

	s->s3->handshake_buffer = NULL;



	return 1;

	}



int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p)

	{

	return(ssl3_handshake_mac(s,md_nid,NULL,0,p));
@@ -632,8 +642,10 @@ static int ssl3_handshake_mac(SSL *s, int md_nid, 
	unsigned int i;

	unsigned char md_buf[EVP_MAX_MD_SIZE];

	EVP_MD_CTX ctx,*d=NULL;



	if (s->s3->handshake_buffer) 

		ssl3_digest_cached_records(s);

		if (!ssl3_digest_cached_records(s))

			return 0;



	/* Search for djgest of specified type  in the handshake_dgst

	 * array*/

ssl/s3_srvr.c

+4 −2
Original line number Diff line number Diff line
@@ -531,7 +531,8 @@ int ssl3_accept(SSL *s) 
				 * should be generalized. But it is next step

				 */

				if (s->s3->handshake_buffer)

					ssl3_digest_cached_records(s);

					if (!ssl3_digest_cached_records(s))

						return -1;

				for (dgst_num=0; dgst_num<SSL_MAX_DIGEST;dgst_num++)	

					if (s->s3->handshake_dgst[dgst_num]) 

						{
@@ -1158,7 +1159,8 @@ int ssl3_get_client_hello(SSL *s) 
		s->s3->tmp.new_cipher=s->session->cipher;

		}



	ssl3_digest_cached_records(s);

	if (!ssl3_digest_cached_records(s))

		goto f_err;

	

	/* we now have the following setup. 

	 * client_random

ssl/ssl.h

+3 −1
Original line number Diff line number Diff line
@@ -1784,6 +1784,7 @@ void ERR_load_SSL_strings(void); 
#define SSL_F_CLIENT_HELLO				 101

#define SSL_F_CLIENT_MASTER_KEY				 102

#define SSL_F_D2I_SSL_SESSION				 103

#define SSL_F_DIGEST_CACHED_RECORDS			 293

#define SSL_F_DO_DTLS1_WRITE				 245

#define SSL_F_DO_SSL3_WRITE				 104

#define SSL_F_DTLS1_ACCEPT				 246
@@ -1945,6 +1946,7 @@ void ERR_load_SSL_strings(void); 
#define SSL_F_SSL_SET_RFD				 194

#define SSL_F_SSL_SET_SESSION				 195

#define SSL_F_SSL_SET_SESSION_ID_CONTEXT		 218

#define SSL_F_SSL_SET_SESSION_TICKET_EXT		 294

#define SSL_F_SSL_SET_TRUST				 228

#define SSL_F_SSL_SET_WFD				 196

#define SSL_F_SSL_SHUTDOWN				 224
@@ -1972,7 +1974,6 @@ void ERR_load_SSL_strings(void); 
#define SSL_F_TLS1_PRF					 284

#define SSL_F_TLS1_SETUP_KEY_BLOCK			 211

#define SSL_F_WRITE_PENDING				 212

#define SSL_F_SSL_SET_SESSION_TICKET_EXT		 213



/* Reason codes. */

#define SSL_R_APP_DATA_IN_HANDSHAKE			 100
@@ -1991,6 +1992,7 @@ void ERR_load_SSL_strings(void); 
#define SSL_R_BAD_ECC_CERT				 304

#define SSL_R_BAD_ECDSA_SIGNATURE			 305

#define SSL_R_BAD_ECPOINT				 306

#define SSL_R_BAD_HANDSHAKE_LENGTH			 332

#define SSL_R_BAD_HELLO_REQUEST				 105

#define SSL_R_BAD_LENGTH				 271

#define SSL_R_BAD_MAC_DECODE				 113

ssl/ssl_err.c

+3 −1
Original line number Diff line number Diff line
@@ -75,6 +75,7 @@ static ERR_STRING_DATA SSL_str_functs[]= 
{ERR_FUNC(SSL_F_CLIENT_HELLO),	"CLIENT_HELLO"},

{ERR_FUNC(SSL_F_CLIENT_MASTER_KEY),	"CLIENT_MASTER_KEY"},

{ERR_FUNC(SSL_F_D2I_SSL_SESSION),	"d2i_SSL_SESSION"},

{ERR_FUNC(SSL_F_DIGEST_CACHED_RECORDS),	"DIGEST_CACHED_RECORDS"},

{ERR_FUNC(SSL_F_DO_DTLS1_WRITE),	"DO_DTLS1_WRITE"},

{ERR_FUNC(SSL_F_DO_SSL3_WRITE),	"DO_SSL3_WRITE"},

{ERR_FUNC(SSL_F_DTLS1_ACCEPT),	"DTLS1_ACCEPT"},
@@ -236,6 +237,7 @@ static ERR_STRING_DATA SSL_str_functs[]= 
{ERR_FUNC(SSL_F_SSL_SET_RFD),	"SSL_set_rfd"},

{ERR_FUNC(SSL_F_SSL_SET_SESSION),	"SSL_set_session"},

{ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT),	"SSL_set_session_id_context"},

{ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT),	"SSL_set_session_ticket_ext"},

{ERR_FUNC(SSL_F_SSL_SET_TRUST),	"SSL_set_trust"},

{ERR_FUNC(SSL_F_SSL_SET_WFD),	"SSL_set_wfd"},

{ERR_FUNC(SSL_F_SSL_SHUTDOWN),	"SSL_shutdown"},
@@ -263,7 +265,6 @@ static ERR_STRING_DATA SSL_str_functs[]= 
{ERR_FUNC(SSL_F_TLS1_PRF),	"tls1_prf"},

{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK),	"TLS1_SETUP_KEY_BLOCK"},

{ERR_FUNC(SSL_F_WRITE_PENDING),	"WRITE_PENDING"},

{ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"},

{0,NULL}

	};
@@ -285,6 +286,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= 
{ERR_REASON(SSL_R_BAD_ECC_CERT)          ,"bad ecc cert"},

{ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE)   ,"bad ecdsa signature"},

{ERR_REASON(SSL_R_BAD_ECPOINT)           ,"bad ecpoint"},

{ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH)  ,"bad handshake length"},

{ERR_REASON(SSL_R_BAD_HELLO_REQUEST)     ,"bad hello request"},

{ERR_REASON(SSL_R_BAD_LENGTH)            ,"bad length"},

{ERR_REASON(SSL_R_BAD_MAC_DECODE)        ,"bad mac decode"},