CERT tidy (76106e60) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

ssl/s3_clnt.c

+6 −6

Original line number	Diff line number	Diff line
		@@ -3003,13 +3003,13 @@ int ssl3_send_client_key_exchange(SSL *s)
		#endif
		/* If we haven't written everything save PMS */
		if (n <= 0) {
		s->cert->pms = pms;
		s->cert->pmslen = pmslen;
		s->s3->tmp.pms = pms;
		s->s3->tmp.pmslen = pmslen;
		} else {
		/* If we don't have a PMS restore */
		if (pms == NULL) {
		pms = s->cert->pms;
		pmslen = s->cert->pmslen;
		pms = s->s3->tmp.pms;
		pmslen = s->s3->tmp.pmslen;
		}
		if (pms == NULL) {
		ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
		@@ -3022,7 +3022,7 @@ int ssl3_send_client_key_exchange(SSL *s)
		session->master_key,
		pms, pmslen);
		OPENSSL_clear_free(pms, pmslen);
		s->cert->pms = NULL;
		s->s3->tmp.pms = NULL;
		if (s->session->master_key_length < 0) {
		ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
		SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
		@@ -3035,7 +3035,7 @@ int ssl3_send_client_key_exchange(SSL *s)
		SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
		err:
		OPENSSL_clear_free(pms, pmslen);
		s->cert->pms = NULL;
		s->s3->tmp.pms = NULL;
		#ifndef OPENSSL_NO_EC
		BN_CTX_free(bn_ctx);
		OPENSSL_free(encodedPoint);

+9 −0

Original line number	Diff line number	Diff line
		@@ -2902,6 +2902,9 @@ void ssl3_free(SSL *s)
		#endif

		sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
		OPENSSL_free(s->s3->tmp.ciphers_raw);
		OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
		OPENSSL_free(s->s3->tmp.peer_sigalgs);
		BIO_free(s->s3->handshake_buffer);
		if (s->s3->handshake_dgst)
		ssl3_free_digest_list(s);
		@@ -2922,6 +2925,12 @@ void ssl3_clear(SSL *s)

		ssl3_cleanup_key_block(s);
		sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
		OPENSSL_free(s->s3->tmp.ciphers_raw);
		s->s3->tmp.ciphers_raw = NULL;
		OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
		s->s3->tmp.pms = NULL;
		OPENSSL_free(s->s3->tmp.peer_sigalgs);
		s->s3->tmp.peer_sigalgs = NULL;

		#ifndef OPENSSL_NO_DH
		DH_free(s->s3->tmp.dh);

+4 −4

Original line number	Diff line number	Diff line
		@@ -3572,13 +3572,13 @@ STACK_OF(SSL_CIPHER) ssl_bytes_to_cipher_list(SSL s, unsigned char *p,
		sk_SSL_CIPHER_zero(sk);
		}

		OPENSSL_free(s->cert->ciphers_raw);
		s->cert->ciphers_raw = BUF_memdup(p, num);
		if (s->cert->ciphers_raw == NULL) {
		OPENSSL_free(s->s3->tmp.ciphers_raw);
		s->s3->tmp.ciphers_raw = BUF_memdup(p, num);
		if (s->s3->tmp.ciphers_raw == NULL) {
		SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
		goto err;
		}
		s->cert->ciphers_rawlen = (size_t)num;
		s->s3->tmp.ciphers_rawlen = (size_t)num;

		for (i = 0; i < num; i += n) {
		/* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */

+1 −11

Original line number	Diff line number	Diff line
		@@ -311,11 +311,7 @@ CERT ssl_cert_dup(CERT cert)
		* will be set during handshake.
		*/
		ssl_cert_set_default_md(ret);
		/* Peer sigalgs set to NULL as we get these from handshake too */
		ret->peer_sigalgs = NULL;
		ret->peer_sigalgslen = 0;
		/* Configured sigalgs however we copy across */

		/* Configured sigalgs copied across */
		if (cert->conf_sigalgs) {
		ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen);
		if (!ret->conf_sigalgs)
		@@ -361,8 +357,6 @@ CERT ssl_cert_dup(CERT cert)
		ret->chain_store = cert->chain_store;
		}

		ret->ciphers_raw = NULL;

		ret->sec_cb = cert->sec_cb;
		ret->sec_level = cert->sec_level;
		ret->sec_ex = cert->sec_ex;
		@@ -438,20 +432,16 @@ void ssl_cert_free(CERT *c)
		#endif

		ssl_cert_clear_certs(c);
		OPENSSL_free(c->peer_sigalgs);
		OPENSSL_free(c->conf_sigalgs);
		OPENSSL_free(c->client_sigalgs);
		OPENSSL_free(c->shared_sigalgs);
		OPENSSL_free(c->ctypes);
		X509_STORE_free(c->verify_store);
		X509_STORE_free(c->chain_store);
		OPENSSL_free(c->ciphers_raw);
		#ifndef OPENSSL_NO_TLSEXT
		custom_exts_free(&c->cli_ext);
		custom_exts_free(&c->srv_ext);
		#endif
		OPENSSL_clear_free(c->pms, c->pmslen);
		c->pms = NULL;
		OPENSSL_free(c);
		}

+3 −12

Original line number	Diff line number	Diff line
		@@ -1076,10 +1076,10 @@ long SSL_ctrl(SSL s, int cmd, long larg, void parg)

		case SSL_CTRL_GET_RAW_CIPHERLIST:
		if (parg) {
		if (s->cert->ciphers_raw == NULL)
		if (s->s3->tmp.ciphers_raw == NULL)
		return 0;
		(unsigned char *)parg = s->cert->ciphers_raw;
		return (int)s->cert->ciphers_rawlen;
		(unsigned char *)parg = s->s3->tmp.ciphers_raw;
		return (int)s->s3->tmp.ciphers_rawlen;
		} else
		return ssl_put_cipher_by_char(s, NULL, NULL);
		case SSL_CTRL_GET_EXTMS_SUPPORT:
		@@ -2826,15 +2826,6 @@ SSL_CTX SSL_set_SSL_CTX(SSL ssl, SSL_CTX *ctx)
		if (new_cert == NULL) {
		return NULL;
		}
		/* Preserve any already negotiated parameters */
		if (ssl->server) {
		new_cert->peer_sigalgs = ssl->cert->peer_sigalgs;
		new_cert->peer_sigalgslen = ssl->cert->peer_sigalgslen;
		ssl->cert->peer_sigalgs = NULL;
		new_cert->ciphers_raw = ssl->cert->ciphers_raw;
		new_cert->ciphers_rawlen = ssl->cert->ciphers_rawlen;
		ssl->cert->ciphers_raw = NULL;
		}
		ssl_cert_free(ssl->cert);
		ssl->cert = new_cert;