{
int al;
unsigned long alg_k;
-#ifndef OPENSSL_NO_RSA
- RSA *rsa = NULL;
-#endif
-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
- EVP_PKEY *ckey = NULL;
-#endif
- PACKET enc_premaster;
- unsigned char *rsa_decrypt = NULL;
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
int decrypt_len;
unsigned char decrypt_good, version_good;
size_t j, padding_len;
+ PACKET enc_premaster;
+ RSA *rsa = NULL;
+ unsigned char *rsa_decrypt = NULL;
- /* FIX THIS UP EAY EAY EAY EAY */
rsa = EVP_PKEY_get0_RSA(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey);
if (rsa == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
if (rsa_decrypt == NULL) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+ OPENSSL_free(rsa_decrypt);
goto f_err;
}
if (RAND_bytes(rand_premaster_secret,
sizeof(rand_premaster_secret)) <= 0) {
+ OPENSSL_free(rsa_decrypt);
goto err;
}
PACKET_data(&enc_premaster),
rsa_decrypt, rsa, RSA_NO_PADDING);
if (decrypt_len < 0) {
+ OPENSSL_free(rsa_decrypt);
goto err;
}
if (decrypt_len < 11 + SSL_MAX_MASTER_KEY_LENGTH) {
al = SSL_AD_DECRYPT_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_DECRYPTION_FAILED);
+ OPENSSL_free(rsa_decrypt);
goto f_err;
}
sizeof(rand_premaster_secret), 0)) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ OPENSSL_free(rsa_decrypt);
goto f_err;
}
OPENSSL_free(rsa_decrypt);
- rsa_decrypt = NULL;
} else
#endif
#ifndef OPENSSL_NO_DH
unsigned int i;
BIGNUM *pub_key;
const unsigned char *data;
+ EVP_PKEY *ckey = NULL;
if (!PACKET_get_net_2(pkt, &i)) {
if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
ckey = EVP_PKEY_new();
if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) == 0) {
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_BN_LIB);
+ EVP_PKEY_free(ckey);
goto err;
}
cdh = EVP_PKEY_get0_DH(ckey);
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
if (pub_key != NULL)
BN_free(pub_key);
+ EVP_PKEY_free(ckey);
goto err;
}
if (ssl_derive(s, skey, ckey) == 0) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ EVP_PKEY_free(ckey);
goto f_err;
}
EVP_PKEY_free(ckey);
- ckey = NULL;
EVP_PKEY_free(s->s3->tmp.pkey);
s->s3->tmp.pkey = NULL;
#ifndef OPENSSL_NO_EC
if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
EVP_PKEY *skey = s->s3->tmp.pkey;
+ EVP_PKEY *ckey = NULL;
if (PACKET_remaining(pkt) == 0L) {
/* We don't support ECDH client auth */
ckey = EVP_PKEY_new();
if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) <= 0) {
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EVP_LIB);
+ EVP_PKEY_free(ckey);
goto err;
}
if (EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(ckey), data, i,
NULL) == 0) {
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
+ EVP_PKEY_free(ckey);
goto err;
}
}
if (ssl_derive(s, skey, ckey) == 0) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ EVP_PKEY_free(ckey);
goto f_err;
}
EVP_PKEY_free(ckey);
- ckey = NULL;
EVP_PKEY_free(s->s3->tmp.pkey);
s->s3->tmp.pkey = NULL;
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SRP)
err:
#endif
-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
- EVP_PKEY_free(ckey);
-#endif
- OPENSSL_free(rsa_decrypt);
#ifndef OPENSSL_NO_PSK
OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
s->s3->tmp.psk = NULL;