OPENSSL_free(extensions);
extensions = NULL;
- if (s->ext.tls13_cookie_len == 0 && s->s3->tmp.pkey != NULL) {
+ if (s->ext.tls13_cookie_len == 0
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+ && s->s3->tmp.pkey != NULL
+#endif
+ ) {
/*
* We didn't receive a cookie or a new key_share so the next
* ClientHello will not change
MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
{
- int al, i, ret = MSG_PROCESS_ERROR;
+ int al, i;
+ MSG_PROCESS_RETURN ret = MSG_PROCESS_ERROR;
unsigned long cert_list_len, cert_len;
X509 *x = NULL;
const unsigned char *certstart, *certbytes;
*/
x = sk_X509_value(sk, 0);
sk = NULL;
- /*
- * VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end
- */
pkey = X509_get0_pubkey(x);
#ifndef OPENSSL_NO_EC
PACKET encoded_pt;
const unsigned char *ecparams;
- int curve_nid;
- unsigned int curve_flags;
- EVP_PKEY_CTX *pctx = NULL;
/*
* Extract elliptic curve parameters and the server's ephemeral ECDH
return 0;
}
- curve_nid = tls1_ec_curve_id2nid(*(ecparams + 2), &curve_flags);
-
- if (curve_nid == 0) {
+ if ((s->s3->peer_tmp = ssl_generate_param_group(ecparams[2])) == NULL) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE,
SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
return 0;
}
- if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
- EVP_PKEY *key = EVP_PKEY_new();
-
- if (key == NULL || !EVP_PKEY_set_type(key, curve_nid)) {
- *al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, ERR_R_EVP_LIB);
- EVP_PKEY_free(key);
- return 0;
- }
- s->s3->peer_tmp = key;
- } else {
- /* Set up EVP_PKEY with named curve as parameters */
- pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
- if (pctx == NULL
- || EVP_PKEY_paramgen_init(pctx) <= 0
- || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, curve_nid) <= 0
- || EVP_PKEY_paramgen(pctx, &s->s3->peer_tmp) <= 0) {
- *al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, ERR_R_EVP_LIB);
- EVP_PKEY_CTX_free(pctx);
- return 0;
- }
- EVP_PKEY_CTX_free(pctx);
- pctx = NULL;
- }
-
if (!PACKET_get_length_prefixed_1(pkt, &encoded_pt)) {
*al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, SSL_R_LENGTH_MISMATCH);
MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
{
- int ret = MSG_PROCESS_ERROR;
+ MSG_PROCESS_RETURN ret = MSG_PROCESS_ERROR;
int al = SSL_AD_DECODE_ERROR;
size_t i;
|| (SSL_IS_TLS13(s)
&& (!PACKET_get_net_4(pkt, &age_add)
|| !PACKET_get_length_prefixed_1(pkt, &nonce)
- || PACKET_remaining(&nonce) == 0
|| !PACKET_memdup(&nonce, &s->session->ext.tick_nonce,
&s->session->ext.tick_nonce_len)))
|| !PACKET_get_net_2(pkt, &ticklen)
* We reused an existing session, so we need to replace it with a new
* one
*/
+ if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
+ goto f_err;
+ }
+
if (i & SSL_SESS_CACHE_CLIENT) {
/*
* Remove the old session from the cache. We carry on if this fails
SSL_CTX_remove_session(s->session_ctx, s->session);
}
- if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
- goto f_err;
- }
-
SSL_SESSION_free(s->session);
s->session = new_sess;
}
pms[0] = s->client_version >> 8;
pms[1] = s->client_version & 0xff;
/* TODO(size_t): Convert this function */
- if (RAND_bytes(pms + 2, (int)(pmslen - 2)) <= 0) {
+ if (ssl_randbytes(s, pms + 2, (int)(pmslen - 2)) <= 0) {
goto err;
}
/* Generate session key
* TODO(size_t): Convert this function
*/
- || RAND_bytes(pms, (int)pmslen) <= 0) {
+ || ssl_randbytes(s, pms, (int)pmslen) <= 0) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR);
goto err;
if (i == 0) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
ossl_statem_set_error(s);
- return 0;
+ return WORK_ERROR;
}
s->rwstate = SSL_NOTHING;
}
if (!ssl3_digest_cached_records(s, 0)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
ossl_statem_set_error(s);
- return 0;
+ return WORK_ERROR;
}
}
}
if (totlen != 0) {
if (empty_reneg_info_scsv) {
static SSL_CIPHER scsv = {
- 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
+ 0, NULL, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) {
SSLerr(SSL_F_SSL_CIPHER_LIST_TO_BYTES, ERR_R_INTERNAL_ERROR);
}
if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) {
static SSL_CIPHER scsv = {
- 0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
+ 0, NULL, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) {
SSLerr(SSL_F_SSL_CIPHER_LIST_TO_BYTES, ERR_R_INTERNAL_ERROR);