projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Make sure a bad parameter to RSA_verify_PKCS1_PSS() doesn't lead to a crash.
[openssl.git]
/
ssl
/
s3_pkt.c
diff --git
a/ssl/s3_pkt.c
b/ssl/s3_pkt.c
index b4a1629853afbe9eb9a6959800ec95893dd968f7..330918a78aabfde2e893cf96c30f6a262d2fceae 100644
(file)
--- a/
ssl/s3_pkt.c
+++ b/
ssl/s3_pkt.c
@@
-238,11
+238,9
@@
int ssl3_read_n(SSL *s, int n, int max, int extend)
if (i <= 0)
{
rb->left = left;
if (i <= 0)
{
rb->left = left;
-#ifndef OPENSSL_NO_RELEASE_BUFFERS
- if (len+left == 0 &&
- (s->mode & SSL_MODE_RELEASE_BUFFERS))
- ssl3_release_read_buffer(s);
-#endif
+ if (s->mode & SSL_MODE_RELEASE_BUFFERS)
+ if (len+left == 0)
+ ssl3_release_read_buffer(s);
return(i);
}
left+=i;
return(i);
}
left+=i;
@@
-414,6
+412,7
@@
printf("\n");
if (!clear)
{
if (!clear)
{
+ /* !clear => s->read_hash != NULL => mac_size != -1 */
mac_size=EVP_MD_CTX_size(s->read_hash);
if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
mac_size=EVP_MD_CTX_size(s->read_hash);
if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
@@
-825,15
+824,20
@@
int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
{
wb->left=0;
wb->offset+=i;
{
wb->left=0;
wb->offset+=i;
-#ifndef OPENSSL_NO_RELEASE_BUFFERS
if (s->mode & SSL_MODE_RELEASE_BUFFERS)
ssl3_release_write_buffer(s);
if (s->mode & SSL_MODE_RELEASE_BUFFERS)
ssl3_release_write_buffer(s);
-#endif
s->rwstate=SSL_NOTHING;
return(s->s3->wpend_ret);
}
s->rwstate=SSL_NOTHING;
return(s->s3->wpend_ret);
}
- else if (i <= 0)
+ else if (i <= 0) {
+ if (s->version == DTLS1_VERSION) {
+ /* For DTLS, just drop it. That's kind of the wh
+ole
+ point in using a datagram service */
+ wb->left = 0;
+ }
return(i);
return(i);
+ }
wb->offset+=i;
wb->left-=i;
}
wb->offset+=i;
wb->left-=i;
}
@@
-983,10
+987,8
@@
start:
{
s->rstate=SSL_ST_READ_HEADER;
rr->off=0;
{
s->rstate=SSL_ST_READ_HEADER;
rr->off=0;
-#ifndef OPENSSL_NO_RELEASE_BUFFERS
- if ((s->mode & SSL_MODE_RELEASE_BUFFERS))
+ if (s->mode & SSL_MODE_RELEASE_BUFFERS)
ssl3_release_read_buffer(s);
ssl3_release_read_buffer(s);
-#endif
}
}
return(n);
}
}
return(n);
@@
-1308,6
+1310,13
@@
int ssl3_do_change_cipher_spec(SSL *s)
if (s->s3->tmp.key_block == NULL)
{
if (s->s3->tmp.key_block == NULL)
{
+ if (s->session == NULL)
+ {
+ /* might happen if dtls1_read_bytes() calls this */
+ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
+ return (0);
+ }
+
s->session->cipher=s->s3->tmp.new_cipher;
if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
}
s->session->cipher=s->s3->tmp.new_cipher;
if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
}