/* init things to blank */
s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s))
- SSL_clear(s);
+ if (!SSL_in_init(s) || SSL_in_before(s)) {
+ if(!SSL_clear(s))
+ return -1;
+ }
if (s->cert == NULL) {
SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
sizeof
(rand_premaster_secret));
OPENSSL_cleanse(p, sizeof(rand_premaster_secret));
+ if(s->session->master_key_length < 0) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
} else
#endif
#ifndef OPENSSL_NO_DH
if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd)) {
int idx = -1;
EVP_PKEY *skey = NULL;
- if (n)
+ if (n > 1) {
n2s(p, i);
- else
+ } else {
+ if (alg_k & SSL_kDHE) {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
+ goto f_err;
+ }
i = 0;
+ }
if (n && n != i + 2) {
if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
session->master_key,
p, i);
OPENSSL_cleanse(p, i);
+ if(s->session->master_key_length < 0) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
if (dh_clnt)
return 2;
} else
s->
session->master_key,
pms, outl);
+ if(s->session->master_key_length < 0) {
+ al = SSL_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
if (kssl_ctx->client_princ) {
size_t len = strlen(kssl_ctx->client_princ);
p, i);
OPENSSL_cleanse(p, i);
+ if(s->session->master_key_length < 0) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
return (ret);
} else
#endif
session->master_key,
psk_or_pre_ms,
pre_ms_len);
+ if(s->session->master_key_length < 0) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto psk_err;
+ }
psk_err = 0;
psk_err:
OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
s->
session->master_key,
premaster_secret, 32);
+ if(s->session->master_key_length < 0) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
/* Check if pubkey from client certificate was used */
if (EVP_PKEY_CTX_ctrl
(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
projects / openssl.git / blobdiff