diff options
| author |   jca <jca@openbsd.org> | 2014-02-27 21:04:57 +0000 |
|---|---|---|
| committer | jca <jca@openbsd.org> | 2014-02-27 21:04:57 +0000 |
| commit | 724b1063fe45f812c6c49b2bd4e01ffac44b5cf7 (patch) | |
| tree | c0d4574f0e1068cefda493f918eede5b1729afa5 /lib/libssl/t1_enc.c | |
| parent | some unlikely tape candidates (diff) | |
| download | wireguard-openbsd-724b1063fe45f812c6c49b2bd4e01ffac44b5cf7.tar.xz wireguard-openbsd-724b1063fe45f812c6c49b2bd4e01ffac44b5cf7.zip | |
SECURITY fixes backported from openssl-1.0.1f. ok mikeb@
CVE-2013-4353 NULL pointer dereference with crafted Next Protocol
Negotiation record in TLS handshake.
Upstream: 197e0ea
CVE-2013-6449 Fix crash with crafted traffic from a TLS 1.2 client.
Upstream: ca98926, 0294b2b
CVE-2013-6450 Fix DTLS retransmission from previous session.
Upstream: 3462896
Diffstat (limited to 'lib/libssl/t1_enc.c')
| -rw-r--r-- | lib/libssl/t1_enc.c | 28 |
1 files changed, 17 insertions, 11 deletions
diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c index 448eef274fa..638405ec396 100644 --- a/lib/libssl/t1_enc.c +++ b/lib/libssl/t1_enc.c @@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int which) s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; else s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM; - if (s->enc_write_ctx != NULL) + if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s)) reuse_dd = 1; - else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) + else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL) goto err; - else - /* make sure it's intialized in case we exit later with an error */ - EVP_CIPHER_CTX_init(s->enc_write_ctx); dd= s->enc_write_ctx; - mac_ctx = ssl_replace_hash(&s->write_hash,NULL); + if (SSL_IS_DTLS(s)) + { + mac_ctx = EVP_MD_CTX_create(); + if (!mac_ctx) + goto err; + s->write_hash = mac_ctx; + } + else + mac_ctx = ssl_replace_hash(&s->write_hash,NULL); #ifndef OPENSSL_NO_COMP if (s->compress != NULL) { @@ -915,18 +920,19 @@ int tls1_final_finish_mac(SSL *s, if (mask & ssl_get_algorithm2(s)) { int hashsize = EVP_MD_size(md); - if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf))) + EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx]; + if (!hdgst || hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf))) { /* internal error: 'buf' is too small for this cipersuite! */ err = 1; } else { - EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]); - EVP_DigestFinal_ex(&ctx,q,&i); - if (i != (unsigned int)hashsize) /* can't really happen */ + if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) || + !EVP_DigestFinal_ex(&ctx,q,&i) || + (i != (unsigned int)hashsize)) err = 1; - q+=i; + q+=hashsize; } } } |