diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2014-11-27 16:13:37 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2014-11-27 16:13:37 +0000 |
| commit | 4994014b08d1bd64046eeb65f14dcb00015bc121 (patch) | |
| tree | 804845aec20f8021b407d2ae6d168c7f6ba3cfea | |
| parent | f0149275512665a5419a6378c2460d2924a51957 (diff) | |
Ensure that sess_cert is not NULL at the start of
ssl3_send_client_key_exchange(), rather than checking it in the key
exchange algorithm specific code.
ok beck@ miod@
| -rw-r--r-- | lib/libssl/s3_clnt.c | 34 |
1 files changed, 9 insertions, 25 deletions
diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c index 49efb26277e..1b94200f14a 100644 --- a/lib/libssl/s3_clnt.c +++ b/lib/libssl/s3_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_clnt.c,v 1.95 2014/11/19 05:51:25 doug Exp $ */ +/* $OpenBSD: s3_clnt.c,v 1.96 2014/11/27 16:13:36 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1964,18 +1964,18 @@ ssl3_send_client_key_exchange(SSL *s) alg_k = s->s3->tmp.new_cipher->algorithm_mkey; + if (s->session->sess_cert == NULL) { + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto err; + } + if (alg_k & SSL_kRSA) { RSA *rsa; unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; - if (s->session->sess_cert == NULL) { - /* We should always have a server - * certificate with SSL_kRSA. */ - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - goto err; - } - if (s->session->sess_cert->peer_rsa_tmp != NULL) rsa = s->session->sess_cert->peer_rsa_tmp; else { @@ -2026,14 +2026,6 @@ ssl3_send_client_key_exchange(SSL *s) } else if (alg_k & SSL_kDHE) { DH *dh_srvr, *dh_clnt; - if (s->session->sess_cert == NULL) { - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_UNEXPECTED_MESSAGE); - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - SSL_R_UNEXPECTED_MESSAGE); - goto err; - } - if (s->session->sess_cert->peer_dh_tmp != NULL) dh_srvr = s->session->sess_cert->peer_dh_tmp; else { @@ -2093,14 +2085,6 @@ ssl3_send_client_key_exchange(SSL *s) int ecdh_clnt_cert = 0; int field_size = 0; - if (s->session->sess_cert == NULL) { - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_UNEXPECTED_MESSAGE); - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - SSL_R_UNEXPECTED_MESSAGE); - goto err; - } - /* * Did we send out the client's ECDH share for use * in premaster computation as part of client |