summaryrefslogtreecommitdiff
path: root/lib/libssl/t1_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libssl/t1_lib.c')
-rw-r--r--lib/libssl/t1_lib.c70
1 files changed, 29 insertions, 41 deletions
diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c
index 6af6d77eddb..d21e6ef6462 100644
--- a/lib/libssl/t1_lib.c
+++ b/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.159 2019/04/22 15:12:20 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.160 2019/04/22 16:03:54 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -896,10 +896,8 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, const unsigned char *etick,
* required for a session cookie is never less than this,
* this check isn't too strict. The exact check comes later.
*/
- if (eticklen < 16 + EVP_MAX_IV_LENGTH) {
- ret = 2;
- goto done;
- }
+ if (eticklen < 16 + EVP_MAX_IV_LENGTH)
+ goto derr;
/* Initialize session ticket encryption and HMAC contexts */
if (tctx->internal->tlsext_ticket_key_cb) {
@@ -908,19 +906,15 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, const unsigned char *etick,
nctick, nctick + 16, &ctx, &hctx, 0);
if (rv < 0)
goto err;
- if (rv == 0) {
- ret = 2;
- goto done;
- }
+ if (rv == 0)
+ goto derr;
if (rv == 2)
renew_ticket = 1;
} else {
/* Check key name matches */
if (timingsafe_memcmp(etick,
- tctx->internal->tlsext_tick_key_name, 16)) {
- ret = 2;
- goto done;
- }
+ tctx->internal->tlsext_tick_key_name, 16))
+ goto derr;
HMAC_Init_ex(&hctx, tctx->internal->tlsext_tick_hmac_key,
16, EVP_sha256(), NULL);
EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
@@ -936,10 +930,8 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, const unsigned char *etick,
goto err;
/* Sanity check ticket length: must exceed keyname + IV + HMAC */
- if (eticklen <= 16 + EVP_CIPHER_CTX_iv_length(&ctx) + mlen) {
- ret = 2;
- goto done;
- }
+ if (eticklen <= 16 + EVP_CIPHER_CTX_iv_length(&ctx) + mlen)
+ goto derr;
eticklen -= mlen;
/* Check HMAC of encrypted ticket */
@@ -947,38 +939,29 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, const unsigned char *etick,
HMAC_Final(&hctx, tick_hmac, NULL) <= 0)
goto err;
- if (timingsafe_memcmp(tick_hmac, etick + eticklen, mlen)) {
- ret = 2;
- goto done;
- }
+ if (timingsafe_memcmp(tick_hmac, etick + eticklen, mlen))
+ goto derr;
/* Attempt to decrypt session data */
/* Move p after IV to start of encrypted ticket, update length */
p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
- if ((sdec = malloc(eticklen)) == NULL) {
- ret = -1;
- goto done;
- }
- if (EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen) <= 0) {
- ret = 2;
- goto done;
- }
- if (EVP_DecryptFinal_ex(&ctx, sdec + slen, &mlen) <= 0) {
- ret = 2;
- goto done;
- }
+ if ((sdec = malloc(eticklen)) == NULL)
+ goto err;
+ if (EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen) <= 0)
+ goto derr;
+ if (EVP_DecryptFinal_ex(&ctx, sdec + slen, &mlen) <= 0)
+ goto derr;
+
slen += mlen;
p = sdec;
- if ((sess = d2i_SSL_SESSION(NULL, &p, slen)) == NULL) {
- /*
- * For session parse failure, indicate that we need to send a
- * new ticket.
- */
- ret = 2;
- goto done;
- }
+ /*
+ * For session parse failures, indicate that we need to send a new
+ * ticket.
+ */
+ if ((sess = d2i_SSL_SESSION(NULL, &p, slen)) == NULL)
+ goto derr;
/*
* The session ID, if non-empty, is used by some clients to detect that
@@ -1000,8 +983,13 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, const unsigned char *etick,
goto done;
+ derr:
+ ret = 2;
+ goto done;
+
err:
ret = -1;
+ goto done;
done:
free(sdec);