From 1f910bdbc1d8568df20e76df8459b3b0ce759d39 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Wed, 15 May 2019 09:13:17 +0000 Subject: s3 is never NULL since s2 (formerly used for SSLv2) does not exist, so there is no need to check for it. Fixes COV-165788, identified with help from Alex Bumstead. ok jsing@ --- lib/libssl/ssl_cert.c | 5 ++--- lib/libssl/ssl_ciphers.c | 12 +++++------- lib/libssl/ssl_lib.c | 32 +++++++++++++------------------- 3 files changed, 20 insertions(+), 29 deletions(-) (limited to 'lib/libssl') diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c index 4641ac92d08..af8ef329b4b 100644 --- a/lib/libssl/ssl_cert.c +++ b/lib/libssl/ssl_cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_cert.c,v 1.75 2019/04/13 18:04:05 tb Exp $ */ +/* $OpenBSD: ssl_cert.c,v 1.76 2019/05/15 09:13:16 bcook Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -508,8 +508,7 @@ SSL_get_client_CA_list(const SSL *s) { if (s->internal->type == SSL_ST_CONNECT) { /* We are in the client. */ - if (((s->version >> 8) == SSL3_VERSION_MAJOR) && - (s->s3 != NULL)) + if ((s->version >> 8) == SSL3_VERSION_MAJOR) return (S3I(s)->tmp.ca_names); else return (NULL); diff --git a/lib/libssl/ssl_ciphers.c b/lib/libssl/ssl_ciphers.c index 374cb6684ed..3abed60b5b7 100644 --- a/lib/libssl/ssl_ciphers.c +++ b/lib/libssl/ssl_ciphers.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciphers.c,v 1.2 2019/01/21 14:12:13 tb Exp $ */ +/* $OpenBSD: ssl_ciphers.c,v 1.3 2019/05/15 09:13:16 bcook Exp $ */ /* * Copyright (c) 2015-2017 Doug Hogan * Copyright (c) 2015-2018 Joel Sing @@ -95,8 +95,7 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs) uint16_t cipher_value, max_version; unsigned long cipher_id; - if (s->s3 != NULL) - S3I(s)->send_connection_binding = 0; + S3I(s)->send_connection_binding = 0; if ((ciphers = sk_SSL_CIPHER_new_null()) == NULL) { SSLerror(s, ERR_R_MALLOC_FAILURE); @@ -111,7 +110,7 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs) cipher_id = SSL3_CK_ID | cipher_value; - if (s->s3 != NULL && cipher_id == SSL3_CK_SCSV) { + if (cipher_id == SSL3_CK_SCSV) { /* * TLS_EMPTY_RENEGOTIATION_INFO_SCSV is fatal if * renegotiating. @@ -137,9 +136,8 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs) max_version = ssl_max_server_version(s); if (max_version == 0 || s->version < max_version) { SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK); - if (s->s3 != NULL) - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_INAPPROPRIATE_FALLBACK); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_INAPPROPRIATE_FALLBACK); goto err; } continue; diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index adcaa1b3cca..bf370cbfb24 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.204 2019/03/25 17:33:26 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.205 2019/05/15 09:13:16 bcook Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -696,14 +696,12 @@ err: size_t SSL_get_finished(const SSL *s, void *buf, size_t count) { - size_t ret = 0; + size_t ret; - if (s->s3 != NULL) { - ret = S3I(s)->tmp.finish_md_len; - if (count > ret) - count = ret; - memcpy(buf, S3I(s)->tmp.finish_md, count); - } + ret = S3I(s)->tmp.finish_md_len; + if (count > ret) + count = ret; + memcpy(buf, S3I(s)->tmp.finish_md, count); return (ret); } @@ -711,14 +709,12 @@ SSL_get_finished(const SSL *s, void *buf, size_t count) size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) { - size_t ret = 0; + size_t ret; - if (s->s3 != NULL) { - ret = S3I(s)->tmp.peer_finish_md_len; - if (count > ret) - count = ret; - memcpy(buf, S3I(s)->tmp.peer_finish_md, count); - } + ret = S3I(s)->tmp.peer_finish_md_len; + if (count > ret) + count = ret; + memcpy(buf, S3I(s)->tmp.peer_finish_md, count); return (ret); } @@ -1637,10 +1633,8 @@ SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, *data = NULL; *len = 0; - if (ssl->s3 != NULL) { - *data = ssl->s3->internal->alpn_selected; - *len = ssl->s3->internal->alpn_selected_len; - } + *data = ssl->s3->internal->alpn_selected; + *len = ssl->s3->internal->alpn_selected_len; } int -- cgit v1.2.3