return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
}
- _gnutls_auth_cipher_tag(¶ms->read.cipher_state, tag, tag_size);
+ ret = _gnutls_auth_cipher_tag(¶ms->read.cipher_state, tag, tag_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
/* This one was introduced to avoid a timing attack against the TLS
* 1.0 protocol.
gnutls_assert();
return ret;
}
- _gnutls_auth_cipher_tag(handle, tag_ptr, tag_size);
+ ret = _gnutls_auth_cipher_tag(handle, tag_ptr, tag_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
ret = _gnutls_cipher_encrypt2(&handle->cipher, text, textlen, ciphertext, ciphertextlen);
if (ret < 0)
- {
- gnutls_assert();
- return ret;
- }
+ return gnutls_assert_val(ret);
}
else if (handle->is_auth)
{
ret = _gnutls_cipher_encrypt2(&handle->cipher, text, textlen, ciphertext, ciphertextlen);
if (ret < 0)
- {
- gnutls_assert();
- return ret;
- }
- _gnutls_auth_cipher_tag(handle, tag_ptr, tag_size);
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_auth_cipher_tag(handle, tag_ptr, tag_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
}
return 0;
return 0;
}
-void _gnutls_auth_cipher_tag(auth_cipher_hd_st * handle, void* tag, int tag_size)
+int _gnutls_auth_cipher_tag(auth_cipher_hd_st * handle, void* tag, int tag_size)
{
+int ret = 0;
if (handle->is_mac)
{
if (handle->ssl_hmac)
{
- _gnutls_mac_output_ssl3 (&handle->mac, tag);
+ ret = _gnutls_mac_output_ssl3 (&handle->mac, tag);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
_gnutls_hash_reset (&handle->mac);
}
else
{
_gnutls_cipher_tag(&handle->cipher, tag, tag_size);
}
+
+ return 0;
}
void _gnutls_auth_cipher_deinit (auth_cipher_hd_st * handle)
{
if (handle->is_mac)
{
- if (handle->ssl_hmac)
+ if (handle->ssl_hmac) /* failure here doesn't matter */
_gnutls_mac_deinit_ssl3 (&handle->mac, NULL);
else
_gnutls_hmac_deinit(&handle->mac, NULL);
int _gnutls_auth_cipher_decrypt2 (auth_cipher_hd_st * handle,
const void *ciphertext, int ciphertextlen,
void *text, int textlen);
-void _gnutls_auth_cipher_tag( auth_cipher_hd_st * handle, void* tag, int tag_size);
+int _gnutls_auth_cipher_tag( auth_cipher_hd_st * handle, void* tag, int tag_size);
inline static void _gnutls_auth_cipher_setiv (const auth_cipher_hd_st * handle,
const void *iv, int ivlen)
_gnutls_hash (&td_md5, mesg, siz);
_gnutls_hash (&td_sha, mesg, siz);
- _gnutls_mac_deinit_ssl3_handshake (&td_md5, ret,
+ rc = _gnutls_mac_deinit_ssl3_handshake (&td_md5, ret,
session->
security_parameters.master_secret,
GNUTLS_MASTER_SIZE);
- _gnutls_mac_deinit_ssl3_handshake (&td_sha, &ret[16],
+ if (rc < 0)
+ {
+ _gnutls_hash_deinit (&td_md5, NULL);
+ _gnutls_hash_deinit (&td_sha, NULL);
+ return gnutls_assert_val(rc);
+ }
+
+ rc = _gnutls_mac_deinit_ssl3_handshake (&td_sha, &ret[16],
session->
security_parameters.master_secret,
GNUTLS_MASTER_SIZE);
+ if (rc < 0)
+ {
+ _gnutls_hash_deinit (&td_sha, NULL);
+ return gnutls_assert_val(rc);
+ }
return 0;
}
return 0;
}
-void
+int
_gnutls_mac_output_ssl3 (digest_hd_st * handle, void *digest)
{
opaque ret[MAX_HASH_SIZE];
if (padsize == 0)
{
gnutls_assert ();
- return;
+ return GNUTLS_E_INTERNAL_ERROR;
}
memset (opad, 0x5C, padsize);
if (rc < 0)
{
gnutls_assert ();
- return;
+ return rc;
}
if (handle->keysize > 0)
_gnutls_hash (&td, ret, block);
_gnutls_hash_deinit (&td, digest);
+
+ return 0;
}
-void
+int
_gnutls_mac_deinit_ssl3 (digest_hd_st * handle, void *digest)
{
- if (digest != NULL) _gnutls_mac_output_ssl3(handle, digest);
+int ret = 0;
+
+ if (digest != NULL) ret = _gnutls_mac_output_ssl3(handle, digest);
_gnutls_hash_deinit(handle, NULL);
+
+ return ret;
}
-void
+int
_gnutls_mac_deinit_ssl3_handshake (digest_hd_st * handle,
void *digest, opaque * key,
uint32_t key_size)
if (padsize == 0)
{
gnutls_assert ();
- return;
+ rc = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
}
memset (opad, 0x5C, padsize);
if (rc < 0)
{
gnutls_assert ();
- return;
+ goto cleanup;
}
if (key_size > 0)
_gnutls_hash_deinit (&td, digest);
- return;
+ return 0;
+
+cleanup:
+ _gnutls_hash_deinit(handle, NULL);
+ return rc;
}
static int
/* help functions */
int _gnutls_mac_init_ssl3 (digest_hd_st *, gnutls_mac_algorithm_t algorithm,
void *key, int keylen);
-void _gnutls_mac_deinit_ssl3 (digest_hd_st * handle, void *digest);
-void _gnutls_mac_output_ssl3 (digest_hd_st * handle, void *digest);
+int _gnutls_mac_deinit_ssl3 (digest_hd_st * handle, void *digest);
+int _gnutls_mac_output_ssl3 (digest_hd_st * handle, void *digest);
int _gnutls_ssl3_generate_random (void *secret, int secret_len,
void *rnd, int random_len, int bytes,
const void *second, int second_len,
int ret_len, opaque * ret);
-void _gnutls_mac_deinit_ssl3_handshake (digest_hd_st * handle, void *digest,
+int _gnutls_mac_deinit_ssl3_handshake (digest_hd_st * handle, void *digest,
opaque * key, uint32_t key_size);
int _gnutls_hash_copy (digest_hd_st * dst_handle, digest_hd_st * src_handle);
ret = _gnutls_generate_master (session, 1);
if (ret < 0)
{
- gnutls_assert ();
- return ret;
+ _gnutls_hash_deinit (&td_md5, NULL);
+ _gnutls_hash_deinit (&td_sha, NULL);
+ return gnutls_assert_val(ret);
}
- _gnutls_mac_deinit_ssl3_handshake (&td_md5, concat,
+ ret = _gnutls_mac_deinit_ssl3_handshake (&td_md5, concat,
session->
security_parameters.master_secret,
GNUTLS_MASTER_SIZE);
- _gnutls_mac_deinit_ssl3_handshake (&td_sha, &concat[16],
+ if (ret < 0)
+ {
+ _gnutls_hash_deinit (&td_sha, NULL);
+ return gnutls_assert_val(ret);
+ }
+
+ ret = _gnutls_mac_deinit_ssl3_handshake (&td_sha, &concat[16],
session->
security_parameters.master_secret,
GNUTLS_MASTER_SIZE);
+ if (ret < 0)
+ {
+ return gnutls_assert_val(ret);
+ }
}
else
{
if (ret < 0)
{
gnutls_assert ();
+ _gnutls_hash_deinit (&td_sha, NULL);
return ret;
}
- _gnutls_mac_deinit_ssl3_handshake (&td_sha, &concat[16],
+ ret = _gnutls_mac_deinit_ssl3_handshake (&td_sha, &concat[16],
session->
security_parameters.master_secret,
GNUTLS_MASTER_SIZE);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
}
else
_gnutls_hash_deinit (&td_sha, &concat[16]);
}
if (ver == GNUTLS_SSL3)
- _gnutls_mac_deinit_ssl3_handshake (&td_md5, concat,
+ {
+ ret = _gnutls_mac_deinit_ssl3_handshake (&td_md5, concat,
session->
security_parameters.master_secret,
GNUTLS_MASTER_SIZE);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
else
_gnutls_hash_deinit (&td_md5, concat);