Ensure that sess_cert is not NULL at the start of

ssl3_send_client_key_exchange(), rather than checking it in the key exchange algorithm specific code. ok beck@ miod@
robertbachmann · b813aa53947c1abcac73fbc8649c50d42eda809a · jsing committed Nov 27, 2014 · Nov 27, 2014 · b813aa5
1 parent 62a110d
commit b813aa53947c1abcac73fbc8649c50d42eda809a
Unified Split

Showing with 9 additions and 25 deletions.

+9 −25 src/ssl/s3_clnt.c
diff --git a/src/ssl/s3_clnt.c b/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.94 2014/11/18 05:33:43 miod Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.95 2014/11/19 05:51:25 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1964,18 +1964,18 @@ ssl3_send_client_key_exchange(SSL *s)
 
 		alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
 
+		if (s->session->sess_cert == NULL) {
+			ssl3_send_alert(s, SSL3_AL_FATAL,
+			    SSL_AD_UNEXPECTED_MESSAGE);
+			SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+			    ERR_R_INTERNAL_ERROR);
+			goto err;
+		}
+
 		if (alg_k & SSL_kRSA) {
 			RSA *rsa;
 			unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
 
-			if (s->session->sess_cert == NULL) {
-				/* We should always have a server
-				 * certificate with SSL_kRSA. */
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-				    ERR_R_INTERNAL_ERROR);
-				goto err;
-			}
-
 			if (s->session->sess_cert->peer_rsa_tmp != NULL)
 				rsa = s->session->sess_cert->peer_rsa_tmp;
 			else {
@@ -2026,14 +2026,6 @@ ssl3_send_client_key_exchange(SSL *s)
 		} else if (alg_k & SSL_kDHE) {
 			DH *dh_srvr, *dh_clnt;
 
-			if (s->session->sess_cert == NULL) {
-				ssl3_send_alert(s, SSL3_AL_FATAL,
-				    SSL_AD_UNEXPECTED_MESSAGE);
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-				    SSL_R_UNEXPECTED_MESSAGE);
-				goto err;
-			}
-
 			if (s->session->sess_cert->peer_dh_tmp != NULL)
 				dh_srvr = s->session->sess_cert->peer_dh_tmp;
 			else {
@@ -2093,14 +2085,6 @@ ssl3_send_client_key_exchange(SSL *s)
 			int ecdh_clnt_cert = 0;
 			int field_size = 0;
 
-			if (s->session->sess_cert == NULL) {
-				ssl3_send_alert(s, SSL3_AL_FATAL,
-				    SSL_AD_UNEXPECTED_MESSAGE);
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-				    SSL_R_UNEXPECTED_MESSAGE);
-				goto err;
-			}
-
 			/*
 			 * Did we send out the client's ECDH share for use
 			 * in premaster computation as part of client