Result summary

Project: openssl
Run: 115
Result: 93
Scanner: Uninitialized
Kind: Uninitialized variable (Error UN1)
Status: False
Filename: t1_enc.c
Function: tls1_export_keying_material
Line: 1,207
Navigate: Event 1

Result details

1027: }
1028:
1029: if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER)
1030: {
1031: unsigned char dtlsseq[8],*p=dtlsseq;
1032:
1033: s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
1034: memcpy (p,&seq[2],6);
1035:
1036: EVP_DigestSignUpdate(mac_ctx,dtlsseq,8);
1037: }
1038: else
1039: EVP_DigestSignUpdate(mac_ctx,seq,8);
1040:
1041: EVP_DigestSignUpdate(mac_ctx,buf,5);
1042: EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length);
1043: t=EVP_DigestSignFinal(mac_ctx,md,&md_size);
1044: OPENSSL_assert(t > 0);
1045:
1046: if (!stream_mac) EVP_MD_CTX_cleanup(&hmac);
1047: #ifdef TLS_DEBUG
1048: printf("sec=");
1049: {unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
1050: printf("seq=");
1051: {int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }
1052: printf("buf=");
1053: {int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); }
1054: printf("rec=");
1055: {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
1056: #endif
1057:
1058: if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER)
1059: {
1060: for (i=7; i>=0; i--)
1061: {
1062: ++seq[i];
1063: if (seq[i] != 0) break;
1064: }
1065: }
1066:
1067: #ifdef TLS_DEBUG
1068: {unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
1069: #endif
1070: return(md_size);
1071: }
1072:
1073: int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
1074: int len)
1075: {
1076: unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
1077: const void *co = NULL, *so = NULL;
1078: int col = 0, sol = 0;
1079:
1080:
1081: #ifdef KSSL_DEBUG
1082: printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len);
1083: #endif /* KSSL_DEBUG */
1084:
1085: #ifdef TLSEXT_TYPE_opaque_prf_input
1086: if (s->s3->client_opaque_prf_input != NULL && s->s3->server_opaque_prf_input != NULL &&
1087: s->s3->client_opaque_prf_input_len > 0 &&
1088: s->s3->client_opaque_prf_input_len == s->s3->server_opaque_prf_input_len)
1089: {
1090: co = s->s3->client_opaque_prf_input;
1091: col = s->s3->server_opaque_prf_input_len;
1092: so = s->s3->server_opaque_prf_input;
1093: sol = s->s3->client_opaque_prf_input_len; /* must be same as col (see draft-rescorla-tls-opaque-prf-input-00.txt, section 3.1) */
1094: }
1095: #endif
1096:
1097: tls1_PRF(ssl_get_algorithm2(s),
1098: TLS_MD_MASTER_SECRET_CONST,TLS_MD_MASTER_SECRET_CONST_SIZE,
1099: s->s3->client_random,SSL3_RANDOM_SIZE,
1100: co, col,
1101: s->s3->server_random,SSL3_RANDOM_SIZE,
1102: so, sol,
1103: p,len,
1104: s->session->master_key,buff,sizeof buff);
1105: #ifdef SSL_DEBUG
1106: fprintf(stderr, "Premaster Secret:\n");
1107: BIO_dump_fp(stderr, (char *)p, len);
1108: fprintf(stderr, "Client Random:\n");
1109: BIO_dump_fp(stderr, (char *)s->s3->client_random, SSL3_RANDOM_SIZE);
1110: fprintf(stderr, "Server Random:\n");
1111: BIO_dump_fp(stderr, (char *)s->s3->server_random, SSL3_RANDOM_SIZE);
1112: fprintf(stderr, "Master Secret:\n");
1113: BIO_dump_fp(stderr, (char *)s->session->master_key, SSL3_MASTER_SECRET_SIZE);
1114: #endif
1115:
1116: #ifdef KSSL_DEBUG
1117: printf ("tls1_generate_master_secret() complete\n");
1118: #endif /* KSSL_DEBUG */
1119: return(SSL3_MASTER_SECRET_SIZE);
1120: }
1121:
1122: int tls1_export_keying_material(SSL *s, unsigned char *out, unsigned int olen,
1123: const char *label, unsigned int llen, const unsigned char *context,
1124: unsigned int contextlen, int use_context)
1125: {
1126: unsigned char *buff;

Event 1

Variable val declared
Navigate: (Result summary) (next)
1127: unsigned char *val;
1128: unsigned int vallen, currentvalpos, rv;
1129:
1130: #ifdef KSSL_DEBUG
1131: printf ("tls1_export_keying_material(%p, %p,%d, %s,%d, %p,%d)\n", s, out,olen, label,llen, p,plen);
1132: #endif /* KSSL_DEBUG */
1133:
1134: buff = OPENSSL_malloc(olen);

Event 2

Taking true path at expression: buff == (void *) 0
Navigate: (previous) (next)
1135: if (buff == NULL) goto err2;
1136:
1137: /* construct PRF arguments
1138: * we construct the PRF argument ourself rather than passing separate
1139: * values into the TLS PRF to ensure that the concatenation of values
1140: * does not create a prohibited label.
1141: */
1142: vallen = llen + SSL3_RANDOM_SIZE * 2;
1143: if (use_context)
1144: {
1145: vallen += 2 + contextlen;
1146: }
1147:
1148: val = OPENSSL_malloc(vallen);
1149: if (val == NULL) goto err2;
1150: currentvalpos = 0;
1151: memcpy(val + currentvalpos, (unsigned char *) label, llen);
1152: currentvalpos += llen;
1153: memcpy(val + currentvalpos, s->s3->client_random, SSL3_RANDOM_SIZE);
1154: currentvalpos += SSL3_RANDOM_SIZE;
1155: memcpy(val + currentvalpos, s->s3->server_random, SSL3_RANDOM_SIZE);
1156: currentvalpos += SSL3_RANDOM_SIZE;
1157:
1158: if (use_context)
1159: {
1160: val[currentvalpos] = (contextlen << 8) & 0xff;
1161: currentvalpos++;
1162: val[currentvalpos] = contextlen & 0xff;
1163: currentvalpos++;
1164: if ((contextlen > 0) || (context != NULL))
1165: {
1166: memcpy(val + currentvalpos, context, contextlen);
1167: }
1168: }
1169:
1170: /* disallow prohibited labels
1171: * note that SSL3_RANDOM_SIZE > max(prohibited label len) =
1172: * 15, so size of val > max(prohibited label len) = 15 and the
1173: * comparisons won't have buffer overflow
1174: */
1175: if (bcmp(val, TLS_MD_CLIENT_FINISH_CONST,
1176: TLS_MD_CLIENT_FINISH_CONST_SIZE) == 0) goto err1;
1177: if (bcmp(val, TLS_MD_SERVER_FINISH_CONST,
1178: TLS_MD_SERVER_FINISH_CONST_SIZE) == 0) goto err1;
1179: if (bcmp(val, TLS_MD_MASTER_SECRET_CONST,
1180: TLS_MD_MASTER_SECRET_CONST_SIZE) == 0) goto err1;
1181: if (bcmp(val, TLS_MD_KEY_EXPANSION_CONST,
1182: TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0) goto err1;
1183:
1184: tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
1185: val, vallen,
1186: NULL, 0,
1187: NULL, 0,
1188: NULL, 0,
1189: NULL, 0,
1190: s->session->master_key,s->session->master_key_length,
1191: out,buff,olen);
1192:
1193: #ifdef KSSL_DEBUG
1194: printf ("tls1_export_keying_material() complete\n");
1195: #endif /* KSSL_DEBUG */
1196: rv = olen;
1197: goto ret;
1198: err1:
1199: SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
1200: rv = 0;
1201: goto ret;
1202: err2:
1203: SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE);
1204: rv = 0;
1205: ret:

Event 3

Taking false path at expression: buff != (void *) 0
Navigate: (previous) (next)
1206: if (buff != NULL) OPENSSL_free(buff);

Event 4

Error: Uninitialized variable val used
Navigate: (previous) (next)
1207: if (val != NULL) OPENSSL_free(val);
1208: return(rv);
1209: }
1210:
1211: int tls1_alert_code(int code)
1212: {
1213: switch (code)
1214: {
1215: case SSL_AD_CLOSE_NOTIFY: return(SSL3_AD_CLOSE_NOTIFY);
1216: case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE);
1217: case SSL_AD_BAD_RECORD_MAC: return(SSL3_AD_BAD_RECORD_MAC);
1218: case SSL_AD_DECRYPTION_FAILED: return(TLS1_AD_DECRYPTION_FAILED);
1219: case SSL_AD_RECORD_OVERFLOW: return(TLS1_AD_RECORD_OVERFLOW);
1220: case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE);
1221: case SSL_AD_HANDSHAKE_FAILURE: return(SSL3_AD_HANDSHAKE_FAILURE);
1222: case SSL_AD_NO_CERTIFICATE: return(-1);
1223: case SSL_AD_BAD_CERTIFICATE: return(SSL3_AD_BAD_CERTIFICATE);
1224: case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE);
1225: case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED);
1226: case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED);
1227: case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN);
1228: case SSL_AD_ILLEGAL_PARAMETER: return(SSL3_AD_ILLEGAL_PARAMETER);
1229: case SSL_AD_UNKNOWN_CA: return(TLS1_AD_UNKNOWN_CA);
1230: case SSL_AD_ACCESS_DENIED: return(TLS1_AD_ACCESS_DENIED);
1231: case SSL_AD_DECODE_ERROR: return(TLS1_AD_DECODE_ERROR);
1232: case SSL_AD_DECRYPT_ERROR: return(TLS1_AD_DECRYPT_ERROR);
1233: case SSL_AD_EXPORT_RESTRICTION: return(TLS1_AD_EXPORT_RESTRICTION);
1234: case SSL_AD_PROTOCOL_VERSION: return(TLS1_AD_PROTOCOL_VERSION);
1235: case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY);
1236: case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR);
1237: case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED);
1238: case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION);
1239: case SSL_AD_UNSUPPORTED_EXTENSION: return(TLS1_AD_UNSUPPORTED_EXTENSION);
1240: case SSL_AD_CERTIFICATE_UNOBTAINABLE: return(TLS1_AD_CERTIFICATE_UNOBTAINABLE);
1241: case SSL_AD_UNRECOGNIZED_NAME: return(TLS1_AD_UNRECOGNIZED_NAME);
1242: case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE);
1243: case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE);
1244: case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
1245: #ifndef OPENSSL_NO_SRP
1246: case SSL_AD_MISSING_SRP_USERNAME:return(TLS1_AD_MISSING_SRP_USERNAME);
1247: #endif
1248: #if 0 /* not appropriate for TLS, not used for DTLS */
1249: case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return
1250: (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
1251: #endif
1252: default: return(-1);
1253: }
1254: }
1255:
1256: int SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,
1257: unsigned char *context, int context_len,
1258: unsigned char *out, int olen)
1259: {
1260: unsigned char *tmp;
1261: int rv;
1262:
1263: tmp = OPENSSL_malloc(olen);
1264:
1265: if (!tmp)
1266: return 0;
1267:
1268: rv = tls1_PRF(ssl_get_algorithm2(s),
1269: label, label_len,
1270: s->s3->client_random,SSL3_RANDOM_SIZE,
1271: s->s3->server_random,SSL3_RANDOM_SIZE,
1272: context, context_len, NULL, 0,
1273: s->session->master_key, s->session->master_key_length,
1274: out, tmp, olen);
1275:
1276: OPENSSL_free(tmp);
1277: return rv;
1278: }