Use EVP_CIPHER_CTX_{new,free}() and HMAC_CTX_{new,free}() instead of

allocating on stack.

While here also check the return values from EVP_DecryptInit_ex() and
HMAC_Init_ex().

ok tb@

1 files changed, 29 insertions, 24 deletions

diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 2bae50f5b3..3cde388d6d 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.162 2019/04/25 04:48:56 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.163 2019/04/25 04:54:35 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -875,19 +875,17 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket, SSL_SESSION **psess)
 {
         CBS ticket_name, ticket_iv, ticket_encdata, ticket_hmac;
         SSL_SESSION *sess = NULL;
-        size_t session_id_len = 0;
+        size_t session_id_len;
         unsigned char *sdec = NULL;
         const unsigned char *p;
-        int slen, hlen, renew_ticket = 0;
         unsigned char hmac[EVP_MAX_MD_SIZE];
-        HMAC_CTX hctx;
-        EVP_CIPHER_CTX cctx;
+        HMAC_CTX *hctx = NULL;
+        EVP_CIPHER_CTX *cctx = NULL;
         SSL_CTX *tctx = s->initial_ctx;
+        int slen, hlen;
+        int renew_ticket = 0;
         int ret = -1;
 
-        HMAC_CTX_init(&hctx);
-        EVP_CIPHER_CTX_init(&cctx);
-
         *psess = NULL;
 
         if (!CBS_get_bytes(ticket, &ticket_name, 16))
@@ -896,6 +894,11 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket, SSL_SESSION **psess)
         /*
          * Initialize session ticket encryption and HMAC contexts.
          */
+        if ((cctx = EVP_CIPHER_CTX_new()) == NULL)
+                goto err;
+        if ((hctx = HMAC_CTX_new()) == NULL)
+                goto err;
+
         if (tctx->internal->tlsext_ticket_key_cb != NULL) {
                 int rv;
 
@@ -910,7 +913,7 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket, SSL_SESSION **psess)
 
                 if ((rv = tctx->internal->tlsext_ticket_key_cb(s,
                     (unsigned char *)CBS_data(&ticket_name),
-                    (unsigned char *)CBS_data(ticket), &cctx, &hctx, 0)) < 0)
+                    (unsigned char *)CBS_data(ticket), cctx, hctx, 0)) < 0)
                         goto err;
                 if (rv == 0)
                         goto derr;
@@ -922,7 +925,7 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket, SSL_SESSION **psess)
                  * the IV since its length is known.
                  */
                 if (!CBS_get_bytes(ticket, &ticket_iv,
-                    EVP_CIPHER_CTX_iv_length(&cctx)))
+                    EVP_CIPHER_CTX_iv_length(cctx)))
                         goto derr;
         } else {
                 /* Check that the key name matches. */
@@ -930,21 +933,23 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket, SSL_SESSION **psess)
                     tctx->internal->tlsext_tick_key_name,
                     sizeof(tctx->internal->tlsext_tick_key_name)))
                         goto derr;
-                HMAC_Init_ex(&hctx, tctx->internal->tlsext_tick_hmac_key,
-                    sizeof(tctx->internal->tlsext_tick_hmac_key), EVP_sha256(),
-                    NULL);
                 if (!CBS_get_bytes(ticket, &ticket_iv,
                     EVP_CIPHER_iv_length(EVP_aes_128_cbc())))
                         goto derr;
-                EVP_DecryptInit_ex(&cctx, EVP_aes_128_cbc(), NULL,
-                    tctx->internal->tlsext_tick_aes_key, CBS_data(&ticket_iv));
+                if (!EVP_DecryptInit_ex(cctx, EVP_aes_128_cbc(), NULL,
+                    tctx->internal->tlsext_tick_aes_key, CBS_data(&ticket_iv)))
+                        goto err;
+                if (!HMAC_Init_ex(hctx, tctx->internal->tlsext_tick_hmac_key,
+                    sizeof(tctx->internal->tlsext_tick_hmac_key), EVP_sha256(),
+                    NULL))
+                        goto err;
         }
 
         /*
          * Attempt to process session ticket.
          */
 
-        if ((hlen = HMAC_size(&hctx)) < 0)
+        if ((hlen = HMAC_size(hctx)) < 0)
                 goto err;
 
         if (hlen > CBS_len(ticket))
@@ -957,16 +962,16 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket, SSL_SESSION **psess)
                 goto err;
 
         /* Check HMAC of encrypted ticket. */
-        if (HMAC_Update(&hctx, CBS_data(&ticket_name),
+        if (HMAC_Update(hctx, CBS_data(&ticket_name),
             CBS_len(&ticket_name)) <= 0)
                 goto err;
-        if (HMAC_Update(&hctx, CBS_data(&ticket_iv),
+        if (HMAC_Update(hctx, CBS_data(&ticket_iv),
             CBS_len(&ticket_iv)) <= 0)
                 goto err;
-        if (HMAC_Update(&hctx, CBS_data(&ticket_encdata),
+        if (HMAC_Update(hctx, CBS_data(&ticket_encdata),
             CBS_len(&ticket_encdata)) <= 0)
                 goto err;
-        if (HMAC_Final(&hctx, hmac, &hlen) <= 0)
+        if (HMAC_Final(hctx, hmac, &hlen) <= 0)
                 goto err;
 
         if (!CBS_mem_equal(&ticket_hmac, hmac, hlen))
@@ -975,10 +980,10 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket, SSL_SESSION **psess)
         /* Attempt to decrypt session data. */
         if ((sdec = malloc(CBS_len(&ticket_encdata))) == NULL)
                 goto err;
-        if (EVP_DecryptUpdate(&cctx, sdec, &slen, CBS_data(&ticket_encdata),
+        if (EVP_DecryptUpdate(cctx, sdec, &slen, CBS_data(&ticket_encdata),
             CBS_len(&ticket_encdata)) <= 0)
                 goto derr;
-        if (EVP_DecryptFinal_ex(&cctx, sdec + slen, &hlen) <= 0)
+        if (EVP_DecryptFinal_ex(cctx, sdec + slen, &hlen) <= 0)
                 goto derr;
 
         slen += hlen;
@@ -1021,8 +1026,8 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket, SSL_SESSION **psess)
 
  done:
         free(sdec);
-        HMAC_CTX_cleanup(&hctx);
-        EVP_CIPHER_CTX_cleanup(&cctx);
+        EVP_CIPHER_CTX_free(cctx);
+        HMAC_CTX_free(hctx);
         SSL_SESSION_free(sess);
 
         if (ret == 2)