diff options
| author | doug <> | 2014-12-15 00:46:53 +0000 |
|---|---|---|
| committer | doug <> | 2014-12-15 00:46:53 +0000 |
| commit | 5ff3741c44f372895206f59414df34e2dcd5eaa0 (patch) | |
| tree | a755a6603462bb1b649e3f343d73dd0e1c3b34c5 /src/lib/libssl/s3_clnt.c | |
| parent | 02216b57a0ccb0dd187f3ea646c6ae40e827d3ae (diff) | |
| download | openbsd-5ff3741c44f372895206f59414df34e2dcd5eaa0.tar.gz openbsd-5ff3741c44f372895206f59414df34e2dcd5eaa0.tar.bz2 openbsd-5ff3741c44f372895206f59414df34e2dcd5eaa0.zip | |
Add error handling for EVP_DigestInit_ex().
A few EVP_DigestInit_ex() calls were left alone since reporting an
error would change the public API.
Changed internal ssl3_cbc_digest_record() to return a value due to the above
change. It will also now set md_out_size=0 on failure.
This is based on part of BoringSSL's commit to fix malloc crashes:
https://boringssl.googlesource.com/boringssl/+/69a01608f33ab6fe2c3485d94aef1fe9eacf5364
ok miod@
Diffstat (limited to 'src/lib/libssl/s3_clnt.c')
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 47b6824533..d1f2e05eb8 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.102 2014/12/14 16:19:38 jsing Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.103 2014/12/15 00:46:53 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1439,9 +1439,12 @@ ssl3_get_key_exchange(SSL *s) | |||
| 1439 | j = 0; | 1439 | j = 0; |
| 1440 | q = md_buf; | 1440 | q = md_buf; |
| 1441 | for (num = 2; num > 0; num--) { | 1441 | for (num = 2; num > 0; num--) { |
| 1442 | EVP_DigestInit_ex(&md_ctx, | 1442 | if (!EVP_DigestInit_ex(&md_ctx, |
| 1443 | (num == 2) ? s->ctx->md5 : s->ctx->sha1, | 1443 | (num == 2) ? s->ctx->md5 : s->ctx->sha1, |
| 1444 | NULL); | 1444 | NULL)) { |
| 1445 | al = SSL_AD_INTERNAL_ERROR; | ||
| 1446 | goto f_err; | ||
| 1447 | } | ||
| 1445 | EVP_DigestUpdate(&md_ctx, | 1448 | EVP_DigestUpdate(&md_ctx, |
| 1446 | s->s3->client_random, | 1449 | s->s3->client_random, |
| 1447 | SSL3_RANDOM_SIZE); | 1450 | SSL3_RANDOM_SIZE); |
| @@ -2245,7 +2248,8 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 2245 | nid = NID_id_GostR3411_94; | 2248 | nid = NID_id_GostR3411_94; |
| 2246 | else | 2249 | else |
| 2247 | nid = NID_id_tc26_gost3411_2012_256; | 2250 | nid = NID_id_tc26_gost3411_2012_256; |
| 2248 | EVP_DigestInit(ukm_hash, EVP_get_digestbynid(nid)); | 2251 | if (!EVP_DigestInit(ukm_hash, EVP_get_digestbynid(nid))) |
| 2252 | goto err; | ||
| 2249 | EVP_DigestUpdate(ukm_hash, | 2253 | EVP_DigestUpdate(ukm_hash, |
| 2250 | s->s3->client_random, SSL3_RANDOM_SIZE); | 2254 | s->s3->client_random, SSL3_RANDOM_SIZE); |
| 2251 | EVP_DigestUpdate(ukm_hash, | 2255 | EVP_DigestUpdate(ukm_hash, |