Add error handling for EVP_DigestInit_ex().

A few EVP_DigestInit_ex() calls were left alone since reporting an
error would change the public API.

Changed internal ssl3_cbc_digest_record() to return a value due to the above
change.  It will also now set md_out_size=0 on failure.

This is based on part of BoringSSL's commit to fix malloc crashes:
https://boringssl.googlesource.com/boringssl/+/69a01608f33ab6fe2c3485d94aef1fe9eacf5364

ok miod@

1 files changed, 4 insertions, 3 deletions

diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 4aae344696..3b7e625db3 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.74 2014/12/14 15:30:50 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.75 2014/12/15 00:46:53 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1054,12 +1054,13 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
                  * timing-side channel information about how many blocks of
                  * data we are hashing because that gives an attacker a
                  * timing-oracle. */
-                ssl3_cbc_digest_record(mac_ctx,
+                if (!ssl3_cbc_digest_record(mac_ctx,
                     md, &md_size, header, rec->input,
                     rec->length + md_size, orig_len,
                     ssl->s3->read_mac_secret,
                     ssl->s3->read_mac_secret_size,
-                    0 /* not SSLv3 */);
+                    0 /* not SSLv3 */))
+                        return -1;
         } else {
                 EVP_DigestSignUpdate(mac_ctx, header, sizeof(header));
                 EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length);