diff options
| author | tb <> | 2022-06-07 17:39:16 +0000 |
|---|---|---|
| committer | tb <> | 2022-06-07 17:39:16 +0000 |
| commit | f9adec13b2d7f472486707fe62a0e82fed187c26 (patch) | |
| tree | cf5c73aad9a8be7076ea5a97f37ffde5aae5bd20 /src/lib | |
| parent | 3463ce4d0467efc2d4ee3aa9a081439579917085 (diff) | |
| download | openbsd-f9adec13b2d7f472486707fe62a0e82fed187c26.tar.gz openbsd-f9adec13b2d7f472486707fe62a0e82fed187c26.tar.bz2 openbsd-f9adec13b2d7f472486707fe62a0e82fed187c26.zip | |
Add missing error check call in ssl3_get_new_session_ticket()
EVP_Digest() can fail, so handle failure appropriately and prepare
switch of session_id_length to a size_t.
ok jsing
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libssl/ssl_clnt.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 281865aaea..f8a80eea2e 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_clnt.c,v 1.144 2022/06/07 17:35:49 tb Exp $ */ | 1 | /* $OpenBSD: ssl_clnt.c,v 1.145 2022/06/07 17:39:16 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1605,6 +1605,7 @@ ssl3_get_new_session_ticket(SSL *s) | |||
| 1605 | { | 1605 | { |
| 1606 | uint32_t lifetime_hint; | 1606 | uint32_t lifetime_hint; |
| 1607 | CBS cbs, session_ticket; | 1607 | CBS cbs, session_ticket; |
| 1608 | unsigned int session_id_length = 0; | ||
| 1608 | int al, ret; | 1609 | int al, ret; |
| 1609 | 1610 | ||
| 1610 | if ((ret = ssl3_get_message(s, SSL3_ST_CR_SESSION_TICKET_A, | 1611 | if ((ret = ssl3_get_message(s, SSL3_ST_CR_SESSION_TICKET_A, |
| @@ -1658,9 +1659,13 @@ ssl3_get_new_session_ticket(SSL *s) | |||
| 1658 | * assumptions elsewhere in OpenSSL. The session ID is set | 1659 | * assumptions elsewhere in OpenSSL. The session ID is set |
| 1659 | * to the SHA256 hash of the ticket. | 1660 | * to the SHA256 hash of the ticket. |
| 1660 | */ | 1661 | */ |
| 1661 | EVP_Digest(CBS_data(&session_ticket), CBS_len(&session_ticket), | 1662 | if (!EVP_Digest(CBS_data(&session_ticket), CBS_len(&session_ticket), |
| 1662 | s->session->session_id, &s->session->session_id_length, | 1663 | s->session->session_id, &session_id_length, EVP_sha256(), NULL)) { |
| 1663 | EVP_sha256(), NULL); | 1664 | al = SSL_AD_INTERNAL_ERROR; |
| 1665 | SSLerror(s, ERR_R_EVP_LIB); | ||
| 1666 | goto fatal_err; | ||
| 1667 | } | ||
| 1668 | s->session->session_id_length = session_id_length; | ||
| 1664 | 1669 | ||
| 1665 | return (1); | 1670 | return (1); |
| 1666 | 1671 | ||