diff options
| author | jsing <> | 2014-06-10 11:32:38 +0000 |
|---|---|---|
| committer | jsing <> | 2014-06-10 11:32:38 +0000 |
| commit | d4b2cc6d6b91fce1c1cd2743e4a702d429fae542 (patch) | |
| tree | 976a84f1ebdaa213f667ac6bcf5f1684f93e0285 /src | |
| parent | 27401a154671ed8905576e4c6e0a9da73f2ac294 (diff) | |
| download | openbsd-d4b2cc6d6b91fce1c1cd2743e4a702d429fae542.tar.gz openbsd-d4b2cc6d6b91fce1c1cd2743e4a702d429fae542.tar.bz2 openbsd-d4b2cc6d6b91fce1c1cd2743e4a702d429fae542.zip | |
Multiple fixes for ssl3_digest_cached_records() - if EVP_MD_CTX_create()
fails, the NULL check will add an error but it does not abort. This will
result in EVP_DigestInit_ex() being called with a NULL context.
Also ensure that we check the return values from EVP_DigestInit_ex() and
EVP_DigestUpdate().
ok deraadt@ miod@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_enc.c | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c index dbefad77b2..f4ac5222f3 100644 --- a/src/lib/libssl/src/ssl/s3_enc.c +++ b/src/lib/libssl/src/ssl/s3_enc.c | |||
| @@ -584,31 +584,35 @@ ssl3_digest_cached_records(SSL *s) | |||
| 584 | long hdatalen; | 584 | long hdatalen; |
| 585 | void *hdata; | 585 | void *hdata; |
| 586 | 586 | ||
| 587 | /* Allocate handshake_dgst array */ | ||
| 588 | ssl3_free_digest_list(s); | 587 | ssl3_free_digest_list(s); |
| 588 | |||
| 589 | s->s3->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *)); | 589 | s->s3->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *)); |
| 590 | hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); | 590 | hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); |
| 591 | if (hdatalen <= 0) { | 591 | if (hdatalen <= 0) { |
| 592 | SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH); | 592 | SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, |
| 593 | SSL_R_BAD_HANDSHAKE_LENGTH); | ||
| 593 | return 0; | 594 | return 0; |
| 594 | } | 595 | } |
| 595 | 596 | ||
| 596 | /* Loop through bitso of algorithm2 field and create MD_CTX-es */ | 597 | /* Loop through bits of the algorithm2 field and create MD contexts. */ |
| 597 | for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) { | 598 | for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) { |
| 598 | if ((mask & ssl_get_algorithm2(s)) && md) { | 599 | if ((mask & ssl_get_algorithm2(s)) && md) { |
| 599 | s->s3->handshake_dgst[i] = EVP_MD_CTX_create(); | 600 | s->s3->handshake_dgst[i] = EVP_MD_CTX_create(); |
| 600 | if (s->s3->handshake_dgst[i] == NULL) { | 601 | if (s->s3->handshake_dgst[i] == NULL) { |
| 601 | SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, | 602 | SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, |
| 602 | ERR_R_MALLOC_FAILURE); | 603 | ERR_R_MALLOC_FAILURE); |
| 604 | return 0; | ||
| 603 | } | 605 | } |
| 604 | EVP_DigestInit_ex(s->s3->handshake_dgst[i], md, NULL); | 606 | if (!EVP_DigestInit_ex(s->s3->handshake_dgst[i], |
| 605 | EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata, hdatalen); | 607 | md, NULL)) |
| 606 | } else { | 608 | return 0; |
| 607 | s->s3->handshake_dgst[i] = NULL; | 609 | if (!EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata, |
| 610 | hdatalen)) | ||
| 611 | return 0; | ||
| 608 | } | 612 | } |
| 609 | } | 613 | } |
| 614 | |||
| 610 | if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) { | 615 | if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) { |
| 611 | /* Free handshake_buffer BIO */ | ||
| 612 | BIO_free(s->s3->handshake_buffer); | 616 | BIO_free(s->s3->handshake_buffer); |
| 613 | s->s3->handshake_buffer = NULL; | 617 | s->s3->handshake_buffer = NULL; |
| 614 | } | 618 | } |