summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authordoug <>2014-12-15 00:46:53 +0000
committerdoug <>2014-12-15 00:46:53 +0000
commit5ff3741c44f372895206f59414df34e2dcd5eaa0 (patch)
treea755a6603462bb1b649e3f343d73dd0e1c3b34c5 /src
parent02216b57a0ccb0dd187f3ea646c6ae40e827d3ae (diff)
downloadopenbsd-5ff3741c44f372895206f59414df34e2dcd5eaa0.tar.gz
openbsd-5ff3741c44f372895206f59414df34e2dcd5eaa0.tar.bz2
openbsd-5ff3741c44f372895206f59414df34e2dcd5eaa0.zip
Add error handling for EVP_DigestInit_ex().
A few EVP_DigestInit_ex() calls were left alone since reporting an error would change the public API. Changed internal ssl3_cbc_digest_record() to return a value due to the above change. It will also now set md_out_size=0 on failure. This is based on part of BoringSSL's commit to fix malloc crashes: https://boringssl.googlesource.com/boringssl/+/69a01608f33ab6fe2c3485d94aef1fe9eacf5364 ok miod@
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/d1_srvr.c7
-rw-r--r--src/lib/libssl/s3_cbc.c16
-rw-r--r--src/lib/libssl/s3_clnt.c12
-rw-r--r--src/lib/libssl/s3_srvr.c7
-rw-r--r--src/lib/libssl/src/ssl/d1_srvr.c7
-rw-r--r--src/lib/libssl/src/ssl/s3_cbc.c16
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c12
-rw-r--r--src/lib/libssl/src/ssl/s3_enc.c28
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c7
-rw-r--r--src/lib/libssl/src/ssl/ssl_lib.c10
-rw-r--r--src/lib/libssl/src/ssl/ssl_locl.h4
-rw-r--r--src/lib/libssl/src/ssl/t1_enc.c7
-rw-r--r--src/lib/libssl/ssl_lib.c10
-rw-r--r--src/lib/libssl/ssl_locl.h4
-rw-r--r--src/lib/libssl/t1_enc.c7
15 files changed, 98 insertions, 56 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index dee182f541..057d92109c 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_srvr.c,v 1.45 2014/12/14 15:30:50 jsing Exp $ */ 1/* $OpenBSD: d1_srvr.c,v 1.46 2014/12/15 00:46:53 doug Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -1213,8 +1213,9 @@ dtls1_send_server_key_exchange(SSL *s)
1213 q = md_buf; 1213 q = md_buf;
1214 j = 0; 1214 j = 0;
1215 for (num = 2; num > 0; num--) { 1215 for (num = 2; num > 0; num--) {
1216 EVP_DigestInit_ex(&md_ctx, (num == 2) 1216 if (!EVP_DigestInit_ex(&md_ctx, (num == 2)
1217 ? s->ctx->md5 : s->ctx->sha1, NULL); 1217 ? s->ctx->md5 : s->ctx->sha1, NULL))
1218 goto err;
1218 EVP_DigestUpdate(&md_ctx, 1219 EVP_DigestUpdate(&md_ctx,
1219 &(s->s3->client_random[0]), 1220 &(s->s3->client_random[0]),
1220 SSL3_RANDOM_SIZE); 1221 SSL3_RANDOM_SIZE);
diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c
index 74bd4b47c8..fd4781b64c 100644
--- a/src/lib/libssl/s3_cbc.c
+++ b/src/lib/libssl/s3_cbc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_cbc.c,v 1.8 2014/07/10 08:51:14 tedu Exp $ */ 1/* $OpenBSD: s3_cbc.c,v 1.9 2014/12/15 00:46:53 doug Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 2012 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 2012 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -416,7 +416,8 @@ ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
416 * functions, above, we know that data_plus_mac_size is large enough to contain 416 * functions, above, we know that data_plus_mac_size is large enough to contain
417 * a padding byte and MAC. (If the padding was invalid, it might contain the 417 * a padding byte and MAC. (If the padding was invalid, it might contain the
418 * padding too. ) */ 418 * padding too. ) */
419void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out, 419int
420ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out,
420 size_t* md_out_size, const unsigned char header[13], 421 size_t* md_out_size, const unsigned char header[13],
421 const unsigned char *data, size_t data_plus_mac_size, 422 const unsigned char *data, size_t data_plus_mac_size,
422 size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret, 423 size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret,
@@ -497,8 +498,8 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out,
497 * supported. */ 498 * supported. */
498 OPENSSL_assert(0); 499 OPENSSL_assert(0);
499 if (md_out_size) 500 if (md_out_size)
500 *md_out_size = -1; 501 *md_out_size = 0;
501 return; 502 return 0;
502 } 503 }
503 504
504 OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES); 505 OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES);
@@ -675,7 +676,10 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out,
675 } 676 }
676 677
677 EVP_MD_CTX_init(&md_ctx); 678 EVP_MD_CTX_init(&md_ctx);
678 EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */); 679 if (!EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */)) {
680 EVP_MD_CTX_cleanup(&md_ctx);
681 return 0;
682 }
679 if (is_sslv3) { 683 if (is_sslv3) {
680 /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */ 684 /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */
681 memset(hmac_pad, 0x5c, sslv3_pad_length); 685 memset(hmac_pad, 0x5c, sslv3_pad_length);
@@ -695,4 +699,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out,
695 if (md_out_size) 699 if (md_out_size)
696 *md_out_size = md_out_size_u; 700 *md_out_size = md_out_size_u;
697 EVP_MD_CTX_cleanup(&md_ctx); 701 EVP_MD_CTX_cleanup(&md_ctx);
702
703 return 1;
698} 704}
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 47b6824533..d1f2e05eb8 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.102 2014/12/14 16:19:38 jsing Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.103 2014/12/15 00:46:53 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1439,9 +1439,12 @@ ssl3_get_key_exchange(SSL *s)
1439 j = 0; 1439 j = 0;
1440 q = md_buf; 1440 q = md_buf;
1441 for (num = 2; num > 0; num--) { 1441 for (num = 2; num > 0; num--) {
1442 EVP_DigestInit_ex(&md_ctx, 1442 if (!EVP_DigestInit_ex(&md_ctx,
1443 (num == 2) ? s->ctx->md5 : s->ctx->sha1, 1443 (num == 2) ? s->ctx->md5 : s->ctx->sha1,
1444 NULL); 1444 NULL)) {
1445 al = SSL_AD_INTERNAL_ERROR;
1446 goto f_err;
1447 }
1445 EVP_DigestUpdate(&md_ctx, 1448 EVP_DigestUpdate(&md_ctx,
1446 s->s3->client_random, 1449 s->s3->client_random,
1447 SSL3_RANDOM_SIZE); 1450 SSL3_RANDOM_SIZE);
@@ -2245,7 +2248,8 @@ ssl3_send_client_key_exchange(SSL *s)
2245 nid = NID_id_GostR3411_94; 2248 nid = NID_id_GostR3411_94;
2246 else 2249 else
2247 nid = NID_id_tc26_gost3411_2012_256; 2250 nid = NID_id_tc26_gost3411_2012_256;
2248 EVP_DigestInit(ukm_hash, EVP_get_digestbynid(nid)); 2251 if (!EVP_DigestInit(ukm_hash, EVP_get_digestbynid(nid)))
2252 goto err;
2249 EVP_DigestUpdate(ukm_hash, 2253 EVP_DigestUpdate(ukm_hash,
2250 s->s3->client_random, SSL3_RANDOM_SIZE); 2254 s->s3->client_random, SSL3_RANDOM_SIZE);
2251 EVP_DigestUpdate(ukm_hash, 2255 EVP_DigestUpdate(ukm_hash,
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 783b1df782..5e4a605c60 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.94 2014/12/14 14:34:43 jsing Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.95 2014/12/15 00:46:53 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1612,9 +1612,10 @@ ssl3_send_server_key_exchange(SSL *s)
1612 q = md_buf; 1612 q = md_buf;
1613 j = 0; 1613 j = 0;
1614 for (num = 2; num > 0; num--) { 1614 for (num = 2; num > 0; num--) {
1615 EVP_DigestInit_ex(&md_ctx, 1615 if (!EVP_DigestInit_ex(&md_ctx,
1616 (num == 2) ? s->ctx->md5 : 1616 (num == 2) ? s->ctx->md5 :
1617 s->ctx->sha1, NULL); 1617 s->ctx->sha1, NULL))
1618 goto err;
1618 EVP_DigestUpdate(&md_ctx, 1619 EVP_DigestUpdate(&md_ctx,
1619 s->s3->client_random, 1620 s->s3->client_random,
1620 SSL3_RANDOM_SIZE); 1621 SSL3_RANDOM_SIZE);
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c
index dee182f541..057d92109c 100644
--- a/src/lib/libssl/src/ssl/d1_srvr.c
+++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_srvr.c,v 1.45 2014/12/14 15:30:50 jsing Exp $ */ 1/* $OpenBSD: d1_srvr.c,v 1.46 2014/12/15 00:46:53 doug Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -1213,8 +1213,9 @@ dtls1_send_server_key_exchange(SSL *s)
1213 q = md_buf; 1213 q = md_buf;
1214 j = 0; 1214 j = 0;
1215 for (num = 2; num > 0; num--) { 1215 for (num = 2; num > 0; num--) {
1216 EVP_DigestInit_ex(&md_ctx, (num == 2) 1216 if (!EVP_DigestInit_ex(&md_ctx, (num == 2)
1217 ? s->ctx->md5 : s->ctx->sha1, NULL); 1217 ? s->ctx->md5 : s->ctx->sha1, NULL))
1218 goto err;
1218 EVP_DigestUpdate(&md_ctx, 1219 EVP_DigestUpdate(&md_ctx,
1219 &(s->s3->client_random[0]), 1220 &(s->s3->client_random[0]),
1220 SSL3_RANDOM_SIZE); 1221 SSL3_RANDOM_SIZE);
diff --git a/src/lib/libssl/src/ssl/s3_cbc.c b/src/lib/libssl/src/ssl/s3_cbc.c
index 74bd4b47c8..fd4781b64c 100644
--- a/src/lib/libssl/src/ssl/s3_cbc.c
+++ b/src/lib/libssl/src/ssl/s3_cbc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_cbc.c,v 1.8 2014/07/10 08:51:14 tedu Exp $ */ 1/* $OpenBSD: s3_cbc.c,v 1.9 2014/12/15 00:46:53 doug Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 2012 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 2012 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -416,7 +416,8 @@ ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
416 * functions, above, we know that data_plus_mac_size is large enough to contain 416 * functions, above, we know that data_plus_mac_size is large enough to contain
417 * a padding byte and MAC. (If the padding was invalid, it might contain the 417 * a padding byte and MAC. (If the padding was invalid, it might contain the
418 * padding too. ) */ 418 * padding too. ) */
419void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out, 419int
420ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out,
420 size_t* md_out_size, const unsigned char header[13], 421 size_t* md_out_size, const unsigned char header[13],
421 const unsigned char *data, size_t data_plus_mac_size, 422 const unsigned char *data, size_t data_plus_mac_size,
422 size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret, 423 size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret,
@@ -497,8 +498,8 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out,
497 * supported. */ 498 * supported. */
498 OPENSSL_assert(0); 499 OPENSSL_assert(0);
499 if (md_out_size) 500 if (md_out_size)
500 *md_out_size = -1; 501 *md_out_size = 0;
501 return; 502 return 0;
502 } 503 }
503 504
504 OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES); 505 OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES);
@@ -675,7 +676,10 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out,
675 } 676 }
676 677
677 EVP_MD_CTX_init(&md_ctx); 678 EVP_MD_CTX_init(&md_ctx);
678 EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */); 679 if (!EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */)) {
680 EVP_MD_CTX_cleanup(&md_ctx);
681 return 0;
682 }
679 if (is_sslv3) { 683 if (is_sslv3) {
680 /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */ 684 /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */
681 memset(hmac_pad, 0x5c, sslv3_pad_length); 685 memset(hmac_pad, 0x5c, sslv3_pad_length);
@@ -695,4 +699,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out,
695 if (md_out_size) 699 if (md_out_size)
696 *md_out_size = md_out_size_u; 700 *md_out_size = md_out_size_u;
697 EVP_MD_CTX_cleanup(&md_ctx); 701 EVP_MD_CTX_cleanup(&md_ctx);
702
703 return 1;
698} 704}
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 47b6824533..d1f2e05eb8 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.102 2014/12/14 16:19:38 jsing Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.103 2014/12/15 00:46:53 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1439,9 +1439,12 @@ ssl3_get_key_exchange(SSL *s)
1439 j = 0; 1439 j = 0;
1440 q = md_buf; 1440 q = md_buf;
1441 for (num = 2; num > 0; num--) { 1441 for (num = 2; num > 0; num--) {
1442 EVP_DigestInit_ex(&md_ctx, 1442 if (!EVP_DigestInit_ex(&md_ctx,
1443 (num == 2) ? s->ctx->md5 : s->ctx->sha1, 1443 (num == 2) ? s->ctx->md5 : s->ctx->sha1,
1444 NULL); 1444 NULL)) {
1445 al = SSL_AD_INTERNAL_ERROR;
1446 goto f_err;
1447 }
1445 EVP_DigestUpdate(&md_ctx, 1448 EVP_DigestUpdate(&md_ctx,
1446 s->s3->client_random, 1449 s->s3->client_random,
1447 SSL3_RANDOM_SIZE); 1450 SSL3_RANDOM_SIZE);
@@ -2245,7 +2248,8 @@ ssl3_send_client_key_exchange(SSL *s)
2245 nid = NID_id_GostR3411_94; 2248 nid = NID_id_GostR3411_94;
2246 else 2249 else
2247 nid = NID_id_tc26_gost3411_2012_256; 2250 nid = NID_id_tc26_gost3411_2012_256;
2248 EVP_DigestInit(ukm_hash, EVP_get_digestbynid(nid)); 2251 if (!EVP_DigestInit(ukm_hash, EVP_get_digestbynid(nid)))
2252 goto err;
2249 EVP_DigestUpdate(ukm_hash, 2253 EVP_DigestUpdate(ukm_hash,
2250 s->s3->client_random, SSL3_RANDOM_SIZE); 2254 s->s3->client_random, SSL3_RANDOM_SIZE);
2251 EVP_DigestUpdate(ukm_hash, 2255 EVP_DigestUpdate(ukm_hash,
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index ec7df59f3b..0c7cda3c60 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_enc.c,v 1.57 2014/12/10 15:43:31 jsing Exp $ */ 1/* $OpenBSD: s3_enc.c,v 1.58 2014/12/15 00:46:53 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -187,7 +187,8 @@ ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
187 for (j = 0; j < k; j++) 187 for (j = 0; j < k; j++)
188 buf[j] = c; 188 buf[j] = c;
189 c++; 189 c++;
190 EVP_DigestInit_ex(&s1, EVP_sha1(), NULL); 190 if (!EVP_DigestInit_ex(&s1, EVP_sha1(), NULL))
191 return 0;
191 EVP_DigestUpdate(&s1, buf, k); 192 EVP_DigestUpdate(&s1, buf, k);
192 EVP_DigestUpdate(&s1, s->session->master_key, 193 EVP_DigestUpdate(&s1, s->session->master_key,
193 s->session->master_key_length); 194 s->session->master_key_length);
@@ -195,7 +196,8 @@ ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
195 EVP_DigestUpdate(&s1, s->s3->client_random, SSL3_RANDOM_SIZE); 196 EVP_DigestUpdate(&s1, s->s3->client_random, SSL3_RANDOM_SIZE);
196 EVP_DigestFinal_ex(&s1, smd, NULL); 197 EVP_DigestFinal_ex(&s1, smd, NULL);
197 198
198 EVP_DigestInit_ex(&m5, EVP_md5(), NULL); 199 if (!EVP_DigestInit_ex(&m5, EVP_md5(), NULL))
200 return 0;
199 EVP_DigestUpdate(&m5, s->session->master_key, 201 EVP_DigestUpdate(&m5, s->session->master_key,
200 s->session->master_key_length); 202 s->session->master_key_length);
201 EVP_DigestUpdate(&m5, smd, SHA_DIGEST_LENGTH); 203 EVP_DigestUpdate(&m5, smd, SHA_DIGEST_LENGTH);
@@ -547,8 +549,10 @@ ssl3_digest_cached_records(SSL *s)
547 return 0; 549 return 0;
548 } 550 }
549 if (!EVP_DigestInit_ex(s->s3->handshake_dgst[i], 551 if (!EVP_DigestInit_ex(s->s3->handshake_dgst[i],
550 md, NULL)) 552 md, NULL)) {
553 EVP_MD_CTX_destroy(s->s3->handshake_dgst[i]);
551 return 0; 554 return 0;
555 }
552 if (!EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata, 556 if (!EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata,
553 hdatalen)) 557 hdatalen))
554 return 0; 558 return 0;
@@ -625,7 +629,8 @@ ssl3_handshake_mac(SSL *s, int md_nid, const char *sender, int len,
625 EVP_DigestUpdate(&ctx, ssl3_pad_1, npad); 629 EVP_DigestUpdate(&ctx, ssl3_pad_1, npad);
626 EVP_DigestFinal_ex(&ctx, md_buf, &i); 630 EVP_DigestFinal_ex(&ctx, md_buf, &i);
627 631
628 EVP_DigestInit_ex(&ctx, EVP_MD_CTX_md(&ctx), NULL); 632 if (!EVP_DigestInit_ex(&ctx, EVP_MD_CTX_md(&ctx), NULL))
633 return 0;
629 EVP_DigestUpdate(&ctx, s->session->master_key, 634 EVP_DigestUpdate(&ctx, s->session->master_key,
630 s->session->master_key_length); 635 s->session->master_key_length);
631 EVP_DigestUpdate(&ctx, ssl3_pad_2, npad); 636 EVP_DigestUpdate(&ctx, ssl3_pad_2, npad);
@@ -697,9 +702,10 @@ n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
697 header[j++] = rec->length >> 8; 702 header[j++] = rec->length >> 8;
698 header[j++] = rec->length & 0xff; 703 header[j++] = rec->length & 0xff;
699 704
700 ssl3_cbc_digest_record(hash, md, &md_size, header, rec->input, 705 if (!ssl3_cbc_digest_record(hash, md, &md_size, header,
701 rec->length + md_size, orig_len, mac_sec, md_size, 706 rec->input, rec->length + md_size, orig_len, mac_sec,
702 1 /* is SSLv3 */); 707 md_size, 1 /* is SSLv3 */))
708 return (-1);
703 } else { 709 } else {
704 unsigned int md_size_u; 710 unsigned int md_size_u;
705 /* Chop the digest off the end :-) */ 711 /* Chop the digest off the end :-) */
@@ -757,14 +763,16 @@ ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
757 763
758 EVP_MD_CTX_init(&ctx); 764 EVP_MD_CTX_init(&ctx);
759 for (i = 0; i < 3; i++) { 765 for (i = 0; i < 3; i++) {
760 EVP_DigestInit_ex(&ctx, s->ctx->sha1, NULL); 766 if (!EVP_DigestInit_ex(&ctx, s->ctx->sha1, NULL))
767 return 0;
761 EVP_DigestUpdate(&ctx, salt[i], strlen((const char *)salt[i])); 768 EVP_DigestUpdate(&ctx, salt[i], strlen((const char *)salt[i]));
762 EVP_DigestUpdate(&ctx, p, len); 769 EVP_DigestUpdate(&ctx, p, len);
763 EVP_DigestUpdate(&ctx, s->s3->client_random, SSL3_RANDOM_SIZE); 770 EVP_DigestUpdate(&ctx, s->s3->client_random, SSL3_RANDOM_SIZE);
764 EVP_DigestUpdate(&ctx, s->s3->server_random, SSL3_RANDOM_SIZE); 771 EVP_DigestUpdate(&ctx, s->s3->server_random, SSL3_RANDOM_SIZE);
765 EVP_DigestFinal_ex(&ctx, buf, &n); 772 EVP_DigestFinal_ex(&ctx, buf, &n);
766 773
767 EVP_DigestInit_ex(&ctx, s->ctx->md5, NULL); 774 if (!EVP_DigestInit_ex(&ctx, s->ctx->md5, NULL))
775 return 0;
768 EVP_DigestUpdate(&ctx, p, len); 776 EVP_DigestUpdate(&ctx, p, len);
769 EVP_DigestUpdate(&ctx, buf, n); 777 EVP_DigestUpdate(&ctx, buf, n);
770 EVP_DigestFinal_ex(&ctx, out, &n); 778 EVP_DigestFinal_ex(&ctx, out, &n);
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 783b1df782..5e4a605c60 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.94 2014/12/14 14:34:43 jsing Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.95 2014/12/15 00:46:53 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1612,9 +1612,10 @@ ssl3_send_server_key_exchange(SSL *s)
1612 q = md_buf; 1612 q = md_buf;
1613 j = 0; 1613 j = 0;
1614 for (num = 2; num > 0; num--) { 1614 for (num = 2; num > 0; num--) {
1615 EVP_DigestInit_ex(&md_ctx, 1615 if (!EVP_DigestInit_ex(&md_ctx,
1616 (num == 2) ? s->ctx->md5 : 1616 (num == 2) ? s->ctx->md5 :
1617 s->ctx->sha1, NULL); 1617 s->ctx->sha1, NULL))
1618 goto err;
1618 EVP_DigestUpdate(&md_ctx, 1619 EVP_DigestUpdate(&md_ctx,
1619 s->s3->client_random, 1620 s->s3->client_random,
1620 SSL3_RANDOM_SIZE); 1621 SSL3_RANDOM_SIZE);
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index e809ff0bc0..8dbd4a3f39 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.93 2014/12/14 14:34:43 jsing Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.94 2014/12/15 00:46:53 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -3033,8 +3033,12 @@ ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
3033{ 3033{
3034 ssl_clear_hash_ctx(hash); 3034 ssl_clear_hash_ctx(hash);
3035 *hash = EVP_MD_CTX_create(); 3035 *hash = EVP_MD_CTX_create();
3036 if (*hash != NULL && md != NULL) 3036 if (*hash != NULL && md != NULL) {
3037 EVP_DigestInit_ex(*hash, md, NULL); 3037 if (!EVP_DigestInit_ex(*hash, md, NULL)) {
3038 ssl_clear_hash_ctx(hash);
3039 return (NULL);
3040 }
3041 }
3038 return (*hash); 3042 return (*hash);
3039} 3043}
3040 3044
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 97e32de380..3312aebaad 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.83 2014/12/14 16:19:38 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.84 2014/12/15 00:46:53 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -865,7 +865,7 @@ int ssl3_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec,
865int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec, 865int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec,
866 unsigned block_size, unsigned mac_size); 866 unsigned block_size, unsigned mac_size);
867char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); 867char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
868void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out, 868int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out,
869 size_t *md_out_size, const unsigned char header[13], 869 size_t *md_out_size, const unsigned char header[13],
870 const unsigned char *data, size_t data_plus_mac_size, 870 const unsigned char *data, size_t data_plus_mac_size,
871 size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret, 871 size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret,
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c
index 4aae344696..3b7e625db3 100644
--- a/src/lib/libssl/src/ssl/t1_enc.c
+++ b/src/lib/libssl/src/ssl/t1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_enc.c,v 1.74 2014/12/14 15:30:50 jsing Exp $ */ 1/* $OpenBSD: t1_enc.c,v 1.75 2014/12/15 00:46:53 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1054,12 +1054,13 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
1054 * timing-side channel information about how many blocks of 1054 * timing-side channel information about how many blocks of
1055 * data we are hashing because that gives an attacker a 1055 * data we are hashing because that gives an attacker a
1056 * timing-oracle. */ 1056 * timing-oracle. */
1057 ssl3_cbc_digest_record(mac_ctx, 1057 if (!ssl3_cbc_digest_record(mac_ctx,
1058 md, &md_size, header, rec->input, 1058 md, &md_size, header, rec->input,
1059 rec->length + md_size, orig_len, 1059 rec->length + md_size, orig_len,
1060 ssl->s3->read_mac_secret, 1060 ssl->s3->read_mac_secret,
1061 ssl->s3->read_mac_secret_size, 1061 ssl->s3->read_mac_secret_size,
1062 0 /* not SSLv3 */); 1062 0 /* not SSLv3 */))
1063 return -1;
1063 } else { 1064 } else {
1064 EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)); 1065 EVP_DigestSignUpdate(mac_ctx, header, sizeof(header));
1065 EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length); 1066 EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length);
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index e809ff0bc0..8dbd4a3f39 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.93 2014/12/14 14:34:43 jsing Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.94 2014/12/15 00:46:53 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -3033,8 +3033,12 @@ ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
3033{ 3033{
3034 ssl_clear_hash_ctx(hash); 3034 ssl_clear_hash_ctx(hash);
3035 *hash = EVP_MD_CTX_create(); 3035 *hash = EVP_MD_CTX_create();
3036 if (*hash != NULL && md != NULL) 3036 if (*hash != NULL && md != NULL) {
3037 EVP_DigestInit_ex(*hash, md, NULL); 3037 if (!EVP_DigestInit_ex(*hash, md, NULL)) {
3038 ssl_clear_hash_ctx(hash);
3039 return (NULL);
3040 }
3041 }
3038 return (*hash); 3042 return (*hash);
3039} 3043}
3040 3044
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 97e32de380..3312aebaad 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.83 2014/12/14 16:19:38 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.84 2014/12/15 00:46:53 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -865,7 +865,7 @@ int ssl3_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec,
865int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec, 865int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec,
866 unsigned block_size, unsigned mac_size); 866 unsigned block_size, unsigned mac_size);
867char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); 867char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
868void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out, 868int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out,
869 size_t *md_out_size, const unsigned char header[13], 869 size_t *md_out_size, const unsigned char header[13],
870 const unsigned char *data, size_t data_plus_mac_size, 870 const unsigned char *data, size_t data_plus_mac_size,
871 size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret, 871 size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret,
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 4aae344696..3b7e625db3 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_enc.c,v 1.74 2014/12/14 15:30:50 jsing Exp $ */ 1/* $OpenBSD: t1_enc.c,v 1.75 2014/12/15 00:46:53 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1054,12 +1054,13 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
1054 * timing-side channel information about how many blocks of 1054 * timing-side channel information about how many blocks of
1055 * data we are hashing because that gives an attacker a 1055 * data we are hashing because that gives an attacker a
1056 * timing-oracle. */ 1056 * timing-oracle. */
1057 ssl3_cbc_digest_record(mac_ctx, 1057 if (!ssl3_cbc_digest_record(mac_ctx,
1058 md, &md_size, header, rec->input, 1058 md, &md_size, header, rec->input,
1059 rec->length + md_size, orig_len, 1059 rec->length + md_size, orig_len,
1060 ssl->s3->read_mac_secret, 1060 ssl->s3->read_mac_secret,
1061 ssl->s3->read_mac_secret_size, 1061 ssl->s3->read_mac_secret_size,
1062 0 /* not SSLv3 */); 1062 0 /* not SSLv3 */))
1063 return -1;
1063 } else { 1064 } else {
1064 EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)); 1065 EVP_DigestSignUpdate(mac_ctx, header, sizeof(header));
1065 EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length); 1066 EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-23 00:10:13 +0000