Hoist memset of CBB above EVP_MD_CTX_new() and HMAC_CTX_new() to avoid

a use of uninitialized in the unlikely event that either of them fails. Problem introduced in r1.128. CID 345113 ok jsing
author: tb <> 2021-12-26 15:10:59 +0000
committer: tb <> 2021-12-26 15:10:59 +0000
commit: a2d5fa10de4afe08bd921a797a3634815bf0f460 (patch)
tree: 9904bf7ffa9ad2af2073419c5dcad5811c813383 /src
parent: 7f97a389979014d8bd25ff0a6e61a99fcf0d699a (diff)
download: openbsd-a2d5fa10de4afe08bd921a797a3634815bf0f460.tar.gz
openbsd-a2d5fa10de4afe08bd921a797a3634815bf0f460.tar.bz2
openbsd-a2d5fa10de4afe08bd921a797a3634815bf0f460.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 665fcc5037..330f9176d8 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.128 2021/12/09 17:53:29 tb Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.129 2021/12/26 15:10:59 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2494,13 +2494,13 @@ ssl3_send_newsession_ticket(SSL *s)
         * New Session Ticket - RFC 5077, section 3.3.
         */
+        memset(&cbb, 0, sizeof(cbb));
        if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
                goto err;
        if ((hctx = HMAC_CTX_new()) == NULL)
                goto err;
-        memset(&cbb, 0, sizeof(cbb));
        if (S3I(s)->hs.state == SSL3_ST_SW_SESSION_TICKET_A) {
                if (!ssl3_handshake_msg_start(s, &cbb, &session_ticket,
                    SSL3_MT_NEWSESSION_TICKET))
author	tb <>	2021-12-26 15:10:59 +0000
committer	tb <>	2021-12-26 15:10:59 +0000
commit	a2d5fa10de4afe08bd921a797a3634815bf0f460 (patch)
tree	9904bf7ffa9ad2af2073419c5dcad5811c813383 /src
parent	7f97a389979014d8bd25ff0a6e61a99fcf0d699a (diff)
download	openbsd-a2d5fa10de4afe08bd921a797a3634815bf0f460.tar.gz openbsd-a2d5fa10de4afe08bd921a797a3634815bf0f460.tar.bz2 openbsd-a2d5fa10de4afe08bd921a797a3634815bf0f460.zip