summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorjsing <>2018-08-14 16:19:06 +0000
committerjsing <>2018-08-14 16:19:06 +0000
commitaae188d3f25337840af6b400e32684186d79fc03 (patch)
tree6412a5127a983ac896f0ea63ec3754e25b4eee8d /src
parenta68a512f39fd049728cc0d7de693ebd091c84f8d (diff)
downloadopenbsd-aae188d3f25337840af6b400e32684186d79fc03.tar.gz
openbsd-aae188d3f25337840af6b400e32684186d79fc03.tar.bz2
openbsd-aae188d3f25337840af6b400e32684186d79fc03.zip
Actually check the return values for EVP_Sign* and EVP_Verify*.
ok bcook@ beck@ tb@
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/ssl_clnt.c20
-rw-r--r--src/lib/libssl/ssl_srvr.c18
2 files changed, 23 insertions, 15 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index f9cdd8657a..dcd4da3634 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_clnt.c,v 1.27 2018/08/10 17:52:35 jsing Exp $ */ 1/* $OpenBSD: ssl_clnt.c,v 1.28 2018/08/14 16:19:06 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1553,13 +1553,17 @@ ssl3_get_server_key_exchange(SSL *s)
1553 goto f_err; 1553 goto f_err;
1554 } 1554 }
1555 1555
1556 EVP_VerifyInit_ex(&md_ctx, md, NULL); 1556 if (!EVP_VerifyInit_ex(&md_ctx, md, NULL))
1557 EVP_VerifyUpdate(&md_ctx, s->s3->client_random, 1557 goto err;
1558 SSL3_RANDOM_SIZE); 1558 if (!EVP_VerifyUpdate(&md_ctx, s->s3->client_random,
1559 EVP_VerifyUpdate(&md_ctx, s->s3->server_random, 1559 SSL3_RANDOM_SIZE))
1560 SSL3_RANDOM_SIZE); 1560 goto err;
1561 EVP_VerifyUpdate(&md_ctx, param, param_len); 1561 if (!EVP_VerifyUpdate(&md_ctx, s->s3->server_random,
1562 if (EVP_VerifyFinal(&md_ctx, p,(int)n, pkey) <= 0) { 1562 SSL3_RANDOM_SIZE))
1563 goto err;
1564 if (!EVP_VerifyUpdate(&md_ctx, param, param_len))
1565 goto err;
1566 if (EVP_VerifyFinal(&md_ctx, p, (int)n, pkey) <= 0) {
1563 /* bad signature */ 1567 /* bad signature */
1564 al = SSL_AD_DECRYPT_ERROR; 1568 al = SSL_AD_DECRYPT_ERROR;
1565 SSLerror(s, SSL_R_BAD_SIGNATURE); 1569 SSLerror(s, SSL_R_BAD_SIGNATURE);
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 3d20f0f900..176a00fb75 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_srvr.c,v 1.36 2018/08/10 17:44:16 jsing Exp $ */ 1/* $OpenBSD: ssl_srvr.c,v 1.37 2018/08/14 16:19:06 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1589,12 +1589,16 @@ ssl3_send_server_key_exchange(SSL *s)
1589 } 1589 }
1590 p += 2; 1590 p += 2;
1591 } 1591 }
1592 EVP_SignInit_ex(&md_ctx, md, NULL); 1592 if (!EVP_SignInit_ex(&md_ctx, md, NULL))
1593 EVP_SignUpdate(&md_ctx, s->s3->client_random, 1593 goto err;
1594 SSL3_RANDOM_SIZE); 1594 if (!EVP_SignUpdate(&md_ctx, s->s3->client_random,
1595 EVP_SignUpdate(&md_ctx, s->s3->server_random, 1595 SSL3_RANDOM_SIZE))
1596 SSL3_RANDOM_SIZE); 1596 goto err;
1597 EVP_SignUpdate(&md_ctx, d, n); 1597 if (!EVP_SignUpdate(&md_ctx, s->s3->server_random,
1598 SSL3_RANDOM_SIZE))
1599 goto err;
1600 if (!EVP_SignUpdate(&md_ctx, d, n))
1601 goto err;
1598 if (!EVP_SignFinal(&md_ctx, &p[2], (unsigned int *)&i, 1602 if (!EVP_SignFinal(&md_ctx, &p[2], (unsigned int *)&i,
1599 pkey)) { 1603 pkey)) {
1600 SSLerror(s, ERR_R_EVP_LIB); 1604 SSLerror(s, ERR_R_EVP_LIB);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 01:50:53 +0000