From 5ff3741c44f372895206f59414df34e2dcd5eaa0 Mon Sep 17 00:00:00 2001
From: doug <>
Date: Mon, 15 Dec 2014 00:46:53 +0000
Subject: Add error handling for EVP_DigestInit_ex().

A few EVP_DigestInit_ex() calls were left alone since reporting an
error would change the public API.

Changed internal ssl3_cbc_digest_record() to return a value due to the above
change.  It will also now set md_out_size=0 on failure.

This is based on part of BoringSSL's commit to fix malloc crashes:
https://boringssl.googlesource.com/boringssl/+/69a01608f33ab6fe2c3485d94aef1fe9eacf5364

ok miod@
---
 src/lib/libssl/ssl_locl.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/lib/libssl/ssl_locl.h')

diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 97e32de380..3312aebaad 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.83 2014/12/14 16:19:38 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.84 2014/12/15 00:46:53 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -865,7 +865,7 @@ int ssl3_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec,
 int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec,
     unsigned block_size, unsigned mac_size);
 char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
-void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out,
+int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out,
     size_t *md_out_size, const unsigned char header[13],
     const unsigned char *data, size_t data_plus_mac_size,
     size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret,
-- 
cgit v1.2.3-55-g6feb