diff options
| author | jkim <jkim@FreeBSD.org> | 2015-12-03 21:13:35 +0000 |
|---|---|---|
| committer | jkim <jkim@FreeBSD.org> | 2015-12-03 21:13:35 +0000 |
| commit | 8d77ecefb78a0e7ec702cf614a78dd85de9395ee (patch) | |
| tree | ade84397c16fe1b20cb2a441f603826e49c36cf2 /crypto/openssl/ssl/t1_enc.c | |
| parent | 5374819b03f4e6dcb332bf2729f9270e5d10b83a (diff) | |
| parent | afd52a5fc90e70242dbb0e7d29987c976eb993e0 (diff) | |
| download | FreeBSD-src-8d77ecefb78a0e7ec702cf614a78dd85de9395ee.zip FreeBSD-src-8d77ecefb78a0e7ec702cf614a78dd85de9395ee.tar.gz | |
Merge OpenSSL 1.0.2e.
Diffstat (limited to 'crypto/openssl/ssl/t1_enc.c')
| -rw-r--r-- | crypto/openssl/ssl/t1_enc.c | 48 |
1 files changed, 33 insertions, 15 deletions
diff --git a/crypto/openssl/ssl/t1_enc.c b/crypto/openssl/ssl/t1_enc.c index e2a8f86..f46544b 100644 --- a/crypto/openssl/ssl/t1_enc.c +++ b/crypto/openssl/ssl/t1_enc.c @@ -384,6 +384,8 @@ int tls1_change_cipher_state(SSL *s, int which) EVP_CIPHER_CTX_init(s->enc_read_ctx); dd = s->enc_read_ctx; mac_ctx = ssl_replace_hash(&s->read_hash, NULL); + if (mac_ctx == NULL) + goto err; #ifndef OPENSSL_NO_COMP if (s->expand != NULL) { COMP_CTX_free(s->expand); @@ -422,11 +424,14 @@ int tls1_change_cipher_state(SSL *s, int which) dd = s->enc_write_ctx; if (SSL_IS_DTLS(s)) { mac_ctx = EVP_MD_CTX_create(); - if (!mac_ctx) + if (mac_ctx == NULL) goto err; s->write_hash = mac_ctx; - } else + } else { mac_ctx = ssl_replace_hash(&s->write_hash, NULL); + if (mac_ctx == NULL) + goto err; + } #ifndef OPENSSL_NO_COMP if (s->compress != NULL) { COMP_CTX_free(s->compress); @@ -499,7 +504,12 @@ int tls1_change_cipher_state(SSL *s, int which) if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) { mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, mac_secret, *mac_secret_size); - EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key); + if (mac_key == NULL + || EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key) <= 0) { + EVP_PKEY_free(mac_key); + SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); + goto err2; + } EVP_PKEY_free(mac_key); } #ifdef TLS_DEBUG @@ -931,8 +941,9 @@ int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out) } EVP_MD_CTX_init(&ctx); - EVP_MD_CTX_copy_ex(&ctx, d); - EVP_DigestFinal_ex(&ctx, out, &ret); + if (EVP_MD_CTX_copy_ex(&ctx, d) <=0 + || EVP_DigestFinal_ex(&ctx, out, &ret) <= 0) + ret = 0; EVP_MD_CTX_cleanup(&ctx); return ((int)ret); } @@ -1059,17 +1070,24 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) * are hashing because that gives an attacker a timing-oracle. */ /* Final param == not SSLv3 */ - ssl3_cbc_digest_record(mac_ctx, - md, &md_size, - header, rec->input, - rec->length + md_size, orig_len, - ssl->s3->read_mac_secret, - ssl->s3->read_mac_secret_size, 0); + if (ssl3_cbc_digest_record(mac_ctx, + md, &md_size, + header, rec->input, + rec->length + md_size, orig_len, + ssl->s3->read_mac_secret, + ssl->s3->read_mac_secret_size, 0) <= 0) { + if (!stream_mac) + EVP_MD_CTX_cleanup(&hmac); + return -1; + } } else { - EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)); - EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length); - t = EVP_DigestSignFinal(mac_ctx, md, &md_size); - OPENSSL_assert(t > 0); + if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0 + || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0 + || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) { + if (!stream_mac) + EVP_MD_CTX_cleanup(&hmac); + return -1; + } #ifdef OPENSSL_FIPS if (!send && FIPS_mode()) tls_fips_digest_extra(ssl->enc_read_ctx, |
