diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2016-06-18 15:46:13 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2016-07-15 14:09:05 +0100 |
| commit | d166ed8c11e10e9fdaeac182effb9dd318843924 (patch) | |
| tree | fd47ffb1f5d42b121b04d14c1a8f6bdc659637f6 /ssl/s3_enc.c | |
| parent | 1fc431ba57d12189a9bdacd3999ea2a7b91458d8 (diff) | |
| download | openssl-d166ed8c11e10e9fdaeac182effb9dd318843924.zip openssl-d166ed8c11e10e9fdaeac182effb9dd318843924.tar.gz openssl-d166ed8c11e10e9fdaeac182effb9dd318843924.tar.bz2 | |
check return values for EVP_Digest*() APIs
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'ssl/s3_enc.c')
| -rw-r--r-- | ssl/s3_enc.c | 40 |
1 files changed, 22 insertions, 18 deletions
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index b6de38d..3240735 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -70,23 +70,26 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) for (j = 0; j < k; j++) buf[j] = c; c++; - EVP_DigestInit_ex(s1, EVP_sha1(), NULL); - EVP_DigestUpdate(s1, buf, k); - EVP_DigestUpdate(s1, s->session->master_key, - s->session->master_key_length); - EVP_DigestUpdate(s1, s->s3->server_random, SSL3_RANDOM_SIZE); - EVP_DigestUpdate(s1, s->s3->client_random, SSL3_RANDOM_SIZE); - EVP_DigestFinal_ex(s1, smd, NULL); - - EVP_DigestInit_ex(m5, EVP_md5(), NULL); - EVP_DigestUpdate(m5, s->session->master_key, - s->session->master_key_length); - EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH); + if (!EVP_DigestInit_ex(s1, EVP_sha1(), NULL) + || !EVP_DigestUpdate(s1, buf, k) + || !EVP_DigestUpdate(s1, s->session->master_key, + s->session->master_key_length) + || !EVP_DigestUpdate(s1, s->s3->server_random, SSL3_RANDOM_SIZE) + || !EVP_DigestUpdate(s1, s->s3->client_random, SSL3_RANDOM_SIZE) + || !EVP_DigestFinal_ex(s1, smd, NULL) + || !EVP_DigestInit_ex(m5, EVP_md5(), NULL) + || !EVP_DigestUpdate(m5, s->session->master_key, + s->session->master_key_length) + || !EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH)) + goto err; if ((int)(i + MD5_DIGEST_LENGTH) > num) { - EVP_DigestFinal_ex(m5, smd, NULL); + if (!EVP_DigestFinal_ex(m5, smd, NULL)) + goto err; memcpy(km, smd, (num - i)); - } else - EVP_DigestFinal_ex(m5, km, NULL); + } else { + if (!EVP_DigestFinal_ex(m5, km, NULL)) + goto err; + } km += MD5_DIGEST_LENGTH; } @@ -353,12 +356,13 @@ void ssl3_free_digest_list(SSL *s) s->s3->handshake_dgst = NULL; } -void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len) +int ssl3_finish_mac(SSL *s, const unsigned char *buf, int len) { if (s->s3->handshake_dgst == NULL) - BIO_write(s->s3->handshake_buffer, (void *)buf, len); + /* Note: this writes to a memory BIO so a failure is a fatal error */ + return BIO_write(s->s3->handshake_buffer, (void *)buf, len) == len; else - EVP_DigestUpdate(s->s3->handshake_dgst, buf, len); + return EVP_DigestUpdate(s->s3->handshake_dgst, buf, len); } int ssl3_digest_cached_records(SSL *s, int keep) |