Check EVP errors for handshake digests.

Partial mitigation of PR#3200 (cherry picked from commit 0294b2be5f4c11e60620c0018674ff0e17b14238)

Check EVP errors for handshake digests.
Partial mitigation of PR#3200 (cherry picked from commit 0294b2be5f4c11e60620c0018674ff0e17b14238)
ed496b3d · Dr. Stephen Henson · 88c21c47 · ed496b3d · ed496b3d · ed496b3d
隐藏空白更改
内联并排

Showing with 15 addition and 6 deletion

ssl/s3_both.c ssl/s3_both.c +2 -0

ssl/s3_pkt.c ssl/s3_pkt.c +7 -1

ssl/t1_enc.c ssl/t1_enc.c +6 -5

未找到文件。
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -160,6 +160,8 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)

 		i=s->method->ssl3_enc->final_finish_mac(s,
 			sender,slen,s->s3->tmp.finish_md);
+		if (i == 0)
+			return 0;
 		s->s3->tmp.finish_md_len = i;
 		memcpy(p, s->s3->tmp.finish_md, i);
 		l=i;

--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1563,8 +1563,14 @@ int ssl3_do_change_cipher_spec(SSL *s)
 		slen=s->method->ssl3_enc->client_finished_label_len;
 		}

-	s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
+	i = s->method->ssl3_enc->final_finish_mac(s,
 		sender,slen,s->s3->tmp.peer_finish_md);
+	if (i == 0)
+		{
+		SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
+		return 0;
+		}
+	s->s3->tmp.peer_finish_md_len = i;

 	return(1);
 	}

--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -939,18 +939,19 @@ int tls1_final_finish_mac(SSL *s,
 		if (mask & ssl_get_algorithm2(s))
 			{
 			int hashsize = EVP_MD_size(md);
-			if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
+			EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
+			if (!hdgst || hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
 				{
 				/* internal error: 'buf' is too small for this cipersuite! */
 				err = 1;
 				}
 			else
 				{
-				EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]);
-				EVP_DigestFinal_ex(&ctx,q,&i);
-				if (i != (unsigned int)hashsize) /* can't really happen */
+				if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
+					!EVP_DigestFinal_ex(&ctx,q,&i) ||
+					(i != (unsigned int)hashsize))
 					err = 1;
-				q+=i;
+				q+=hashsize;
 				}
 			}
 		}