generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Ensure all EVP calls have their returns checked where appropriate

Browse Source 
There are lots of calls to EVP functions from within libssl There were
various places where we should probably check the return value but don't.
This adds these checks.

Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Matt Caswell
2015-11-06 16:31:21 +00:00
parent 2cc7acd273
commit 5f3d93e4a3
13 changed files with 270 additions and 155 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
ssl/record/ssl3_record.c
View File

@@ -846,33 +846,36 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
header[j++] = rec->length & 0xff;
/* Final param == is SSLv3 */
ssl3_cbc_digest_record(hash,
md, &md_size,
header, rec->input,
rec->length + md_size, rec->orig_len,
mac_sec, md_size, 1);
if (ssl3_cbc_digest_record(hash,
md, &md_size,
header, rec->input,
rec->length + md_size, rec->orig_len,
mac_sec, md_size, 1) <= 0)
return -1;
} else {
unsigned int md_size_u;
/* Chop the digest off the end :-) */
EVP_MD_CTX_init(&md_ctx);
EVP_MD_CTX_copy_ex(&md_ctx, hash);
EVP_DigestUpdate(&md_ctx, mac_sec, md_size);
EVP_DigestUpdate(&md_ctx, ssl3_pad_1, npad);
EVP_DigestUpdate(&md_ctx, seq, 8);
rec_char = rec->type;
EVP_DigestUpdate(&md_ctx, &rec_char, 1);
p = md;
s2n(rec->length, p);
EVP_DigestUpdate(&md_ctx, md, 2);
EVP_DigestUpdate(&md_ctx, rec->input, rec->length);
EVP_DigestFinal_ex(&md_ctx, md, NULL);
EVP_MD_CTX_copy_ex(&md_ctx, hash);
EVP_DigestUpdate(&md_ctx, mac_sec, md_size);
EVP_DigestUpdate(&md_ctx, ssl3_pad_2, npad);
EVP_DigestUpdate(&md_ctx, md, md_size);
EVP_DigestFinal_ex(&md_ctx, md, &md_size_u);
if (EVP_MD_CTX_copy_ex(&md_ctx, hash) <= 0
|| EVP_DigestUpdate(&md_ctx, mac_sec, md_size) <= 0
|| EVP_DigestUpdate(&md_ctx, ssl3_pad_1, npad) <= 0
|| EVP_DigestUpdate(&md_ctx, seq, 8) <= 0
|| EVP_DigestUpdate(&md_ctx, &rec_char, 1) <= 0
|| EVP_DigestUpdate(&md_ctx, md, 2) <= 0
|| EVP_DigestUpdate(&md_ctx, rec->input, rec->length) <= 0
|| EVP_DigestFinal_ex(&md_ctx, md, NULL) <= 0
|| EVP_MD_CTX_copy_ex(&md_ctx, hash) <= 0
|| EVP_DigestUpdate(&md_ctx, mac_sec, md_size) <= 0
|| EVP_DigestUpdate(&md_ctx, ssl3_pad_2, npad) <= 0
|| EVP_DigestUpdate(&md_ctx, md, md_size) <= 0
|| EVP_DigestFinal_ex(&md_ctx, md, &md_size_u) <= 0) {
EVP_MD_CTX_cleanup(&md_ctx);
return -1;
}
md_size = md_size_u;
EVP_MD_CTX_cleanup(&md_ctx);
@@ -944,18 +947,24 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
* are hashing because that gives an attacker a timing-oracle.
*/
/* Final param == not SSLv3 */
ssl3_cbc_digest_record(mac_ctx,
md, &md_size,
header, rec->input,
rec->length + md_size, rec->orig_len,
ssl->s3->read_mac_secret,
ssl->s3->read_mac_secret_size, 0);
} else {
EVP_DigestSignUpdate(mac_ctx, header, sizeof(header));
EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length);
t = EVP_DigestSignFinal(mac_ctx, md, &md_size);
if (t <= 0)
if (ssl3_cbc_digest_record(mac_ctx,
md, &md_size,
header, rec->input,
rec->length + md_size, rec->orig_len,
ssl->s3->read_mac_secret,
ssl->s3->read_mac_secret_size, 0) <= 0) {
if (!stream_mac)
EVP_MD_CTX_cleanup(&hmac);
return -1;
}
} else {
if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0
|| EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0
|| EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) {
if (!stream_mac)
EVP_MD_CTX_cleanup(&hmac);
return -1;
}
if (!send && !SSL_USE_ETM(ssl) && FIPS_mode())
tls_fips_digest_extra(ssl->enc_read_ctx,
mac_ctx, rec->input,
@@ -964,6 +973,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
if (!stream_mac)
EVP_MD_CTX_cleanup(&hmac);
#ifdef TLS_DEBUG
fprintf(stderr, "seq=");
{