The ssl3_digest_cached_records() function does not handle errors properly

The ssl3_digest_cached_records() function was failing to handle errors that might be returned from EVP_DigestSignInit() and EVP_DigestSignUpdate(). RT#4180 Reviewed-by: Stephen Henson <steve@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-05-26 15:45:14 +0100
committer: Matt Caswell <matt@openssl.org> 2016-05-26 16:13:08 +0100
commit: ada5de7ca1deae28713303319694806214dfa7d9 (patch)
tree: 99ee0ccc165835c33116c2e1369a2b36a96dfcfb
parent: 649af484c8a15ad916c101aba86c7529dac7eccb (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 47a0ec9fe0..b9fc0c7049 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -624,8 +624,12 @@ int ssl3_digest_cached_records(SSL *s)
                                      EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
             }
 #endif
-            EVP_DigestInit_ex(s->s3->handshake_dgst[i], md, NULL);
-            EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata, hdatalen);
+            if (!EVP_DigestInit_ex(s->s3->handshake_dgst[i], md, NULL)
+                || !EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata,
+                                     hdatalen)) {
+                SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
         } else {
             s->s3->handshake_dgst[i] = NULL;
         }
author	Matt Caswell <matt@openssl.org>	2016-05-26 15:45:14 +0100
committer	Matt Caswell <matt@openssl.org>	2016-05-26 16:13:08 +0100
commit	ada5de7ca1deae28713303319694806214dfa7d9 (patch)
tree	99ee0ccc165835c33116c2e1369a2b36a96dfcfb
parent	649af484c8a15ad916c101aba86c7529dac7eccb (diff)