If we're going to return errors (no matter how stupid), then we should

test for them!

6 files changed, 27 insertions, 10 deletions

diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index 985ff2f5a9..df54409f10 100644
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -1183,6 +1183,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_F_EVP_DIGESTINIT_EX				 128
 #define EVP_F_EVP_ENCRYPTFINAL_EX			 127
 #define EVP_F_EVP_MD_CTX_COPY_EX			 110
+#define EVP_F_EVP_MD_SIZE				 162
 #define EVP_F_EVP_OPENINIT				 102
 #define EVP_F_EVP_PBE_ALG_ADD				 115
 #define EVP_F_EVP_PBE_ALG_ADD_TYPE			 160
@@ -1262,6 +1263,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_INVALID_OPERATION				 148
 #define EVP_R_IV_TOO_LARGE				 102
 #define EVP_R_KEYGEN_FAILURE				 120
+#define EVP_R_MESSAGE_DIGEST_IS_NULL			 159
 #define EVP_R_METHOD_NOT_SUPPORTED			 144
 #define EVP_R_MISSING_PARAMETERS			 103
 #define EVP_R_NO_CIPHER_SET				 131
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index 25a8ad7cdc..04485f0162 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -1,6 +1,6 @@
 /* crypto/evp/evp_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -85,6 +85,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
 {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX),	"EVP_DigestInit_ex"},
 {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX),	"EVP_EncryptFinal_ex"},
 {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX),	"EVP_MD_CTX_copy_ex"},
+{ERR_FUNC(EVP_F_EVP_MD_SIZE),	"EVP_MD_SIZE"},
 {ERR_FUNC(EVP_F_EVP_OPENINIT),	"EVP_OpenInit"},
 {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD),	"EVP_PBE_alg_add"},
 {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE),	"EVP_PBE_alg_add_type"},
@@ -167,6 +168,7 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {ERR_REASON(EVP_R_INVALID_OPERATION)     ,"invalid operation"},
 {ERR_REASON(EVP_R_IV_TOO_LARGE)          ,"iv too large"},
 {ERR_REASON(EVP_R_KEYGEN_FAILURE)        ,"keygen failure"},
+{ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL),"message digest is null"},
 {ERR_REASON(EVP_R_METHOD_NOT_SUPPORTED)  ,"method not supported"},
 {ERR_REASON(EVP_R_MISSING_PARAMETERS)    ,"missing parameters"},
 {ERR_REASON(EVP_R_NO_CIPHER_SET)         ,"no cipher set"},
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index daccb66820..d815bc6d6f 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -256,7 +256,10 @@ int EVP_MD_pkey_type(const EVP_MD *md)
 int EVP_MD_size(const EVP_MD *md)
 	{
 	if (!md)
+		{
+		EVPerr(EVP_F_EVP_MD_SIZE, EVP_R_MESSAGE_DIGEST_IS_NULL);
 		return -1;
+		}
 	return md->md_size;
 	}
 
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index c6d257fc08..d98455eaad 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -128,7 +128,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
 	return do_sigver_init(ctx, pctx, type, e, pkey, 1);
 	}
 
-
 int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen)
 	{
 	int sctx, r = 0;
@@ -159,13 +158,15 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen)
 		{
 		if (sctx)
 			{
-			if (ctx->pctx->pmeth->signctx(ctx->pctx, 
-						sigret, siglen, ctx) <= 0)
+			if (ctx->pctx->pmeth->signctx(ctx->pctx, sigret, siglen, ctx) <= 0)
+				return 0;
+			}
+		else
+			{
+			int s = EVP_MD_size(ctx->digest);
+			if (s < 0 || EVP_PKEY_sign(ctx->pctx, sigret, siglen, NULL, s) <= 0)
 				return 0;
 			}
-		else if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, NULL,
-						EVP_MD_size(ctx->digest)) <= 0)
-			return 0;
 		}
 	return 1;
 	}
@@ -177,6 +178,8 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen)
 	int r;
 	unsigned int mdlen;
 	int vctx;
+
+	/* FIXME: surely this should test verifyctx? (Ben 29/12/08) */
 	if (ctx->pctx->pmeth->signctx)
 		vctx = 1;
 	else
diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c
index 9c6e07b706..7ecfa8dad9 100644
--- a/crypto/evp/p5_crpt.c
+++ b/crypto/evp/p5_crpt.c
@@ -81,6 +81,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
 	int saltlen, iter;
 	unsigned char *salt;
 	const unsigned char *pbuf;
+	int mdsize;
 
 	/* Extract useful info from parameter */
 	if (param == NULL || param->type != V_ASN1_SEQUENCE ||
@@ -109,9 +110,12 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
 	EVP_DigestUpdate(&ctx, salt, saltlen);
 	PBEPARAM_free(pbe);
 	EVP_DigestFinal_ex(&ctx, md_tmp, NULL);
+	mdsize = EVP_MD_size(md);
+	if (mdsize < 0)
+	    return 0;
 	for (i = 1; i < iter; i++) {
 		EVP_DigestInit_ex(&ctx, md, NULL);
-		EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md));
+		EVP_DigestUpdate(&ctx, md_tmp, mdsize);
 		EVP_DigestFinal_ex (&ctx, md_tmp, NULL);
 	}
 	EVP_MD_CTX_cleanup(&ctx);
diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
index 70fd48aed0..334379f310 100644
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -87,6 +87,8 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
 	HMAC_CTX hctx;
 
 	mdlen = EVP_MD_size(digest);
+	if (mdlen < 0)
+		return 0;
 
 	HMAC_CTX_init(&hctx);
 	p = out;
@@ -273,8 +275,9 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 	salt = kdf->salt->value.octet_string->data;
 	saltlen = kdf->salt->value.octet_string->length;
 	iter = ASN1_INTEGER_get(kdf->iter);
-	PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
-								keylen, key);
+	if(!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
+						   keylen, key))
+		goto err;
 	EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
 	OPENSSL_cleanse(key, keylen);
 	PBKDF2PARAM_free(kdf);