The ssl3_digest_cached_records() function does not handle errors properly

The ssl3_digest_cached_records() function was failing to handle errors that might be returned from EVP_DigestSignInit() and EVP_DigestSignUpdate(). RT#4180 Reviewed-by: Stephen Henson <steve@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-05-26 15:45:14 +0100
committer: Matt Caswell <matt@openssl.org> 2016-05-26 15:47:33 +0100
commit: ea32151f7b9353f8906188d007c6893704ac17bb (patch)
tree: b9bd16b336a915fd2b63aca57de48745573aa82d /ssl/s3_enc.c
parent: 1d00db6b5a50950c6b516688040de4e6da32dd4d (diff)
1 files changed, 4 insertions, 5 deletions
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index c1222a72c2..cb571c1d07 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -374,14 +374,13 @@ int ssl3_digest_cached_records(SSL *s, int keep)
         }
 
         md = ssl_handshake_md(s);
-        if (md == NULL) {
+        if (   md == NULL
+            || !EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL)
+            || !EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen))
+        {
             SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_INTERNAL_ERROR);
             return 0;
         }
-
-        EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL);
-        EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen);
-
     }
     if (keep == 0) {
         BIO_free(s->s3->handshake_buffer);
author	Matt Caswell <matt@openssl.org>	2016-05-26 15:45:14 +0100
committer	Matt Caswell <matt@openssl.org>	2016-05-26 15:47:33 +0100
commit	ea32151f7b9353f8906188d007c6893704ac17bb (patch)
tree	b9bd16b336a915fd2b63aca57de48745573aa82d /ssl/s3_enc.c
parent	1d00db6b5a50950c6b516688040de4e6da32dd4d (diff)