fix a memory leak in ssl3_generate_key_block fix the error handling in ssl3_change_cipher_state

Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2164)
author: Bernd Edlinger <bernd.edlinger@hotmail.de> 2017-01-01 01:43:20 +0100
committer: Richard Levitte <levitte@openssl.org> 2017-01-23 11:41:59 +0100
commit: a6fd7c1dbef2c3da3c87f1582ae48e4c29aa303c (patch)
tree: fa7922fb7ec62cdd7ca746ef39dd2358a415ded2 /ssl/s3_enc.c
parent: 57a19206b5aad7ca67f0d5ebae05af2799609819 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index ba71bc14b4..165135707a 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -61,10 +61,10 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
     EVP_MD_CTX_set_flags(m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
     for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) {
         k++;
-        if (k > sizeof buf) {
+        if (k > sizeof(buf)) {
             /* bug: 'buf' is too small for this ciphersuite */
             SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
-            return 0;
+            goto err;
         }
 
         for (j = 0; j < k; j++)
@@ -227,7 +227,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
 
     memcpy(mac_secret, ms, i);
 
-    EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE));
+    if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE)))
+        goto err2;
 
 #ifdef OPENSSL_SSL_TRACE_CRYPTO
     if (s->msg_callback) {
author	Bernd Edlinger <bernd.edlinger@hotmail.de>	2017-01-01 01:43:20 +0100
committer	Richard Levitte <levitte@openssl.org>	2017-01-23 11:41:59 +0100
commit	a6fd7c1dbef2c3da3c87f1582ae48e4c29aa303c (patch)
tree	fa7922fb7ec62cdd7ca746ef39dd2358a415ded2 /ssl/s3_enc.c
parent	57a19206b5aad7ca67f0d5ebae05af2799609819 (diff)