Ensure all EVP calls have their returns checked where appropriate

There are lots of calls to EVP functions from within libssl There were various places where we should probably check the return value but don't. This adds these checks. Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-11-06 16:31:21 +0000
committer: Matt Caswell <matt@openssl.org> 2015-11-20 15:47:02 +0000
commit: 5f3d93e4a336c590d7b56a889dde4a93b725e058 (patch)
tree: 2056664415cc39f4c2e8aede23cbde220886d2fc /ssl/ssl_lib.c
parent: 2cc7acd273bc39f1360aed52400d18bb65b88a95 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d8d2244ae5..1c3b726674 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3165,8 +3165,11 @@ EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
 {
     ssl_clear_hash_ctx(hash);
     *hash = EVP_MD_CTX_create();
-    if (md)
-        EVP_DigestInit_ex(*hash, md, NULL);
+    if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) {
+        EVP_MD_CTX_destroy(*hash);
+        *hash = NULL;
+        return NULL;
+    }
     return *hash;
 }
author	Matt Caswell <matt@openssl.org>	2015-11-06 16:31:21 +0000
committer	Matt Caswell <matt@openssl.org>	2015-11-20 15:47:02 +0000
commit	5f3d93e4a336c590d7b56a889dde4a93b725e058 (patch)
tree	2056664415cc39f4c2e8aede23cbde220886d2fc /ssl/ssl_lib.c
parent	2cc7acd273bc39f1360aed52400d18bb65b88a95 (diff)