diff options
author | Matt Caswell <matt@openssl.org> | 2018-05-29 16:27:25 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-05-31 10:39:13 +0100 |
commit | bceae201b45fdbc7898adada6aebe2a1b6145009 (patch) | |
tree | 27147dd20a0c936444ef112f5ecdd889d6ad9ea5 /ssl/statem/extensions.c | |
parent | 1b3c89cd1e579aa8b9229498699ce54fa7986fa7 (diff) |
EVP_MD_size() can return an error
Fix some instances where we weren't checking the error return.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6373)
Diffstat (limited to 'ssl/statem/extensions.c')
-rw-r--r-- | ssl/statem/extensions.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 7f9fd5f02e..209b4df782 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1427,10 +1427,19 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, const char external_label[] = "ext binder"; const char nonce_label[] = "resumption"; const char *label; - size_t bindersize, labelsize, psklen, hashsize = EVP_MD_size(md); + size_t bindersize, labelsize, psklen, hashsize; + int hashsizei = EVP_MD_size(md); int ret = -1; int usepskfored = 0; + /* Ensure cast to size_t is safe */ + if (!ossl_assert(hashsizei >= 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER, + ERR_R_INTERNAL_ERROR); + goto err; + } + hashsize = (size_t)hashsizei; + if (external && s->early_data_state == SSL_EARLY_DATA_CONNECTING && s->session->ext.max_early_data == 0 |