summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--apps/passwd.c85
-rw-r--r--apps/speed.c43
-rw-r--r--apps/ts.c23
-rw-r--r--crypto/dh/dh_kdf.c4
-rw-r--r--crypto/ec/ecdh_kdf.c3
-rw-r--r--crypto/rand/md_rand.c15
-rw-r--r--crypto/srp/srp_lib.c45
-rw-r--r--crypto/srp/srp_vfy.c10
-rw-r--r--include/openssl/evp.h14
-rw-r--r--ssl/record/ssl3_record.c9
-rw-r--r--ssl/s3_cbc.c8
-rw-r--r--ssl/s3_enc.c40
-rw-r--r--ssl/ssl_locl.h8
-rw-r--r--ssl/statem/statem_clnt.c9
-rw-r--r--ssl/statem/statem_dtls.c6
-rw-r--r--ssl/statem/statem_lib.c23
-rw-r--r--test/md2test.c7
-rw-r--r--test/md4test.c6
-rw-r--r--test/md5test.c6
-rw-r--r--test/mdc2test.c29
-rw-r--r--test/rmdtest.c7
-rw-r--r--test/sha1test.c30
-rw-r--r--test/sha256t.c70
-rw-r--r--test/sha512t.c75
24 files changed, 362 insertions, 213 deletions
diff --git a/apps/passwd.c b/apps/passwd.c
index e2825219c9..8404d8cc7a 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -287,7 +287,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
char *salt_out;
int n;
unsigned int i;
- EVP_MD_CTX *md, *md2;
+ EVP_MD_CTX *md = NULL, *md2 = NULL;
size_t passwd_len, salt_len;
passwd_len = strlen(passwd);
@@ -303,49 +303,65 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
assert(salt_len <= 8);
md = EVP_MD_CTX_new();
- if (md == NULL)
- return NULL;
- EVP_DigestInit_ex(md, EVP_md5(), NULL);
- EVP_DigestUpdate(md, passwd, passwd_len);
- EVP_DigestUpdate(md, "$", 1);
- EVP_DigestUpdate(md, magic, strlen(magic));
- EVP_DigestUpdate(md, "$", 1);
- EVP_DigestUpdate(md, salt_out, salt_len);
+ if (md == NULL
+ || !EVP_DigestInit_ex(md, EVP_md5(), NULL)
+ || !EVP_DigestUpdate(md, passwd, passwd_len)
+ || !EVP_DigestUpdate(md, "$", 1)
+ || !EVP_DigestUpdate(md, magic, strlen(magic))
+ || !EVP_DigestUpdate(md, "$", 1)
+ || !EVP_DigestUpdate(md, salt_out, salt_len))
md2 = EVP_MD_CTX_new();
- if (md2 == NULL)
- return NULL;
- EVP_DigestInit_ex(md2, EVP_md5(), NULL);
- EVP_DigestUpdate(md2, passwd, passwd_len);
- EVP_DigestUpdate(md2, salt_out, salt_len);
- EVP_DigestUpdate(md2, passwd, passwd_len);
- EVP_DigestFinal_ex(md2, buf, NULL);
-
- for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
- EVP_DigestUpdate(md, buf, sizeof buf);
- EVP_DigestUpdate(md, buf, i);
+ if (md2 == NULL
+ || !EVP_DigestInit_ex(md2, EVP_md5(), NULL)
+ || !EVP_DigestUpdate(md2, passwd, passwd_len)
+ || !EVP_DigestUpdate(md2, salt_out, salt_len)
+ || !EVP_DigestUpdate(md2, passwd, passwd_len)
+ || !EVP_DigestFinal_ex(md2, buf, NULL))
+ goto err;
+
+ for (i = passwd_len; i > sizeof buf; i -= sizeof buf) {
+ if (!EVP_DigestUpdate(md, buf, sizeof buf))
+ goto err;
+ }
+ if (!EVP_DigestUpdate(md, buf, i))
+ goto err;
n = passwd_len;
while (n) {
- EVP_DigestUpdate(md, (n & 1) ? "\0" : passwd, 1);
+ if (!EVP_DigestUpdate(md, (n & 1) ? "\0" : passwd, 1))
+ goto err;
n >>= 1;
}
- EVP_DigestFinal_ex(md, buf, NULL);
+ if (!EVP_DigestFinal_ex(md, buf, NULL))
+ return NULL;
for (i = 0; i < 1000; i++) {
- EVP_DigestInit_ex(md2, EVP_md5(), NULL);
- EVP_DigestUpdate(md2, (i & 1) ? (unsigned const char *)passwd : buf,
- (i & 1) ? passwd_len : sizeof buf);
- if (i % 3)
- EVP_DigestUpdate(md2, salt_out, salt_len);
- if (i % 7)
- EVP_DigestUpdate(md2, passwd, passwd_len);
- EVP_DigestUpdate(md2, (i & 1) ? buf : (unsigned const char *)passwd,
- (i & 1) ? sizeof buf : passwd_len);
- EVP_DigestFinal_ex(md2, buf, NULL);
+ if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL))
+ goto err;
+ if (!EVP_DigestUpdate(md2,
+ (i & 1) ? (unsigned const char *)passwd : buf,
+ (i & 1) ? passwd_len : sizeof buf))
+ goto err;
+ if (i % 3) {
+ if (!EVP_DigestUpdate(md2, salt_out, salt_len))
+ goto err;
+ }
+ if (i % 7) {
+ if (!EVP_DigestUpdate(md2, passwd, passwd_len))
+ goto err;
+ }
+ if (!EVP_DigestUpdate(md2,
+ (i & 1) ? buf : (unsigned const char *)passwd,
+ (i & 1) ? sizeof buf : passwd_len))
+ goto err;
+ if (!EVP_DigestFinal_ex(md2, buf, NULL))
+ goto err;
}
EVP_MD_CTX_free(md2);
EVP_MD_CTX_free(md);
+ md2 = NULL;
+ md = NULL;
{
/* transform buf into output string */
@@ -386,6 +402,11 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
}
return out_buf;
+
+ err:
+ EVP_MD_CTX_free(md2);
+ EVP_MD_CTX_free(md);
+ return NULL;
}
# endif
diff --git a/apps/speed.c b/apps/speed.c
index 3b162e1058..f5f3b8cb51 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -601,9 +601,11 @@ static int EVP_Digest_MD2_loop(void *args)
unsigned char *buf = tempargs->buf;
unsigned char md2[MD2_DIGEST_LENGTH];
int count;
- for (count = 0; COND(c[D_MD2][testnum]); count++)
- EVP_Digest(buf, (unsigned long)lengths[testnum], &(md2[0]), NULL,
- EVP_md2(), NULL);
+ for (count = 0; COND(c[D_MD2][testnum]); count++) {
+ if (!EVP_Digest(buf, (unsigned long)lengths[testnum], &(md2[0]), NULL,
+ EVP_md2(), NULL))
+ return -1;
+ }
return count;
}
#endif
@@ -615,9 +617,11 @@ static int EVP_Digest_MDC2_loop(void *args)
unsigned char *buf = tempargs->buf;
unsigned char mdc2[MDC2_DIGEST_LENGTH];
int count;
- for (count = 0; COND(c[D_MDC2][testnum]); count++)
- EVP_Digest(buf, (unsigned long)lengths[testnum], &(mdc2[0]), NULL,
- EVP_mdc2(), NULL);
+ for (count = 0; COND(c[D_MDC2][testnum]); count++) {
+ if (!EVP_Digest(buf, (unsigned long)lengths[testnum], &(mdc2[0]), NULL,
+ EVP_mdc2(), NULL))
+ return -1;
+ }
return count;
}
#endif
@@ -629,9 +633,11 @@ static int EVP_Digest_MD4_loop(void *args)
unsigned char *buf = tempargs->buf;
unsigned char md4[MD4_DIGEST_LENGTH];
int count;
- for (count = 0; COND(c[D_MD4][testnum]); count++)
- EVP_Digest(&(buf[0]), (unsigned long)lengths[testnum], &(md4[0]),
- NULL, EVP_md4(), NULL);
+ for (count = 0; COND(c[D_MD4][testnum]); count++) {
+ if (!EVP_Digest(&(buf[0]), (unsigned long)lengths[testnum], &(md4[0]),
+ NULL, EVP_md4(), NULL))
+ return -1;
+ }
return count;
}
#endif
@@ -717,9 +723,11 @@ static int EVP_Digest_RMD160_loop(void *args)
unsigned char *buf = tempargs->buf;
unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
int count;
- for (count = 0; COND(c[D_RMD160][testnum]); count++)
- EVP_Digest(buf, (unsigned long)lengths[testnum], &(rmd160[0]), NULL,
- EVP_ripemd160(), NULL);
+ for (count = 0; COND(c[D_RMD160][testnum]); count++) {
+ if (!EVP_Digest(buf, (unsigned long)lengths[testnum], &(rmd160[0]),
+ NULL, EVP_ripemd160(), NULL))
+ return -1;
+ }
return count;
}
#endif
@@ -888,9 +896,10 @@ static int EVP_Digest_loop(void *args)
unsigned char md[EVP_MAX_MD_SIZE];
int count;
for (count = 0;
- COND(save_count * 4 * lengths[0] / lengths[testnum]); count++)
- EVP_Digest(buf, lengths[testnum], &(md[0]), NULL, evp_md, NULL);
-
+ COND(save_count * 4 * lengths[0] / lengths[testnum]); count++) {
+ if (!EVP_Digest(buf, lengths[testnum], &(md[0]), NULL, evp_md, NULL))
+ return -1;
+ }
return count;
}
@@ -2845,6 +2854,10 @@ static void pkey_print_message(const char *str, const char *str2, long num,
static void print_result(int alg, int run_no, int count, double time_used)
{
+ if (count == -1) {
+ BIO_puts(bio_err, "EVP error!\n");
+ exit(1);
+ }
BIO_printf(bio_err,
mr ? "+R:%d:%s:%f\n"
: "%d %s's in %.2fs\n", count, names[alg], time_used);
diff --git a/apps/ts.c b/apps/ts.c
index 1ae57d2535..ffffe8a66a 100644
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -492,28 +492,30 @@ static int create_digest(BIO *input, char *digest, const EVP_MD *md,
unsigned char **md_value)
{
int md_value_len;
+ int rv = 0;
+ EVP_MD_CTX *md_ctx = NULL;
md_value_len = EVP_MD_size(md);
if (md_value_len < 0)
return 0;
if (input) {
- EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
unsigned char buffer[4096];
int length;
+ md_ctx = EVP_MD_CTX_new();
if (md_ctx == NULL)
return 0;
*md_value = app_malloc(md_value_len, "digest buffer");
- EVP_DigestInit(md_ctx, md);
+ if (!EVP_DigestInit(md_ctx, md))
+ goto err;
while ((length = BIO_read(input, buffer, sizeof(buffer))) > 0) {
- EVP_DigestUpdate(md_ctx, buffer, length);
- }
- if (!EVP_DigestFinal(md_ctx, *md_value, NULL)) {
- EVP_MD_CTX_free(md_ctx);
- return 0;
+ if (!EVP_DigestUpdate(md_ctx, buffer, length))
+ goto err;
}
- EVP_MD_CTX_free(md_ctx);
+ if (!EVP_DigestFinal(md_ctx, *md_value, NULL))
+ goto err;
+ md_value_len = EVP_MD_size(md);
} else {
long digest_len;
*md_value = OPENSSL_hexstr2buf(digest, &digest_len);
@@ -525,7 +527,10 @@ static int create_digest(BIO *input, char *digest, const EVP_MD *md,
return 0;
}
}
- return md_value_len;
+ rv = md_value_len;
+ err:
+ EVP_MD_CTX_free(md_ctx);
+ return rv;
}
static ASN1_INTEGER *create_nonce(int bits)
diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c
index f2f3d24158..2782eeee6e 100644
--- a/crypto/dh/dh_kdf.c
+++ b/crypto/dh/dh_kdf.c
@@ -117,8 +117,8 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
goto err;
for (i = 1;; i++) {
unsigned char mtmp[EVP_MAX_MD_SIZE];
- EVP_DigestInit_ex(mctx, md, NULL);
- if (!EVP_DigestUpdate(mctx, Z, Zlen))
+ if (!EVP_DigestInit_ex(mctx, md, NULL)
+ || !EVP_DigestUpdate(mctx, Z, Zlen))
goto err;
ctr[3] = i & 0xFF;
ctr[2] = (i >> 8) & 0xFF;
diff --git a/crypto/ec/ecdh_kdf.c b/crypto/ec/ecdh_kdf.c
index 6cb0e11c22..d47486eb34 100644
--- a/crypto/ec/ecdh_kdf.c
+++ b/crypto/ec/ecdh_kdf.c
@@ -34,7 +34,8 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
mdlen = EVP_MD_size(md);
for (i = 1;; i++) {
unsigned char mtmp[EVP_MAX_MD_SIZE];
- EVP_DigestInit_ex(mctx, md, NULL);
+ if (!EVP_DigestInit_ex(mctx, md, NULL))
+ goto err;
ctr[3] = i & 0xFF;
ctr[2] = (i >> 8) & 0xFF;
ctr[1] = (i >> 16) & 0xFF;
diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index 137851f596..0d25aeb532 100644
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -60,7 +60,7 @@ static CRYPTO_THREAD_ID locking_threadid;
int rand_predictable = 0;
#endif
-static void rand_hw_seed(EVP_MD_CTX *ctx);
+static int rand_hw_seed(EVP_MD_CTX *ctx);
static void rand_cleanup(void);
static int rand_seed(const void *buf, int num);
@@ -446,7 +446,8 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
if (!MD_Update(m, (unsigned char *)&tv, sizeof tv))
goto err;
curr_time = 0;
- rand_hw_seed(m);
+ if (!rand_hw_seed(m))
+ goto err;
}
if (!MD_Update(m, local_md, MD_DIGEST_LENGTH))
goto err;
@@ -597,18 +598,20 @@ static int rand_status(void)
size_t OPENSSL_ia32_rdrand(void);
extern unsigned int OPENSSL_ia32cap_P[];
-static void rand_hw_seed(EVP_MD_CTX *ctx)
+static int rand_hw_seed(EVP_MD_CTX *ctx)
{
int i;
if (!(OPENSSL_ia32cap_P[1] & (1 << (62 - 32))))
- return;
+ return 1;
for (i = 0; i < RDRAND_CALLS; i++) {
size_t rnd;
rnd = OPENSSL_ia32_rdrand();
if (rnd == 0)
- return;
- MD_Update(ctx, (unsigned char *)&rnd, sizeof(size_t));
+ return 1;
+ if (!MD_Update(ctx, (unsigned char *)&rnd, sizeof(size_t)))
+ return 0;
}
+ return 1;
}
/* XOR an existing buffer with random data */
diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c
index 06671749a6..7f297be81a 100644
--- a/crypto/srp/srp_lib.c
+++ b/crypto/srp/srp_lib.c
@@ -35,17 +35,20 @@ static BIGNUM *srp_Calc_k(const BIGNUM *N, const BIGNUM *g)
goto err;
BN_bn2bin(N, tmp);
- EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
- EVP_DigestUpdate(ctxt, tmp, longN);
+ if (!EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL)
+ || !EVP_DigestUpdate(ctxt, tmp, longN))
+ goto err;
memset(tmp, 0, longN);
longg = BN_bn2bin(g, tmp);
/* use the zeros behind to pad on left */
- EVP_DigestUpdate(ctxt, tmp + longg, longN - longg);
- EVP_DigestUpdate(ctxt, tmp, longg);
+ if (!EVP_DigestUpdate(ctxt, tmp + longg, longN - longg)
+ || !EVP_DigestUpdate(ctxt, tmp, longg))
+ goto err;
OPENSSL_free(tmp);
- EVP_DigestFinal_ex(ctxt, digest, NULL);
+ if (!EVP_DigestFinal_ex(ctxt, digest, NULL))
+ goto err;
res = BN_bin2bn(digest, sizeof(digest), NULL);
err:
EVP_MD_CTX_free(ctxt);
@@ -77,11 +80,13 @@ BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N)
memset(cAB, 0, longN);
- EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
- EVP_DigestUpdate(ctxt, cAB + BN_bn2bin(A, cAB + longN), longN);
- EVP_DigestUpdate(ctxt, cAB + BN_bn2bin(B, cAB + longN), longN);
+ if (!EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL)
+ || !EVP_DigestUpdate(ctxt, cAB + BN_bn2bin(A, cAB + longN), longN)
+ || !EVP_DigestUpdate(ctxt, cAB + BN_bn2bin(B, cAB + longN), longN))
+ goto err;
OPENSSL_free(cAB);
- EVP_DigestFinal_ex(ctxt, cu, NULL);
+ if (!EVP_DigestFinal_ex(ctxt, cu, NULL))
+ goto err;
if ((u = BN_bin2bn(cu, sizeof(cu), NULL)) == NULL)
goto err;
@@ -173,18 +178,20 @@ BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass)
if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL)
goto err;
- EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
- EVP_DigestUpdate(ctxt, user, strlen(user));
- EVP_DigestUpdate(ctxt, ":", 1);
- EVP_DigestUpdate(ctxt, pass, strlen(pass));
- EVP_DigestFinal_ex(ctxt, dig, NULL);
-
- EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
+ if (!EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL)
+ || !EVP_DigestUpdate(ctxt, user, strlen(user))
+ || !EVP_DigestUpdate(ctxt, ":", 1)
+ || !EVP_DigestUpdate(ctxt, pass, strlen(pass))
+ || !EVP_DigestFinal_ex(ctxt, dig, NULL)
+ || !EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL))
+ goto err;
BN_bn2bin(s, cs);
- EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s));
+ if (!EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s)))
+ goto err;
OPENSSL_free(cs);
- EVP_DigestUpdate(ctxt, dig, sizeof(dig));
- EVP_DigestFinal_ex(ctxt, dig, NULL);
+ if (!EVP_DigestUpdate(ctxt, dig, sizeof(dig))
+ || !EVP_DigestFinal_ex(ctxt, dig, NULL))
+ goto err;
res = BN_bin2bn(dig, sizeof(dig), NULL);
err:
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index f99fa1b278..73ea4e61cf 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -500,10 +500,12 @@ SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username)
if (RAND_bytes(digv, SHA_DIGEST_LENGTH) <= 0)
goto err;
ctxt = EVP_MD_CTX_new();
- EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
- EVP_DigestUpdate(ctxt, vb->seed_key, strlen(vb->seed_key));
- EVP_DigestUpdate(ctxt, username, strlen(username));
- EVP_DigestFinal_ex(ctxt, digs, NULL);
+ if (ctxt == NULL
+ || !EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL)
+ || !EVP_DigestUpdate(ctxt, vb->seed_key, strlen(vb->seed_key))
+ || !EVP_DigestUpdate(ctxt, username, strlen(username))
+ || !EVP_DigestFinal_ex(ctxt, digs, NULL))
+ goto err;
EVP_MD_CTX_free(ctxt);
ctxt = NULL;
if (SRP_user_pwd_set_sv_BN(user,
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 207d772d00..997f1e2c21 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -500,22 +500,22 @@ void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
# define EVP_MD_CTX_create() EVP_MD_CTX_new()
# define EVP_MD_CTX_init(ctx) EVP_MD_CTX_reset((ctx))
# define EVP_MD_CTX_destroy(ctx) EVP_MD_CTX_free((ctx))
-/*__owur*/ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
+__owur int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags);
-/*__owur*/ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type,
+__owur int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type,
ENGINE *impl);
-/*__owur*/ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d,
+__owur int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d,
size_t cnt);
-/*__owur*/ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
+__owur int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
unsigned int *s);
-/*__owur*/ int EVP_Digest(const void *data, size_t count,
+__owur int EVP_Digest(const void *data, size_t count,
unsigned char *md, unsigned int *size,
const EVP_MD *type, ENGINE *impl);
-/*__owur*/ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
-/*__owur*/ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+__owur int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
+__owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
__owur int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
unsigned int *s);
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index d3b2bea40a..3630cd900a 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -1015,9 +1015,12 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
return -1;
}
if (!send && !SSL_USE_ETM(ssl) && FIPS_mode())
- tls_fips_digest_extra(ssl->enc_read_ctx,
- mac_ctx, rec->input,
- rec->length, rec->orig_len);
+ if (!tls_fips_digest_extra(ssl->enc_read_ctx,
+ mac_ctx, rec->input,
+ rec->length, rec->orig_len)) {
+ EVP_MD_CTX_free(hmac);
+ return -1;
+ }
}
EVP_MD_CTX_free(hmac);
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index 7cdabbb761..febd88a117 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -490,13 +490,13 @@ err:
* digesting additional data.
*/
-void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
+int tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
EVP_MD_CTX *mac_ctx, const unsigned char *data,
size_t data_len, size_t orig_len)
{
size_t block_size, digest_pad, blocks_data, blocks_orig;
if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE)
- return;
+ return 1;
block_size = EVP_MD_CTX_block_size(mac_ctx);
/*-
* We are in FIPS mode if we get this far so we know we have only SHA*
@@ -526,6 +526,6 @@ void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
* The "data" pointer should always have enough space to perform this
* operation as it is large enough for a maximum length TLS buffer.
*/
- EVP_DigestSignUpdate(mac_ctx, data,
- (blocks_orig - blocks_data + 1) * block_size);
+ return EVP_DigestSignUpdate(mac_ctx, data,
+ (blocks_orig - blocks_data + 1) * block_size);
}
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index b6de38d90b..3240735fab 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -70,23 +70,26 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
for (j = 0; j < k; j++)
buf[j] = c;
c++;
- EVP_DigestInit_ex(s1, EVP_sha1(), NULL);
- EVP_DigestUpdate(s1, buf, k);
- EVP_DigestUpdate(s1, s->session->master_key,
- s->session->master_key_length);
- EVP_DigestUpdate(s1, s->s3->server_random, SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(s1, s->s3->client_random, SSL3_RANDOM_SIZE);
- EVP_DigestFinal_ex(s1, smd, NULL);
-
- EVP_DigestInit_ex(m5, EVP_md5(), NULL);
- EVP_DigestUpdate(m5, s->session->master_key,
- s->session->master_key_length);
- EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH);
+ if (!EVP_DigestInit_ex(s1, EVP_sha1(), NULL)
+ || !EVP_DigestUpdate(s1, buf, k)
+ || !EVP_DigestUpdate(s1, s->session->master_key,
+ s->session->master_key_length)
+ || !EVP_DigestUpdate(s1, s->s3->server_random, SSL3_RANDOM_SIZE)
+ || !EVP_DigestUpdate(s1, s->s3->client_random, SSL3_RANDOM_SIZE)
+ || !EVP_DigestFinal_ex(s1, smd, NULL)
+ || !EVP_DigestInit_ex(m5, EVP_md5(), NULL)
+ || !EVP_DigestUpdate(m5, s->session->master_key,
+ s->session->master_key_length)
+ || !EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH))
+ goto err;
if ((int)(i + MD5_DIGEST_LENGTH) > num) {
- EVP_DigestFinal_ex(m5, smd, NULL);
+ if (!EVP_DigestFinal_ex(m5, smd, NULL))
+ goto err;
memcpy(km, smd, (num - i));
- } else
- EVP_DigestFinal_ex(m5, km, NULL);
+ } else {
+ if (!EVP_DigestFinal_ex(m5, km, NULL))
+ goto err;
+ }
km += MD5_DIGEST_LENGTH;
}
@@ -353,12 +356,13 @@ void ssl3_free_digest_list(SSL *s)
s->s3->handshake_dgst = NULL;
}
-void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
+int ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
{
if (s->s3->handshake_dgst == NULL)
- BIO_write(s->s3->handshake_buffer, (void *)buf, len);
+ /* Note: this writes to a memory BIO so a failure is a fatal error */
+ return BIO_write(s->s3->handshake_buffer, (void *)buf, len) == len;
else
- EVP_DigestUpdate(s->s3->handshake_dgst, buf, len);
+ return EVP_DigestUpdate(s->s3->handshake_dgst, buf, len);
}
int ssl3_digest_cached_records(SSL *s, int keep)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 35fd3fc7ac..8287077bba 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1875,7 +1875,7 @@ int ssl3_renegotiate_check(SSL *ssl);
__owur int ssl3_dispatch_alert(SSL *s);
__owur int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
unsigned char *p);
-void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
+__owur int ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
void ssl3_free_digest_list(SSL *s);
__owur unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk);
__owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
@@ -2085,9 +2085,9 @@ __owur int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
const unsigned char *mac_secret,
unsigned mac_secret_length, char is_sslv3);
-void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
- EVP_MD_CTX *mac_ctx, const unsigned char *data,
- size_t data_len, size_t orig_len);
+__owur int tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
+ EVP_MD_CTX *mac_ctx, const unsigned char *data,
+ size_t data_len, size_t orig_len);
__owur int srp_generate_server_master_secret(SSL *s);
__owur int srp_generate_client_master_secret(SSL *s);
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index be4ba9cead..5eefa2aa74 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1890,9 +1890,12 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
* elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is
* SHA256 is disabled) hash of the ticket.
*/
- EVP_Digest(s->session->tlsext_tick, ticklen,
- s->session->session_id, &s->session->session_id_length,
- EVP_sha256(), NULL);
+ if (!EVP_Digest(s->session->tlsext_tick, ticklen,
+ s->session->session_id, &s->session->session_id_length,
+ EVP_sha256(), NULL)) {
+ SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_EVP_LIB);
+ goto err;
+ }
return MSG_PROCESS_CONTINUE_READING;
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c
index 946dee0841..3979bf3835 100644
--- a/ssl/statem/statem_dtls.c
+++ b/ssl/statem/statem_dtls.c
@@ -294,7 +294,8 @@ int dtls1_do_write(SSL *s, int type)
xlen = ret - DTLS1_HM_HEADER_LENGTH;
}
- ssl3_finish_mac(s, p, xlen);
+ if (!ssl3_finish_mac(s, p, xlen))
+ return -1;
}
if (ret == s->init_num) {
@@ -375,7 +376,8 @@ int dtls_get_message(SSL *s, int *mt, unsigned long *len)
msg_len += DTLS1_HM_HEADER_LENGTH;
}
- ssl3_finish_mac(s, p, msg_len);
+ if (!ssl3_finish_mac(s, p, msg_len))
+ return 0;
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
p, msg_len, s, s->msg_callback_arg);
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index aab4e76aa8..258b897a52 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -40,8 +40,10 @@ int ssl3_do_write(SSL *s, int type)
* should not be done for 'Hello Request's, but in that case we'll
* ignore the result anyway
*/
- ssl3_finish_mac(s, (unsigned char *)&s->init_buf->data[s->init_off],
- ret);
+ if (!ssl3_finish_mac(s,
+ (unsigned char *)&s->init_buf->data[s->init_off],
+ ret))
+ return -1;
if (ret == s->init_num) {
if (s->msg_callback)
@@ -481,13 +483,24 @@ int tls_get_message_body(SSL *s, unsigned long *len)
/* Feed this message into MAC computation. */
if(RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
- ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num);
+ if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
+ s->init_num)) {
+ SSLerr(SSL_F_TLS_GET_MESSAGE_BODY, ERR_R_EVP_LIB);
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ *len = 0;
+ return 0;
+ }
if (s->msg_callback)
s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data,
(size_t)s->init_num, s, s->msg_callback_arg);
} else {
- ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
- s->init_num + SSL3_HM_HEADER_LENGTH);
+ if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
+ s->init_num + SSL3_HM_HEADER_LENGTH)) {
+ SSLerr(SSL_F_TLS_GET_MESSAGE_BODY, ERR_R_EVP_LIB);
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ *len = 0;
+ return 0;
+ }
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data,
(size_t)s->init_num + SSL3_HM_HEADER_LENGTH, s,
diff --git a/test/md2test.c b/test/md2test.c
index 5d94e5f88a..cb667cbc6b 100644
--- a/test/md2test.c
+++ b/test/md2test.c
@@ -60,8 +60,11 @@ int main(int argc, char *argv[])
R = ret;
i = 1;
while (*P != NULL) {
- EVP_Digest((unsigned char *)*P, strlen(*P), md, NULL, EVP_md2(),
- NULL);
+ if (!EVP_Digest((unsigned char *)*P, strlen(*P), md, NULL, EVP_md2(),
+ NULL)) {
+ printf("EVP Digest error.\n");
+ EXIT(1);
+ }
p = pt(md);
if (strcmp(p, *R) != 0) {
printf("error calculating MD2 on '%s'\n", *P);
diff --git a/test/md4test.c b/test/md4test.c
index 9c2e7fde0c..448f9b76ef 100644
--- a/test/md4test.c
+++ b/test/md4test.c
@@ -56,7 +56,11 @@ int main(int argc, char *argv[])
R = ret;
i = 1;
while (*P != NULL) {
- EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_md4(), NULL);
+ if (!EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_md4(),
+ NULL)) {
+ printf("EVP Digest error.\n");
+ EXIT(1);
+ }
p = pt(md);
if (strcmp(p, (char *)*R) != 0) {
printf("error calculating MD4 on '%s'\n", *P);
diff --git a/test/md5test.c b/test/md5test.c
index f39b907dcf..ec6c692407 100644
--- a/test/md5test.c
+++ b/test/md5test.c
@@ -56,7 +56,11 @@ int main(int argc, char *argv[])
R = ret;
i = 1;
while (*P != NULL) {
- EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_