From 0eab41fb78cf4d7c76e563fd677ab6c32fc28bb0 Mon Sep 17 00:00:00 2001
From: Ben Laurie <ben@openssl.org>
Date: Mon, 29 Dec 2008 16:11:58 +0000
Subject: If we're going to return errors (no matter how stupid), then we
 should test for them!

---
 ssl/t1_enc.c | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

(limited to 'ssl/t1_enc.c')

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 4d9a18e3a6..ea3cd710e5 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -163,6 +163,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
 	unsigned int A1_len;
 	
 	chunk=EVP_MD_size(md);
+	OPENSSL_assert(chunk >= 0);
 
 	HMAC_CTX_init(&ctx);
 	HMAC_CTX_init(&ctx_tmp);
@@ -605,7 +606,10 @@ int tls1_enc(SSL *s, int send)
 	if (send)
 		{
 		if (EVP_MD_CTX_md(s->write_hash))
+			{
 			n=EVP_MD_CTX_size(s->write_hash);
+			OPENSSL_assert(n >= 0);
+			}
 		ds=s->enc_write_ctx;
 		rec= &(s->s3->wrec);
 		if (s->enc_write_ctx == NULL)
@@ -616,7 +620,10 @@ int tls1_enc(SSL *s, int send)
 	else
 		{
 		if (EVP_MD_CTX_md(s->read_hash))
+			{
 			n=EVP_MD_CTX_size(s->read_hash);
+			OPENSSL_assert(n >= 0);
+			}
 		ds=s->enc_read_ctx;
 		rec= &(s->s3->rrec);
 		if (s->enc_read_ctx == NULL)
@@ -796,8 +803,8 @@ int tls1_final_finish_mac(SSL *s,
 		{
 		if (mask & s->s3->tmp.new_cipher->algorithm2)
 			{
-			unsigned int hashsize = EVP_MD_size(md);
-			if (hashsize > (sizeof buf - (size_t)(q-buf)))
+			int hashsize = EVP_MD_size(md);
+			if (hashsize < 0 || hashsize > (sizeof buf - (size_t)(q-buf)))
 				{
 				/* internal error: 'buf' is too small for this cipersuite! */
 				err = 1;
@@ -835,6 +842,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
 	EVP_MD_CTX hmac, *mac_ctx;
 	unsigned char buf[5]; 
 	int stream_mac = (send?(ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM):(ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM));
+	int t;
 
 	if (send)
 		{
@@ -851,7 +859,9 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
 		hash=ssl->read_hash;
 		}
 
-	md_size=EVP_MD_CTX_size(hash);
+	t=EVP_MD_CTX_size(hash);
+	OPENSSL_assert(t >= 0);
+	md_size=t;
 
 	buf[0]=rec->type;
 	buf[1]=(unsigned char)(ssl->version>>8);
@@ -884,7 +894,9 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
 
 	EVP_DigestSignUpdate(mac_ctx,buf,5);
 	EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length);
-	EVP_DigestSignFinal(mac_ctx,md,&md_size);
+	t=EVP_DigestSignFinal(mac_ctx,md,&md_size);
+	OPENSSL_assert(t > 0);
+		
 	if (!stream_mac) EVP_MD_CTX_cleanup(&hmac);
 #ifdef TLS_DEBUG
 printf("sec=");
-- 
cgit v1.2.3