Check EVP errors for handshake digests.

[openssl.git] / ssl / t1_enc.c
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c

index 6fbe2c33aa7ed88beaa7a8a2d413a5c86705d302..72015f5aad67c56869ad0484df19eff628eca653 100644 (file)
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -915,18 +915,19 @@ int tls1_final_finish_mac(SSL *s,
                 if (mask & ssl_get_algorithm2(s))
                         {
                         int hashsize = EVP_MD_size(md);
-                       if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
+                       EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
+                       if (!hdgst || hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
                                 {
                                 /* internal error: 'buf' is too small for this cipersuite! */
                                 err = 1;
                                 }
                         else
                                 {
-                               EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]);
-                               EVP_DigestFinal_ex(&ctx,q,&i);
-                               if (i != (unsigned int)hashsize) /* can't really happen */
+                               if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
+                                       !EVP_DigestFinal_ex(&ctx,q,&i) ||
+                                       (i != (unsigned int)hashsize))
                                         err = 1;
-                               q+=i;
+                               q+=hashsize;
                                 }
                         }
                 }
@@ -949,7 +950,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
         SSL3_RECORD *rec;
         unsigned char *seq;
         EVP_MD_CTX *hash;
-       size_t md_size;
+       size_t md_size, orig_len;
         int i;
         EVP_MD_CTX hmac, *mac_ctx;
         unsigned char header[13];
@@ -996,6 +997,10 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
         else
                 memcpy(header, seq, 8);
  
+       /* kludge: tls1_cbc_remove_padding passes padding length in rec->type */
+       orig_len = rec->length+md_size+((unsigned int)rec->type>>8);
+       rec->type &= 0xff;
+
         header[8]=rec->type;
         header[9]=(unsigned char)(ssl->version>>8);
         header[10]=(unsigned char)(ssl->version);
@@ -1014,7 +1019,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
                         mac_ctx,
                         md, &md_size,
                         header, rec->input,
-                       rec->length + md_size, rec->orig_len,
+                       rec->length + md_size, orig_len,
                         ssl->s3->read_mac_secret,
                         ssl->s3->read_mac_secret_size,
                         0 /* not SSLv3 */);
@@ -1030,7 +1035,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
                         tls_fips_digest_extra(
                                         ssl->enc_read_ctx,
                                         mac_ctx, rec->input,
-                                       rec->length, rec->orig_len);
+                                       rec->length, orig_len);
  #endif
                 }