* Add the fixed PSK overhead, the identity length and the binder
* length.
*/
+ int md_size = EVP_MD_get_size(md);
+
+ if (md_size <= 0)
+ return EXT_RETURN_FAIL;
hlen += PSK_PRE_BINDER_OVERHEAD + s->session->ext.ticklen
- + EVP_MD_get_size(md);
+ + md_size;
}
}
{
#ifndef OPENSSL_NO_TLS1_3
uint32_t agesec, agems = 0;
- size_t reshashsize = 0, pskhashsize = 0, binderoffset, msglen;
+ size_t binderoffset, msglen;
+ int reshashsize = 0, pskhashsize = 0;
unsigned char *resbinder = NULL, *pskbinder = NULL, *msgstart = NULL;
const EVP_MD *handmd = NULL, *mdres = NULL, *mdpsk = NULL;
int dores = 0;
agems += s->session->ext.tick_age_add;
reshashsize = EVP_MD_get_size(mdres);
+ if (reshashsize <= 0)
+ goto dopsksess;
s->ext.tick_identity++;
dores = 1;
}
}
pskhashsize = EVP_MD_get_size(mdpsk);
+ if (pskhashsize <= 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_PSK);
+ return EXT_RETURN_FAIL;
+ }
}
/* Create the extension, but skip over the binder for now */
X509 *x, size_t chainidx)
{
PACKET identities, binders, binder;
- size_t binderoffset, hashsize;
+ size_t binderoffset;
+ int hashsize;
SSL_SESSION *sess = NULL;
unsigned int id, i, ext = 0;
const EVP_MD *md = NULL;
binderoffset = PACKET_data(pkt) - (const unsigned char *)s->init_buf->data;
hashsize = EVP_MD_get_size(md);
+ if (hashsize <= 0)
+ goto err;
if (!PACKET_get_length_prefixed_2(pkt, &binders)) {
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
}
}
- if (PACKET_remaining(&binder) != hashsize) {
+ if (PACKET_remaining(&binder) != (size_t)hashsize) {
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
goto err;
}