int ssl3_change_cipher_state(SSL *s, int which)
{
- unsigned char *p,*key_block,*mac_secret;
+ unsigned char *p,*mac_secret;
unsigned char exp_key[EVP_MAX_KEY_LENGTH];
unsigned char exp_iv[EVP_MAX_IV_LENGTH];
unsigned char *ms,*key,*iv,*er1,*er2;
is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
c=s->s3->tmp.new_sym_enc;
m=s->s3->tmp.new_hash;
+ /* m == NULL will lead to a crash later */
+ OPENSSL_assert(m);
#ifndef OPENSSL_NO_COMP
if (s->s3->tmp.new_compression == NULL)
comp=NULL;
else
comp=s->s3->tmp.new_compression->method;
#endif
- key_block=s->s3->tmp.key_block;
if (which & SSL3_CC_READ)
{
p=s->s3->tmp.key_block;
i=EVP_MD_size(m);
+ if (i < 0)
+ goto err2;
cl=EVP_CIPHER_key_length(c);
j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
s->s3->tmp.new_compression=comp;
#endif
- num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
+ num=EVP_MD_size(hash);
+ if (num < 0)
+ return 0;
+
+ num=EVP_CIPHER_key_length(c)+num+EVP_CIPHER_iv_length(c);
num*=2;
ssl3_cleanup_key_block(s);
hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,&hdata);
if (hdatalen <= 0)
{
- SSLerr(SSL_F_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH);
+ SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH);
return 0;
}
if (!ssl3_digest_cached_records(s))
return 0;
- /* Search for djgest of specified type in the handshake_dgst
+ /* Search for digest of specified type in the handshake_dgst
* array*/
for (i=0;i<SSL_MAX_DIGEST;i++)
{
EVP_MD_CTX_init(&ctx);
EVP_MD_CTX_copy_ex(&ctx,d);
n=EVP_MD_CTX_size(&ctx);
+ if (n < 0)
+ return 0;
+
npad=(48/n)*n;
if (sender != NULL)
EVP_DigestUpdate(&ctx,sender,len);
return((int)ret);
}
-int ssl3_mac(SSL *ssl, unsigned char *md, int send)
+int n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
{
SSL3_RECORD *rec;
unsigned char *mac_sec,*seq;
unsigned char *p,rec_char;
unsigned int md_size;
int npad;
+ int t;
if (send)
{
hash=ssl->read_hash;
}
- md_size=EVP_MD_CTX_size(hash);
+ t=EVP_MD_CTX_size(hash);
+ if (t < 0)
+ return -1;
+ md_size=t;
npad=(48/md_size)*md_size;
/* Chop the digest off the end :-) */