X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs3_enc.c;h=88e74edf2beb856b99777e1d1d828be00ec2d96c;hp=9283c744586b1aa3ae9e8b6f1f16ad83f012a124;hb=42c28b637c5ac9a288a0a6bde8f32622ba60e0a1;hpb=6db6bc5a8f0663e679a99ea91a6f490db0f183ba diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 9283c74458..88e74edf2b 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -61,10 +61,10 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) EVP_MD_CTX_set_flags(m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) { k++; - if (k > sizeof buf) { + if (k > sizeof(buf)) { /* bug: 'buf' is too small for this ciphersuite */ SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR); - return 0; + goto err; } for (j = 0; j < k; j++) @@ -227,7 +227,8 @@ int ssl3_change_cipher_state(SSL *s, int which) memcpy(mac_secret, ms, i); - EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE)); + if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) + goto err2; #ifdef OPENSSL_SSL_TRACE_CRYPTO if (s->msg_callback) { @@ -439,7 +440,7 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len, if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0) || EVP_MD_CTX_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET, - s->session->master_key_length, + (int)s->session->master_key_length, s->session->master_key) <= 0 || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) { SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_INTERNAL_ERROR); @@ -590,6 +591,8 @@ int ssl3_alert_code(int code) return (TLS1_AD_INAPPROPRIATE_FALLBACK); case SSL_AD_NO_APPLICATION_PROTOCOL: return (TLS1_AD_NO_APPLICATION_PROTOCOL); + case SSL_AD_CERTIFICATE_REQUIRED: + return SSL_AD_HANDSHAKE_FAILURE; default: return (-1); }