If we're going to return errors (no matter how stupid), then we should
authorBen Laurie <ben@openssl.org>
Mon, 29 Dec 2008 16:11:58 +0000 (16:11 +0000)
committerBen Laurie <ben@openssl.org>
Mon, 29 Dec 2008 16:11:58 +0000 (16:11 +0000)
test for them!

28 files changed:
apps/ts.c
crypto/evp/evp.h
crypto/evp/evp_err.c
crypto/evp/evp_lib.c
crypto/evp/m_sigver.c
crypto/evp/p5_crpt.c
crypto/evp/p5_crpt2.c
crypto/hmac/hm_pmeth.c
crypto/ocsp/ocsp_vfy.c
crypto/pkcs12/p12_key.c
crypto/pkcs12/p12_mutl.c
crypto/rsa/rsa.h
crypto/rsa/rsa_err.c
crypto/rsa/rsa_oaep.c
crypto/rsa/rsa_pss.c
crypto/ts/ts_rsp_verify.c
ssl/d1_enc.c
ssl/d1_pkt.c
ssl/s2_lib.c
ssl/s2_pkt.c
ssl/s3_enc.c
ssl/s3_lib.c
ssl/s3_pkt.c
ssl/s3_srvr.c
ssl/ssl_ciph.c
ssl/ssl_locl.h
ssl/t1_enc.c
ssl/t1_lib.c

index 08b8c4a..74e7e93 100644 (file)
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -598,6 +598,8 @@ static int create_digest(BIO *input, char *digest, const EVP_MD *md,
        int md_value_len;
 
        md_value_len = EVP_MD_size(md);
+       if (md_value_len < 0)
+           goto err;
        if (input)
                {
                /* Digest must be computed from an input file. */
index 985ff2f..df54409 100644 (file)
@@ -1183,6 +1183,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_F_EVP_DIGESTINIT_EX                                 128
 #define EVP_F_EVP_ENCRYPTFINAL_EX                       127
 #define EVP_F_EVP_MD_CTX_COPY_EX                        110
+#define EVP_F_EVP_MD_SIZE                               162
 #define EVP_F_EVP_OPENINIT                              102
 #define EVP_F_EVP_PBE_ALG_ADD                           115
 #define EVP_F_EVP_PBE_ALG_ADD_TYPE                      160
@@ -1262,6 +1263,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_INVALID_OPERATION                                 148
 #define EVP_R_IV_TOO_LARGE                              102
 #define EVP_R_KEYGEN_FAILURE                            120
+#define EVP_R_MESSAGE_DIGEST_IS_NULL                    159
 #define EVP_R_METHOD_NOT_SUPPORTED                      144
 #define EVP_R_MISSING_PARAMETERS                        103
 #define EVP_R_NO_CIPHER_SET                             131
index 25a8ad7..04485f0 100644 (file)
@@ -1,6 +1,6 @@
 /* crypto/evp/evp_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -85,6 +85,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
 {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX),    "EVP_DigestInit_ex"},
 {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX),  "EVP_EncryptFinal_ex"},
 {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX),   "EVP_MD_CTX_copy_ex"},
+{ERR_FUNC(EVP_F_EVP_MD_SIZE),  "EVP_MD_SIZE"},
 {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
 {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD),      "EVP_PBE_alg_add"},
 {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE), "EVP_PBE_alg_add_type"},
@@ -167,6 +168,7 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {ERR_REASON(EVP_R_INVALID_OPERATION)     ,"invalid operation"},
 {ERR_REASON(EVP_R_IV_TOO_LARGE)          ,"iv too large"},
 {ERR_REASON(EVP_R_KEYGEN_FAILURE)        ,"keygen failure"},
+{ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL),"message digest is null"},
 {ERR_REASON(EVP_R_METHOD_NOT_SUPPORTED)  ,"method not supported"},
 {ERR_REASON(EVP_R_MISSING_PARAMETERS)    ,"missing parameters"},
 {ERR_REASON(EVP_R_NO_CIPHER_SET)         ,"no cipher set"},
index daccb66..d815bc6 100644 (file)
@@ -256,7 +256,10 @@ int EVP_MD_pkey_type(const EVP_MD *md)
 int EVP_MD_size(const EVP_MD *md)
        {
        if (!md)
+               {
+               EVPerr(EVP_F_EVP_MD_SIZE, EVP_R_MESSAGE_DIGEST_IS_NULL);
                return -1;
+               }
        return md->md_size;
        }
 
index c6d257f..d98455e 100644 (file)
@@ -128,7 +128,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
        return do_sigver_init(ctx, pctx, type, e, pkey, 1);
        }
 
-
 int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen)
        {
        int sctx, r = 0;
@@ -159,13 +158,15 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen)
                {
                if (sctx)
                        {
-                       if (ctx->pctx->pmeth->signctx(ctx->pctx, 
-                                               sigret, siglen, ctx) <= 0)
+                       if (ctx->pctx->pmeth->signctx(ctx->pctx, sigret, siglen, ctx) <= 0)
+                               return 0;
+                       }
+               else
+                       {
+                       int s = EVP_MD_size(ctx->digest);
+                       if (s < 0 || EVP_PKEY_sign(ctx->pctx, sigret, siglen, NULL, s) <= 0)
                                return 0;
                        }
-               else if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, NULL,
-                                               EVP_MD_size(ctx->digest)) <= 0)
-                       return 0;
                }
        return 1;
        }
@@ -177,6 +178,8 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen)
        int r;
        unsigned int mdlen;
        int vctx;
+
+       /* FIXME: surely this should test verifyctx? (Ben 29/12/08) */
        if (ctx->pctx->pmeth->signctx)
                vctx = 1;
        else
index 9c6e07b..7ecfa8d 100644 (file)
@@ -81,6 +81,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
        int saltlen, iter;
        unsigned char *salt;
        const unsigned char *pbuf;
+       int mdsize;
 
        /* Extract useful info from parameter */
        if (param == NULL || param->type != V_ASN1_SEQUENCE ||
@@ -109,9 +110,12 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
        EVP_DigestUpdate(&ctx, salt, saltlen);
        PBEPARAM_free(pbe);
        EVP_DigestFinal_ex(&ctx, md_tmp, NULL);
+       mdsize = EVP_MD_size(md);
+       if (mdsize < 0)
+           return 0;
        for (i = 1; i < iter; i++) {
                EVP_DigestInit_ex(&ctx, md, NULL);
-               EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md));
+               EVP_DigestUpdate(&ctx, md_tmp, mdsize);
                EVP_DigestFinal_ex (&ctx, md_tmp, NULL);
        }
        EVP_MD_CTX_cleanup(&ctx);
index 70fd48a..334379f 100644 (file)
@@ -87,6 +87,8 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
        HMAC_CTX hctx;
 
        mdlen = EVP_MD_size(digest);
+       if (mdlen < 0)
+               return 0;
 
        HMAC_CTX_init(&hctx);
        p = out;
@@ -273,8 +275,9 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
        salt = kdf->salt->value.octet_string->data;
        saltlen = kdf->salt->value.octet_string->length;
        iter = ASN1_INTEGER_get(kdf->iter);
-       PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
-                                                               keylen, key);
+       if(!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
+                                                  keylen, key))
+               goto err;
        EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
        OPENSSL_cleanse(key, keylen);
        PBKDF2PARAM_free(kdf);
index aff7013..985921c 100644 (file)
@@ -157,7 +157,11 @@ static int hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
        {
        unsigned int hlen;
        HMAC_PKEY_CTX *hctx = ctx->data;
-       *siglen = EVP_MD_CTX_size(mctx);
+       int l = EVP_MD_CTX_size(mctx);
+
+       if (l < 0)
+               return 0;
+       *siglen = l;
        if (!sig)
                return 1;
 
index be9bf5b..415d67e 100644 (file)
@@ -308,6 +308,8 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
                        }
 
                mdlen = EVP_MD_size(dgst);
+               if (mdlen < 0)
+                   return -1;
                if ((cid->issuerNameHash->length != mdlen) ||
                   (cid->issuerKeyHash->length != mdlen))
                        return 0;
index 9e57eee..b72cf16 100644 (file)
@@ -81,6 +81,7 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
        int ret;
        unsigned char *unipass;
        int uniplen;
+
        if(!pass) {
                unipass = NULL;
                uniplen = 0;
@@ -90,6 +91,8 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
        }
        ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
                                                 id, iter, n, out, md_type);
+       if (ret <= 0)
+           return 0;
        if(unipass) {
                OPENSSL_cleanse(unipass, uniplen);      /* Clear password from memory */
                OPENSSL_free(unipass);
@@ -129,6 +132,8 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
 #endif
        v = EVP_MD_block_size (md_type);
        u = EVP_MD_size (md_type);
+       if (u < 0)
+           return 0;
        D = OPENSSL_malloc (v);
        Ai = OPENSSL_malloc (u);
        B = OPENSSL_malloc (v + 1);
index 70bfef6..9ab740d 100644 (file)
@@ -71,6 +71,7 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
        HMAC_CTX hmac;
        unsigned char key[EVP_MAX_MD_SIZE], *salt;
        int saltlen, iter;
+       int md_size;
 
        if (!PKCS7_type_is_data(p12->authsafes))
                {
@@ -87,13 +88,16 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
                PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
                return 0;
        }
+       md_size = EVP_MD_size(md_type);
+       if (md_size < 0)
+           return 0;
        if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
-                                EVP_MD_size(md_type), key, md_type)) {
+                                md_size, key, md_type)) {
                PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR);
                return 0;
        }
        HMAC_CTX_init(&hmac);
-       HMAC_Init_ex(&hmac, key, EVP_MD_size(md_type), md_type, NULL);
+       HMAC_Init_ex(&hmac, key, md_size, md_type, NULL);
        HMAC_Update(&hmac, p12->authsafes->d.data->data,
                                         p12->authsafes->d.data->length);
        HMAC_Final(&hmac, mac, maclen);
index 91cd419..cf74343 100644 (file)
@@ -448,7 +448,6 @@ void ERR_load_RSA_strings(void);
 
 /* Reason codes. */
 #define RSA_R_ALGORITHM_MISMATCH                        100
-#define RSA_R_BAD_ARGUMENT                              149
 #define RSA_R_BAD_E_VALUE                               101
 #define RSA_R_BAD_FIXED_HEADER_DECRYPT                  102
 #define RSA_R_BAD_PAD_BYTE_COUNT                        103
index a53c5f6..cf9f110 100644 (file)
@@ -124,7 +124,6 @@ static ERR_STRING_DATA RSA_str_functs[]=
 static ERR_STRING_DATA RSA_str_reasons[]=
        {
 {ERR_REASON(RSA_R_ALGORITHM_MISMATCH)    ,"algorithm mismatch"},
-{ERR_REASON(RSA_R_BAD_ARGUMENT)          ,"bad argument"},
 {ERR_REASON(RSA_R_BAD_E_VALUE)           ,"bad e value"},
 {ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT),"bad fixed header decrypt"},
 {ERR_REASON(RSA_R_BAD_PAD_BYTE_COUNT)    ,"bad pad byte count"},
index 3652677..70bacf8 100644 (file)
@@ -28,7 +28,7 @@
 #include <openssl/rand.h>
 #include <openssl/sha.h>
 
-int MGF1(unsigned char *mask, long len,
+static int MGF1(unsigned char *mask, long len,
        const unsigned char *seed, long seedlen);
 
 int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
@@ -76,11 +76,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
           20);
 #endif
 
-       MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
+       if (MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH) < 0)
+               return 0;
        for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
                db[i] ^= dbmask[i];
 
-       MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);
+       if (MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH) < 0)
+               return 0;
        for (i = 0; i < SHA_DIGEST_LENGTH; i++)
                seed[i] ^= seedmask[i];
 
@@ -133,11 +135,13 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
 
        maskeddb = padded_from + SHA_DIGEST_LENGTH;
 
-       MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
+       if (MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen))
+               return -1;
        for (i = 0; i < SHA_DIGEST_LENGTH; i++)
                seed[i] ^= padded_from[i];
   
-       MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
+       if (MGF1(db, dblen, seed, SHA_DIGEST_LENGTH))
+               return -1;
        for (i = 0; i < dblen; i++)
                db[i] ^= maskeddb[i];
 
@@ -188,6 +192,8 @@ int PKCS1_MGF1(unsigned char *mask, long len,
 
        EVP_MD_CTX_init(&c);
        mdlen = EVP_MD_size(dgst);
+       if (mdlen < 0)
+               return -1;
        for (i = 0; outlen < len; i++)
                {
                cnt[0] = (unsigned char)((i >> 24) & 255);
@@ -213,7 +219,8 @@ int PKCS1_MGF1(unsigned char *mask, long len,
        return 0;
        }
 
-int MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen)
+static int MGF1(unsigned char *mask, long len, const unsigned char *seed,
+                long seedlen)
        {
        return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1());
        }
index 2e44194..775c361 100644 (file)
@@ -81,13 +81,9 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
        EVP_MD_CTX ctx;
        unsigned char H_[EVP_MAX_MD_SIZE];
 
-       if (Hash == NULL)
-               {
-               RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_BAD_ARGUMENT);
-               goto err;
-               }
-
        hLen = EVP_MD_size(Hash);
+       if (hLen < 0)
+               goto err;
        /*
         * Negative sLen has special meanings:
         *      -1      sLen == hLen
@@ -132,7 +128,8 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
                RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE);
                goto err;
                }
-       PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash);
+       if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash) < 0)
+               goto err;
        for (i = 0; i < maskedDBLen; i++)
                DB[i] ^= EM[i];
        if (MSBits)
@@ -183,6 +180,8 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
        EVP_MD_CTX ctx;
 
        hLen = EVP_MD_size(Hash);
+       if (hLen < 0)
+               goto err;
        /*
         * Negative sLen has special meanings:
         *      -1      sLen == hLen
@@ -238,7 +237,8 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
        EVP_MD_CTX_cleanup(&ctx);
 
        /* Generate dbMask in place then perform XOR on it */
-       PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash);
+       if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash))
+               goto err;
 
        p = EM;
 
index 6acacac..e1f3b53 100644 (file)
@@ -604,7 +604,10 @@ static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
                }
 
        /* Compute message digest. */
-       *imprint_len = EVP_MD_size(md);
+       length = EVP_MD_size(md);
+       if (length < 0)
+           goto err;
+       *imprint_len = length;
        if (!(*imprint = OPENSSL_malloc(*imprint_len))) 
                {
                TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE);
index ea5e12e..9de787e 100644 (file)
@@ -135,7 +135,11 @@ int dtls1_enc(SSL *s, int send)
        if (send)
                {
                if (EVP_MD_CTX_md(s->write_hash))
+                       {
                        n=EVP_MD_CTX_size(s->write_hash);
+                       if (n < 0)
+                               return -1;
+                       }
                ds=s->enc_write_ctx;
                rec= &(s->s3->wrec);
                if (s->enc_write_ctx == NULL)
@@ -157,7 +161,11 @@ int dtls1_enc(SSL *s, int send)
        else
                {
                if (EVP_MD_CTX_md(s->read_hash))
+                       {
                        n=EVP_MD_CTX_size(s->read_hash);
+                       if (n < 0)
+                               return -1;
+                       }
                ds=s->enc_read_ctx;
                rec= &(s->s3->rrec);
                if (s->enc_read_ctx == NULL)
index daf1fee..dea63d6 100644 (file)
@@ -428,7 +428,10 @@ printf("\n");
        if (!clear)
                {
                /* !clear => s->read_hash != NULL => mac_size != -1 */
-               mac_size=EVP_MD_CTX_size(s->read_hash);
+               int t;
+               t=EVP_MD_CTX_size(s->read_hash);
+               OPENSSL_assert(t >= 0);
+               mac_size=t;
 
                if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
                        {
@@ -453,7 +456,7 @@ printf("\n");
                        }
                rr->length-=mac_size;
                i=s->method->ssl3_enc->mac(s,md,0);
-               if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
+               if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
                        {
                        goto decryption_failed_or_bad_record_mac;
                        }
@@ -1341,7 +1344,11 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
        if (clear)
                mac_size=0;
        else
+               {
                mac_size=EVP_MD_CTX_size(s->write_hash);
+               if (mac_size < 0)
+                       goto err;
+               }
 
        /* DTLS implements explicit IV, so no need for empty fragments */
 #if 0
@@ -1428,7 +1435,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
 
        if (mac_size != 0)
                {
-               s->method->ssl3_enc->mac(s,&(p[wr->length + bs]),1);
+               if(s->method->ssl3_enc->mac(s,&(p[wr->length + bs]),1) < 0)
+                       goto err;
                wr->length+=mac_size;
                }
 
index 4cfafce..907e305 100644 (file)
@@ -455,6 +455,7 @@ int ssl2_generate_key_material(SSL *s)
        unsigned char *km;
        unsigned char c='0';
        const EVP_MD *md5;
+       int md_size;
 
        md5 = EVP_md5();
 
@@ -471,10 +472,12 @@ int ssl2_generate_key_material(SSL *s)
                SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
                return 0;
                }
-
-       for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5))
+       md_size = EVP_MD_size(md5);
+       if (md_size < 0)
+           return 0;
+       for (i=0; i<s->s2->key_material_length; i += md_size)
                {
-               if (((km - s->s2->key_material) + EVP_MD_size(md5)) >
+               if (((km - s->s2->key_material) + md_size) >
                                (int)sizeof(s->s2->key_material))
                        {
                        /* EVP_DigestFinal_ex() below would write beyond buffer */
@@ -493,7 +496,7 @@ int ssl2_generate_key_material(SSL *s)
                EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length);
                EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length);
                EVP_DigestFinal_ex(&ctx,km,NULL);
-               km += EVP_MD_size(md5);
+               km += md_size;
                }
 
        EVP_MD_CTX_cleanup(&ctx);
index e6d5d09..9c1d131 100644 (file)
 #define USE_SOCKETS
 
 static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
-static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len);
+static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len);
 static int write_pending(SSL *s, const unsigned char *buf, unsigned int len);
 static int ssl_mt_error(int n);
 
@@ -130,7 +130,7 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
        unsigned char mac[MAX_MAC_SIZE];
        unsigned char *p;
        int i;
-       unsigned int mac_size;
+       int mac_size;
 
  ssl2_read_again:
        if (SSL_in_init(s) && !s->in_handshake)
@@ -247,6 +247,8 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
                else
                        {
                        mac_size=EVP_MD_CTX_size(s->read_hash);
+                       if (mac_size < 0)
+                               return -1;
                        OPENSSL_assert(mac_size <= MAX_MAC_SIZE);
                        s->s2->mac_data=p;
                        s->s2->ract_data= &p[mac_size];
@@ -447,7 +449,7 @@ int ssl2_write(SSL *s, const void *_buf, int len)
        n=(len-tot);
        for (;;)
                {
-               i=do_ssl_write(s,&(buf[tot]),n);
+               i=n_do_ssl_write(s,&(buf[tot]),n);
                if (i <= 0)
                        {
                        s->s2->wnum=tot;
@@ -511,7 +513,7 @@ static int write_pending(SSL *s, const unsigned char *buf, unsigned int len)
                }
        }
 
-static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
+static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
        {
        unsigned int j,k,olen,p,mac_size,bs;
        register unsigned char *pp;
@@ -529,7 +531,11 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
        if (s->s2->clear_text)
                mac_size=0;
        else
+               {
                mac_size=EVP_MD_CTX_size(s->write_hash);
+               if (mac_size < 0)
+                       return -1;
+               }
 
        /* lets set the pad p */
        if (s->s2->clear_text)
index 96e59f6..00fad17 100644 (file)
@@ -315,6 +315,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
 
        p=s->s3->tmp.key_block;
        i=EVP_MD_size(m);
+       if (i < 0)
+               goto err2;
        cl=EVP_CIPHER_key_length(c);
        j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
                 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
@@ -409,7 +411,11 @@ int ssl3_setup_key_block(SSL *s)
        s->s3->tmp.new_compression=comp;
 #endif
 
-       num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
+       num=EVP_MD_size(hash);
+       if (num < 0)
+               return 0;
+
+       num=EVP_CIPHER_key_length(c)+num+EVP_CIPHER_iv_length(c);
        num*=2;
 
        ssl3_cleanup_key_block(s);
@@ -666,6 +672,9 @@ static int ssl3_handshake_mac(SSL *s, int md_nid,
        EVP_MD_CTX_init(&ctx);
        EVP_MD_CTX_copy_ex(&ctx,d);
        n=EVP_MD_CTX_size(&ctx);
+       if (n < 0)
+               return 0;
+
        npad=(48/n)*n;
        if (sender != NULL)
                EVP_DigestUpdate(&ctx,sender,len);
@@ -686,7 +695,7 @@ static int ssl3_handshake_mac(SSL *s, int md_nid,
        return((int)ret);
        }
 
-int ssl3_mac(SSL *ssl, unsigned char *md, int send)
+int n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
        {
        SSL3_RECORD *rec;
        unsigned char *mac_sec,*seq;
@@ -695,6 +704,7 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send)
        unsigned char *p,rec_char;
        unsigned int md_size;
        int npad;
+       int t;
 
        if (send)
                {
@@ -711,9 +721,10 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send)
                hash=ssl->read_hash;
                }
 
-       /* If hash is NULL, then a crash will follow anyway */
-       OPENSSL_assert(hash);
-       md_size=EVP_MD_CTX_size(hash);
+       t=EVP_MD_CTX_size(hash);
+       if (t < 0)
+               return -1;
+       md_size=t;
        npad=(48/md_size)*md_size;
 
        /* Chop the digest off the end :-) */
index 54c0540..727827f 100644 (file)
@@ -2077,7 +2077,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 
 SSL3_ENC_METHOD SSLv3_enc_data={
        ssl3_enc,
-       ssl3_mac,
+       n_ssl3_mac,
        ssl3_setup_key_block,
        ssl3_generate_master_secret,
        ssl3_change_cipher_state,
index 330918a..e6c68b3 100644 (file)
@@ -414,6 +414,7 @@ printf("\n");
                {
                /* !clear => s->read_hash != NULL => mac_size != -1 */
                mac_size=EVP_MD_CTX_size(s->read_hash);
+               OPENSSL_assert(mac_size >= 0);
 
                if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
                        {
@@ -444,7 +445,7 @@ printf("\n");
 #endif
                        }
                i=s->method->ssl3_enc->mac(s,md,0);
-               if (mac == NULL || memcmp(md, mac, mac_size) != 0)
+               if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0)
                        {
                        decryption_failed_or_bad_record_mac = 1;
                        }
@@ -649,7 +650,11 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
        if (clear)
                mac_size=0;
        else
+               {
                mac_size=EVP_MD_CTX_size(s->write_hash);
+               if (mac_size < 0)
+                       goto err;
+               }
 
        /* 'create_empty_fragment' is true only when this function calls itself */
        if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done)
@@ -747,7 +752,8 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
 
        if (mac_size != 0)
                {
-               s->method->ssl3_enc->mac(s,&(p[wr->length]),1);
+               if (s->method->ssl3_enc->mac(s,&(p[wr->length]),1) < 0)
+                       goto err;
                wr->length+=mac_size;
                wr->input=p;
                wr->data=p;
index 5cc3a19..d732764 100644 (file)
@@ -522,6 +522,7 @@ int ssl3_accept(SSL *s)
                                {
                                int offset=0;
                                int dgst_num;
+
                                s->state=SSL3_ST_SR_CERT_VRFY_A;
                                s->init_num=0;
 
@@ -536,8 +537,16 @@ int ssl3_accept(SSL *s)
                                for (dgst_num=0; dgst_num<SSL_MAX_DIGEST;dgst_num++)    
                                        if (s->s3->handshake_dgst[dgst_num]) 
                                                {
+                                               int dgst_size;
+
                                                s->method->ssl3_enc->cert_verify_mac(s,EVP_MD_CTX_type(s->s3->handshake_dgst[dgst_num]),&(s->s3->tmp.cert_verify_md[offset]));
-                                               offset+=EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]);
+                                               dgst_size=EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]);
+                                               if (dgst_size < 0)
+                                                       {
+                                                       ret = -1;
+                                                       goto end;
+                                                       }
+                                               offset+=dgst_size;
                                                }               
                                }
                        break;
index 02cf181..8858dcb 100644 (file)
@@ -381,16 +381,19 @@ void ssl_load_ciphers(void)
                EVP_get_digestbyname(SN_md5);
        ssl_mac_secret_size[SSL_MD_MD5_IDX]=
                EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]);
+       OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0);
        ssl_digest_methods[SSL_MD_SHA1_IDX]=
                EVP_get_digestbyname(SN_sha1);
        ssl_mac_secret_size[SSL_MD_SHA1_IDX]=
                EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]);
+       OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0);
        ssl_digest_methods[SSL_MD_GOST94_IDX]=
                EVP_get_digestbyname(SN_id_GostR3411_94);
        if (ssl_digest_methods[SSL_MD_GOST94_IDX])
                {       
                ssl_mac_secret_size[SSL_MD_GOST94_IDX]=
                        EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]);
+               OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0);
                }
        ssl_digest_methods[SSL_MD_GOST89MAC_IDX]=
                EVP_get_digestbyname(SN_id_Gost28147_89_MAC);
index 9df4be5..2e6e98f 100644 (file)
@@ -870,7 +870,7 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,unsigned char *p)
 int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
 void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
 int ssl3_enc(SSL *s, int send_data);
-int ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
+int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
 void ssl3_free_digest_list(SSL *s);
 unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
 SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,
index 4d9a18e..ea3cd71 100644 (file)
@@ -163,6 +163,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
        unsigned int A1_len;
        
        chunk=EVP_MD_size(md);
+       OPENSSL_assert(chunk >= 0);
 
        HMAC_CTX_init(&ctx);
        HMAC_CTX_init(&ctx_tmp);
@@ -605,7 +606,10 @@ int tls1_enc(SSL *s, int send)
        if (send)
                {
                if (EVP_MD_CTX_md(s->write_hash))
+                       {
                        n=EVP_MD_CTX_size(s->write_hash);
+                       OPENSSL_assert(n >= 0);
+                       }
                ds=s->enc_write_ctx;
                rec= &(s->s3->wrec);
                if (s->enc_write_ctx == NULL)
@@ -616,7 +620,10 @@ int tls1_enc(SSL *s, int send)
        else
                {
                if (EVP_MD_CTX_md(s->read_hash))
+                       {
                        n=EVP_MD_CTX_size(s->read_hash);
+                       OPENSSL_assert(n >= 0);
+                       }
                ds=s->enc_read_ctx;
                rec= &(s->s3->rrec);
                if (s->enc_read_ctx == NULL)
@@ -796,8 +803,8 @@ int tls1_final_finish_mac(SSL *s,
                {
                if (mask & s->s3->tmp.new_cipher->algorithm2)
                        {
-                       unsigned int hashsize = EVP_MD_size(md);
-                       if (hashsize > (sizeof buf - (size_t)(q-buf)))
+                       int hashsize = EVP_MD_size(md);
+                       if (hashsize < 0 || hashsize > (sizeof buf - (size_t)(q-buf)))
                                {
                                /* internal error: 'buf' is too small for this cipersuite! */
                                err = 1;
@@ -835,6 +842,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
        EVP_MD_CTX hmac, *mac_ctx;
        unsigned char buf[5]; 
        int stream_mac = (send?(ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM):(ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM));
+       int t;
 
        if (send)
                {
@@ -851,7 +859,9 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
                hash=ssl->read_hash;
                }
 
-       md_size=EVP_MD_CTX_size(hash);
+       t=EVP_MD_CTX_size(hash);
+       OPENSSL_assert(t >= 0);
+       md_size=t;
 
        buf[0]=rec->type;
        buf[1]=(unsigned char)(ssl->version>>8);
@@ -884,7 +894,9 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
 
        EVP_DigestSignUpdate(mac_ctx,buf,5);
        EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length);
-       EVP_DigestSignFinal(mac_ctx,md,&md_size);
+       t=EVP_DigestSignFinal(mac_ctx,md,&md_size);
+       OPENSSL_assert(t > 0);
+               
        if (!stream_mac) EVP_MD_CTX_cleanup(&hmac);
 #ifdef TLS_DEBUG
 printf("sec=");
index e6ba33d..c1d4173 100644 (file)
@@ -1532,6 +1532,11 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
         * integrity checks on ticket.
         */
        mlen = HMAC_size(&hctx);
+       if (mlen < 0)
+               {
+               EVP_CIPHER_CTX_cleanup(&ctx);
+               return -1;
+               }
        eticklen -= mlen;
        /* Check HMAC of encrypted ticket */
        HMAC_Update(&hctx, etick, eticklen);