Check EVP errors for handshake digests.

snhenson · snhenson · commit 0294b2be5f4c · 2013-12-18T13:26:10.000Z
Partial mitigation of PR#3200
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
@@ -161,6 +161,8 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
 
 		i=s->method->ssl3_enc->final_finish_mac(s,
 			sender,slen,s->s3->tmp.finish_md);
+		if (i == 0)
+			return 0;
 		s->s3->tmp.finish_md_len = i;
 		memcpy(p, s->s3->tmp.finish_md, i);
 		p+=i;
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
@@ -1459,8 +1459,14 @@ int ssl3_do_change_cipher_spec(SSL *s)
 		slen=s->method->ssl3_enc->client_finished_label_len;
 		}
 
-	s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
+	i = s->method->ssl3_enc->final_finish_mac(s,
 		sender,slen,s->s3->tmp.peer_finish_md);
+	if (i == 0)
+		{
+		SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
+		return 0;
+		}
+	s->s3->tmp.peer_finish_md_len = i;
 
 	return(1);
 	}
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
@@ -915,18 +915,19 @@ int tls1_final_finish_mac(SSL *s,
 		if (mask & ssl_get_algorithm2(s))
 			{
 			int hashsize = EVP_MD_size(md);
-			if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
+			EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
+			if (!hdgst || hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
 				{
 				/* internal error: 'buf' is too small for this cipersuite! */
 				err = 1;
 				}
 			else
 				{
-				EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]);
-				EVP_DigestFinal_ex(&ctx,q,&i);
-				if (i != (unsigned int)hashsize) /* can't really happen */
+				if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
+					!EVP_DigestFinal_ex(&ctx,q,&i) ||
+					(i != (unsigned int)hashsize))
 					err = 1;
-				q+=i;
+				q+=hashsize;
 				}
 			}
 		}

Original file line number	Diff line number	Diff line change
`@@ -1459,8 +1459,14 @@ int ssl3_do_change_cipher_spec(SSL *s)`
`1459`	`1459`	`slen=s->method->ssl3_enc->client_finished_label_len;`
`1460`	`1460`	`}`
`1461`	`1461`
`1462`		`- s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,`
	`1462`	`+ i = s->method->ssl3_enc->final_finish_mac(s,`
`1463`	`1463`	`sender,slen,s->s3->tmp.peer_finish_md);`
	`1464`	`+ if (i == 0)`
	`1465`	`+ {`
	`1466`	`+ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);`
	`1467`	`+ return 0;`
	`1468`	`+ }`
	`1469`	`+ s->s3->tmp.peer_finish_md_len = i;`
`1464`	`1470`
`1465`	`1471`	`return(1);`
`1466`	`1472`	`}`
Original file line number	Diff line number	Diff line change
`@@ -915,18 +915,19 @@ int tls1_final_finish_mac(SSL *s,`
`915`	`915`	`if (mask & ssl_get_algorithm2(s))`
`916`	`916`	`{`
`917`	`917`	`int hashsize = EVP_MD_size(md);`
`918`		`- if (hashsize < 0 \|\| hashsize > (int)(sizeof buf - (size_t)(q-buf)))`
	`918`	`+ EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];`
	`919`	`+ if (!hdgst \|\| hashsize < 0 \|\| hashsize > (int)(sizeof buf - (size_t)(q-buf)))`
`919`	`920`	`{`
`920`	`921`	`/* internal error: 'buf' is too small for this cipersuite! */`
`921`	`922`	`err = 1;`
`922`	`923`	`}`
`923`	`924`	`else`
`924`	`925`	`{`
`925`		`- EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]);`
`926`		`- EVP_DigestFinal_ex(&ctx,q,&i);`
`927`		`- if (i != (unsigned int)hashsize) /* can't really happen */`
	`926`	`+ if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) \|\|`
	`927`	`+ !EVP_DigestFinal_ex(&ctx,q,&i) \|\|`
	`928`	`+ (i != (unsigned int)hashsize))`
`928`	`929`	`err = 1;`
`929`		`- q+=i;`
	`930`	`+ q+=hashsize;`
`930`	`931`	`}`
`931`	`932`	`}`
`932`	`933`	`}`