Ensure all EVP calls have their returns checked where appropriate (56d91346) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

ssl/s3_cbc.c

+30 −15

Original line number	Diff line number	Diff line
		@@ -411,8 +411,9 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
		* functions, above, we know that data_plus_mac_size is large enough to contain
		* a padding byte and MAC. (If the padding was invalid, it might contain the
		* padding too. )
		* Returns 1 on success or 0 on error
		*/
		void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
		int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
		unsigned char *md_out,
		size_t *md_out_size,
		const unsigned char header[13],
		@@ -455,7 +456,8 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,

		switch (EVP_MD_CTX_type(ctx)) {
		case NID_md5:
		MD5_Init((MD5_CTX *)md_state.c);
		if (MD5_Init((MD5_CTX *)md_state.c) <= 0)
		return 0;
		md_final_raw = tls1_md5_final_raw;
		md_transform =
		(void ()(void ctx, const unsigned char *block))MD5_Transform;
		@@ -464,7 +466,8 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
		length_is_big_endian = 0;
		break;
		case NID_sha1:
		SHA1_Init((SHA_CTX *)md_state.c);
		if (SHA1_Init((SHA_CTX *)md_state.c) <= 0)
		return 0;
		md_final_raw = tls1_sha1_final_raw;
		md_transform =
		(void ()(void ctx, const unsigned char *block))SHA1_Transform;
		@@ -472,14 +475,16 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
		break;
		#ifndef OPENSSL_NO_SHA256
		case NID_sha224:
		SHA224_Init((SHA256_CTX *)md_state.c);
		if (SHA224_Init((SHA256_CTX *)md_state.c) <= 0)
		return 0;
		md_final_raw = tls1_sha256_final_raw;
		md_transform =
		(void ()(void ctx, const unsigned char *block))SHA256_Transform;
		md_size = 224 / 8;
		break;
		case NID_sha256:
		SHA256_Init((SHA256_CTX *)md_state.c);
		if (SHA256_Init((SHA256_CTX *)md_state.c) <= 0)
		return 0;
		md_final_raw = tls1_sha256_final_raw;
		md_transform =
		(void ()(void ctx, const unsigned char *block))SHA256_Transform;
		@@ -488,7 +493,8 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
		#endif
		#ifndef OPENSSL_NO_SHA512
		case NID_sha384:
		SHA384_Init((SHA512_CTX *)md_state.c);
		if (SHA384_Init((SHA512_CTX *)md_state.c) <= 0)
		return 0;
		md_final_raw = tls1_sha512_final_raw;
		md_transform =
		(void ()(void ctx, const unsigned char *block))SHA512_Transform;
		@@ -497,7 +503,8 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
		md_length_size = 16;
		break;
		case NID_sha512:
		SHA512_Init((SHA512_CTX *)md_state.c);
		if (SHA512_Init((SHA512_CTX *)md_state.c) <= 0)
		return 0;
		md_final_raw = tls1_sha512_final_raw;
		md_transform =
		(void ()(void ctx, const unsigned char *block))SHA512_Transform;
		@@ -514,7 +521,7 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
		OPENSSL_assert(0);
		if (md_out_size)
		*md_out_size = -1;
		return;
		return 0;
		}

		OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES);
		@@ -652,7 +659,7 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
		*/
		if (header_length <= md_block_size) {
		/* Should never happen */
		return;
		return 0;
		}
		overhang = header_length - md_block_size;
		md_transform(md_state.c, header);
		@@ -733,26 +740,34 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
		}

		EVP_MD_CTX_init(&md_ctx);
		EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */ );
		if (EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */ ) <= 0)
		goto err;
		if (is_sslv3) {
		/* We repurpose \|hmac_pad\| to contain the SSLv3 pad2 block. */
		memset(hmac_pad, 0x5c, sslv3_pad_length);

		EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length);
		EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length);
		EVP_DigestUpdate(&md_ctx, mac_out, md_size);
		if (EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length) <= 0
		\|\| EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length) <= 0
		\|\| EVP_DigestUpdate(&md_ctx, mac_out, md_size) <= 0)
		goto err;
		} else {
		/* Complete the HMAC in the standard manner. */
		for (i = 0; i < md_block_size; i++)
		hmac_pad[i] ^= 0x6a;

		EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size);
		EVP_DigestUpdate(&md_ctx, mac_out, md_size);
		if (EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size) <= 0
		\|\| EVP_DigestUpdate(&md_ctx, mac_out, md_size) <= 0)
		goto err;
		}
		EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u);
		if (md_out_size)
		*md_out_size = md_out_size_u;
		EVP_MD_CTX_cleanup(&md_ctx);

		return 1;
		err:
		EVP_MD_CTX_cleanup(&md_ctx);
		return 0;
		}

		#ifdef OPENSSL_FIPS

ssl/s3_clnt.c

+47 −26

Original line number	Diff line number	Diff line
		@@ -1956,14 +1956,20 @@ int ssl3_get_key_exchange(SSL *s)
		q = md_buf;
		for (num = 2; num > 0; num--) {
		EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
		EVP_DigestInit_ex(&md_ctx, (num == 2)
		? s->ctx->md5 : s->ctx->sha1, NULL);
		EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]),
		SSL3_RANDOM_SIZE);
		EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]),
		SSL3_RANDOM_SIZE);
		EVP_DigestUpdate(&md_ctx, param, param_len);
		EVP_DigestFinal_ex(&md_ctx, q, &size);
		if (EVP_DigestInit_ex(&md_ctx,
		(num == 2) ? s->ctx->md5 : s->ctx->sha1,
		NULL) <= 0
		\|\| EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]),
		SSL3_RANDOM_SIZE) <= 0
		\|\| EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]),
		SSL3_RANDOM_SIZE) <= 0
		\|\| EVP_DigestUpdate(&md_ctx, param, param_len) <= 0
		\|\| EVP_DigestFinal_ex(&md_ctx, q, &size) <= 0) {
		SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
		ERR_R_INTERNAL_ERROR);
		al = SSL_AD_INTERNAL_ERROR;
		goto f_err;
		}
		q += size;
		j += size;
		}
		@@ -1982,12 +1988,16 @@ int ssl3_get_key_exchange(SSL *s)
		} else
		#endif
		{
		EVP_VerifyInit_ex(&md_ctx, md, NULL);
		EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]),
		SSL3_RANDOM_SIZE);
		EVP_VerifyUpdate(&md_ctx, &(s->s3->server_random[0]),
		SSL3_RANDOM_SIZE);
		EVP_VerifyUpdate(&md_ctx, param, param_len);
		if (EVP_VerifyInit_ex(&md_ctx, md, NULL) <= 0
		\|\| EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]),
		SSL3_RANDOM_SIZE) <= 0
		\|\| EVP_VerifyUpdate(&md_ctx, &(s->s3->server_random[0]),
		SSL3_RANDOM_SIZE) <= 0
		\|\| EVP_VerifyUpdate(&md_ctx, param, param_len) <= 0) {
		al = SSL_AD_INTERNAL_ERROR;
		SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EVP_LIB);
		goto f_err;
		}
		if (EVP_VerifyFinal(&md_ctx, p, (int)n, pkey) <= 0) {
		/* bad signature */
		al = SSL_AD_DECRYPT_ERROR;
		@@ -2970,10 +2980,13 @@ int ssl3_send_client_key_exchange(SSL *s)

		/* Otherwise, generate ephemeral key pair */

		EVP_PKEY_encrypt_init(pkey_ctx);
		if (pkey_ctx == NULL
		\|\| EVP_PKEY_encrypt_init(pkey_ctx) <= 0
		/* Generate session key */
		if (RAND_bytes(premaster_secret, 32) <= 0) {
		\|\| RAND_bytes(premaster_secret, 32) <= 0) {
		EVP_PKEY_CTX_free(pkey_ctx);
		SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
		ERR_R_INTERNAL_ERROR);
		goto err;
		}
		/*
		@@ -2994,13 +3007,18 @@ int ssl3_send_client_key_exchange(SSL *s)
		* data
		*/
		ukm_hash = EVP_MD_CTX_create();
		EVP_DigestInit(ukm_hash,
		EVP_get_digestbynid(NID_id_GostR3411_94));
		EVP_DigestUpdate(ukm_hash, s->s3->client_random,
		SSL3_RANDOM_SIZE);
		EVP_DigestUpdate(ukm_hash, s->s3->server_random,
		SSL3_RANDOM_SIZE);
		EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len);
		if (EVP_DigestInit(ukm_hash,
		EVP_get_digestbynid(NID_id_GostR3411_94)) <= 0
		\|\| EVP_DigestUpdate(ukm_hash, s->s3->client_random,
		SSL3_RANDOM_SIZE) <= 0
		\|\| EVP_DigestUpdate(ukm_hash, s->s3->server_random,
		SSL3_RANDOM_SIZE) <= 0
		\|\| EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) {
		EVP_MD_CTX_destroy(ukm_hash);
		SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
		ERR_R_INTERNAL_ERROR);
		goto err;
		}
		EVP_MD_CTX_destroy(ukm_hash);
		if (EVP_PKEY_CTX_ctrl
		(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, EVP_PKEY_CTRL_SET_IV, 8,
		@@ -3016,7 +3034,7 @@ int ssl3_send_client_key_exchange(SSL *s)
		*(p++) = V_ASN1_SEQUENCE \| V_ASN1_CONSTRUCTED;
		msglen = 255;
		if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret, 32)
		< 0) {
		<= 0) {
		SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
		SSL_R_LIBRARY_BUG);
		goto err;
		@@ -3211,7 +3229,10 @@ int ssl3_send_client_verify(SSL *s)
		pkey = s->cert->key->privatekey;
		/* Create context from key and test if sha1 is allowed as digest */
		pctx = EVP_PKEY_CTX_new(pkey, NULL);
		EVP_PKEY_sign_init(pctx);
		if (pctx == NULL \|\| EVP_PKEY_sign_init(pctx) <= 0) {
		SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
		goto err;
		}
		if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) {
		if (!SSL_USE_SIGALGS(s))
		s->method->ssl3_enc->cert_verify_mac(s,

ssl/s3_enc.c

+64 −46

Original line number	Diff line number	Diff line
		@@ -253,7 +253,10 @@ int ssl3_change_cipher_state(SSL *s, int which)
		EVP_CIPHER_CTX_init(s->enc_read_ctx);
		dd = s->enc_read_ctx;

		ssl_replace_hash(&s->read_hash, m);
		if (ssl_replace_hash(&s->read_hash, m) == NULL) {
		SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
		goto err2;
		}
		#ifndef OPENSSL_NO_COMP
		/* COMPRESS */
		if (s->expand != NULL) {
		@@ -288,7 +291,10 @@ int ssl3_change_cipher_state(SSL *s, int which)
		*/
		EVP_CIPHER_CTX_init(s->enc_write_ctx);
		dd = s->enc_write_ctx;
		ssl_replace_hash(&s->write_hash, m);
		if (ssl_replace_hash(&s->write_hash, m) == NULL) {
		SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
		goto err2;
		}
		#ifndef OPENSSL_NO_COMP
		/* COMPRESS */
		if (s->compress != NULL) {
		@@ -691,19 +697,21 @@ static int ssl3_handshake_mac(SSL *s, int md_nid,
		return 0;

		npad = (48 / n) * n;
		if (sender != NULL)
		EVP_DigestUpdate(&ctx, sender, len);
		EVP_DigestUpdate(&ctx, s->session->master_key,
		s->session->master_key_length);
		EVP_DigestUpdate(&ctx, ssl3_pad_1, npad);
		EVP_DigestFinal_ex(&ctx, md_buf, &i);

		EVP_DigestInit_ex(&ctx, EVP_MD_CTX_md(&ctx), NULL);
		EVP_DigestUpdate(&ctx, s->session->master_key,
		s->session->master_key_length);
		EVP_DigestUpdate(&ctx, ssl3_pad_2, npad);
		EVP_DigestUpdate(&ctx, md_buf, i);
		EVP_DigestFinal_ex(&ctx, p, &ret);
		if ((sender != NULL && EVP_DigestUpdate(&ctx, sender, len) <= 0)
		\|\| EVP_DigestUpdate(&ctx, s->session->master_key,
		s->session->master_key_length) <= 0
		\|\| EVP_DigestUpdate(&ctx, ssl3_pad_1, npad) <= 0
		\|\| EVP_DigestFinal_ex(&ctx, md_buf, &i) <= 0

		\|\| EVP_DigestInit_ex(&ctx, EVP_MD_CTX_md(&ctx), NULL) <= 0
		\|\| EVP_DigestUpdate(&ctx, s->session->master_key,
		s->session->master_key_length) <= 0
		\|\| EVP_DigestUpdate(&ctx, ssl3_pad_2, npad) <= 0
		\|\| EVP_DigestUpdate(&ctx, md_buf, i) <= 0
		\|\| EVP_DigestFinal_ex(&ctx, p, &ret) <= 0) {
		SSLerr(SSL_F_SSL3_HANDSHAKE_MAC, ERR_R_INTERNAL_ERROR);
		ret = 0;
		}

		EVP_MD_CTX_cleanup(&ctx);

		@@ -775,33 +783,36 @@ int n_ssl3_mac(SSL ssl, unsigned char md, int send)
		header[j++] = rec->length & 0xff;

		/* Final param == is SSLv3 */
		ssl3_cbc_digest_record(hash,
		if (ssl3_cbc_digest_record(hash,
		md, &md_size,
		header, rec->input,
		rec->length + md_size, orig_len,
		mac_sec, md_size, 1);
		mac_sec, md_size, 1) <= 0)
		return -1;
		} else {
		unsigned int md_size_u;
		/* Chop the digest off the end :-) */
		EVP_MD_CTX_init(&md_ctx);

		EVP_MD_CTX_copy_ex(&md_ctx, hash);
		EVP_DigestUpdate(&md_ctx, mac_sec, md_size);
		EVP_DigestUpdate(&md_ctx, ssl3_pad_1, npad);
		EVP_DigestUpdate(&md_ctx, seq, 8);
		rec_char = rec->type;
		EVP_DigestUpdate(&md_ctx, &rec_char, 1);
		p = md;
		s2n(rec->length, p);
		EVP_DigestUpdate(&md_ctx, md, 2);
		EVP_DigestUpdate(&md_ctx, rec->input, rec->length);
		EVP_DigestFinal_ex(&md_ctx, md, NULL);

		EVP_MD_CTX_copy_ex(&md_ctx, hash);
		EVP_DigestUpdate(&md_ctx, mac_sec, md_size);
		EVP_DigestUpdate(&md_ctx, ssl3_pad_2, npad);
		EVP_DigestUpdate(&md_ctx, md, md_size);
		EVP_DigestFinal_ex(&md_ctx, md, &md_size_u);
		if (EVP_MD_CTX_copy_ex(&md_ctx, hash) <= 0
		\|\| EVP_DigestUpdate(&md_ctx, mac_sec, md_size) <= 0
		\|\| EVP_DigestUpdate(&md_ctx, ssl3_pad_1, npad) <= 0
		\|\| EVP_DigestUpdate(&md_ctx, seq, 8) <= 0
		\|\| EVP_DigestUpdate(&md_ctx, &rec_char, 1) <= 0
		\|\| EVP_DigestUpdate(&md_ctx, md, 2) <= 0
		\|\| EVP_DigestUpdate(&md_ctx, rec->input, rec->length) <= 0
		\|\| EVP_DigestFinal_ex(&md_ctx, md, NULL) <= 0
		\|\| EVP_MD_CTX_copy_ex(&md_ctx, hash) <= 0
		\|\| EVP_DigestUpdate(&md_ctx, mac_sec, md_size) <= 0
		\|\| EVP_DigestUpdate(&md_ctx, ssl3_pad_2, npad) <= 0
		\|\| EVP_DigestUpdate(&md_ctx, md, md_size) <= 0
		\|\| EVP_DigestFinal_ex(&md_ctx, md, &md_size_u) <= 0) {
		EVP_MD_CTX_cleanup(&md_ctx);
		return -1;
		}
		md_size = md_size_u;

		EVP_MD_CTX_cleanup(&md_ctx);
		@@ -846,24 +857,31 @@ int ssl3_generate_master_secret(SSL s, unsigned char out, unsigned char *p,

		EVP_MD_CTX_init(&ctx);
		for (i = 0; i < 3; i++) {
		EVP_DigestInit_ex(&ctx, s->ctx->sha1, NULL);
		EVP_DigestUpdate(&ctx, salt[i], strlen((const char *)salt[i]));
		EVP_DigestUpdate(&ctx, p, len);
		EVP_DigestUpdate(&ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE);
		EVP_DigestUpdate(&ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE);
		EVP_DigestFinal_ex(&ctx, buf, &n);

		EVP_DigestInit_ex(&ctx, s->ctx->md5, NULL);
		EVP_DigestUpdate(&ctx, p, len);
		EVP_DigestUpdate(&ctx, buf, n);
		EVP_DigestFinal_ex(&ctx, out, &n);
		if (EVP_DigestInit_ex(&ctx, s->ctx->sha1, NULL) <= 0
		\|\| EVP_DigestUpdate(&ctx, salt[i],
		strlen((const char *)salt[i])) <= 0
		\|\| EVP_DigestUpdate(&ctx, p, len) <= 0
		\|\| EVP_DigestUpdate(&ctx, &(s->s3->client_random[0]),
		SSL3_RANDOM_SIZE) <= 0
		\|\| EVP_DigestUpdate(&ctx, &(s->s3->server_random[0]),
		SSL3_RANDOM_SIZE) <= 0
		\|\| EVP_DigestFinal_ex(&ctx, buf, &n) <= 0

		\|\| EVP_DigestInit_ex(&ctx, s->ctx->md5, NULL) <= 0
		\|\| EVP_DigestUpdate(&ctx, p, len) <= 0
		\|\| EVP_DigestUpdate(&ctx, buf, n) <= 0
		\|\| EVP_DigestFinal_ex(&ctx, out, &n) <= 0) {
		SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
		ret = 0;
		break;
		}
		out += n;
		ret += n;
		}
		EVP_MD_CTX_cleanup(&ctx);

		#ifdef OPENSSL_SSL_TRACE_CRYPTO
		if (s->msg_callback) {
		if (ret > 0 && s->msg_callback) {
		s->msg_callback(2, s->version, TLS1_RT_CRYPTO_PREMASTER,
		p, len, s, s->msg_callback_arg);
		s->msg_callback(2, s->version, TLS1_RT_CRYPTO_CLIENT_RANDOM,

ssl/s3_srvr.c

+36 −19

Original line number	Diff line number	Diff line
		@@ -1949,14 +1949,22 @@ int ssl3_send_server_key_exchange(SSL *s)
		for (num = 2; num > 0; num--) {
		EVP_MD_CTX_set_flags(&md_ctx,
		EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
		EVP_DigestInit_ex(&md_ctx, (num == 2)
		? s->ctx->md5 : s->ctx->sha1, NULL);
		EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]),
		SSL3_RANDOM_SIZE);
		EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]),
		SSL3_RANDOM_SIZE);
		EVP_DigestUpdate(&md_ctx, d, n);
		EVP_DigestFinal_ex(&md_ctx, q, (unsigned int *)&i);
		if (EVP_DigestInit_ex(&md_ctx,
		(num == 2) ? s->ctx->md5
		: s->ctx->sha1,
		NULL) <= 0
		\|\| EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]),
		SSL3_RANDOM_SIZE) <= 0
		\|\| EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]),
		SSL3_RANDOM_SIZE) <= 0
		\|\| EVP_DigestUpdate(&md_ctx, d, n) <= 0
		\|\| EVP_DigestFinal_ex(&md_ctx, q,
		(unsigned int *)&i) <= 0) {
		SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
		ERR_LIB_EVP);
		al = SSL_AD_INTERNAL_ERROR;
		goto f_err;
		}
		q += i;
		j += i;
		}
		@@ -1984,16 +1992,17 @@ int ssl3_send_server_key_exchange(SSL *s)
		#ifdef SSL_DEBUG
		fprintf(stderr, "Using hash %s\n", EVP_MD_name(md));
		#endif
		EVP_SignInit_ex(&md_ctx, md, NULL);
		EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]),
		SSL3_RANDOM_SIZE);
		EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]),
		SSL3_RANDOM_SIZE);
		EVP_SignUpdate(&md_ctx, d, n);
		if (!EVP_SignFinal(&md_ctx, &(p[2]),
		(unsigned int *)&i, pkey)) {
		if (EVP_SignInit_ex(&md_ctx, md, NULL) <= 0
		\|\| EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]),
		SSL3_RANDOM_SIZE) <= 0
		\|\| EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]),
		SSL3_RANDOM_SIZE) <= 0
		\|\| EVP_SignUpdate(&md_ctx, d, n) <= 0
		\|\| EVP_SignFinal(&md_ctx, &(p[2]),
		(unsigned int *)&i, pkey) <= 0) {
		SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_EVP);
		goto err;
		al = SSL_AD_INTERNAL_ERROR;
		goto f_err;
		}
		s2n(i, p);
		n += i + 2;
		@@ -2871,7 +2880,10 @@ int ssl3_get_client_key_exchange(SSL *s)
		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
		goto f_err;
		}
		EVP_PKEY_decrypt_init(pkey_ctx);
		if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0) {
		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
		goto gerr;
		}
		/*
		* If client certificate is present and is of the same type, maybe
		* use it for key exchange. Don't mind errors from
		@@ -3108,7 +3120,12 @@ int ssl3_get_cert_verify(SSL *s)
		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_MALLOC_FAILURE);
		goto f_err;
		}
		EVP_PKEY_verify_init(pctx);
		if (EVP_PKEY_verify_init(pctx) <= 0) {
		EVP_PKEY_CTX_free(pctx);
		al = SSL_AD_INTERNAL_ERROR;
		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR);
		goto f_err;
		}
		if (i != 64) {
		fprintf(stderr, "GOST signature length is %d", i);
		}

ssl/ssl.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -2681,6 +2681,7 @@ void ERR_load_SSL_strings(void);
		# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292
		# define SSL_F_SSL3_ENC 134
		# define SSL_F_SSL3_GENERATE_KEY_BLOCK 238
		# define SSL_F_SSL3_GENERATE_MASTER_SECRET 388
		# define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135
		# define SSL_F_SSL3_GET_CERT_STATUS 289
		# define SSL_F_SSL3_GET_CERT_VERIFY 136