Ensure all EVP calls have their returns checked where appropriate

# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC                 292

# define SSL_F_SSL3_ENC                                   134

# define SSL_F_SSL3_GENERATE_KEY_BLOCK                    238

# define SSL_F_SSL3_GENERATE_MASTER_SECRET                388

# define SSL_F_SSL3_GET_CERTIFICATE_REQUEST               135

# define SSL_F_SSL3_GET_CERT_STATUS                       289

# define SSL_F_SSL3_GET_CERT_VERIFY                       136

# define SSL_R_INVALID_TICKET_KEYS_LENGTH                 325

# define SSL_R_INVALID_TRUST                              279

# define SSL_R_LENGTH_MISMATCH                            159

# define SSL_R_LENGTH_TOO_SHORT                           160

# define SSL_R_LENGTH_TOO_LONG                            404

# define SSL_R_LENGTH_TOO_SHORT                           160

# define SSL_R_LIBRARY_BUG                                274

# define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161

# define SSL_R_MISSING_DH_DSA_CERT                        162

        header[j++] = rec->length & 0xff;

        /* Final param == is SSLv3 */

        ssl3_cbc_digest_record(hash,

        if (ssl3_cbc_digest_record(hash,

                                   md, &md_size,

                                   header, rec->input,

                                   rec->length + md_size, rec->orig_len,

                               mac_sec, md_size, 1);

                                   mac_sec, md_size, 1) <= 0)

            return -1;

    } else {

        unsigned int md_size_u;

        /* Chop the digest off the end :-) */

        EVP_MD_CTX_init(&md_ctx);

        EVP_MD_CTX_copy_ex(&md_ctx, hash);

        EVP_DigestUpdate(&md_ctx, mac_sec, md_size);

        EVP_DigestUpdate(&md_ctx, ssl3_pad_1, npad);

        EVP_DigestUpdate(&md_ctx, seq, 8);

        rec_char = rec->type;

        EVP_DigestUpdate(&md_ctx, &rec_char, 1);

        p = md;

        s2n(rec->length, p);

        EVP_DigestUpdate(&md_ctx, md, 2);

        EVP_DigestUpdate(&md_ctx, rec->input, rec->length);

        EVP_DigestFinal_ex(&md_ctx, md, NULL);

        EVP_MD_CTX_copy_ex(&md_ctx, hash);

        EVP_DigestUpdate(&md_ctx, mac_sec, md_size);

        EVP_DigestUpdate(&md_ctx, ssl3_pad_2, npad);

        EVP_DigestUpdate(&md_ctx, md, md_size);

        EVP_DigestFinal_ex(&md_ctx, md, &md_size_u);

        if (EVP_MD_CTX_copy_ex(&md_ctx, hash) <= 0

                || EVP_DigestUpdate(&md_ctx, mac_sec, md_size) <= 0

                || EVP_DigestUpdate(&md_ctx, ssl3_pad_1, npad) <= 0

                || EVP_DigestUpdate(&md_ctx, seq, 8) <= 0

                || EVP_DigestUpdate(&md_ctx, &rec_char, 1) <= 0

                || EVP_DigestUpdate(&md_ctx, md, 2) <= 0

                || EVP_DigestUpdate(&md_ctx, rec->input, rec->length) <= 0

                || EVP_DigestFinal_ex(&md_ctx, md, NULL) <= 0

                || EVP_MD_CTX_copy_ex(&md_ctx, hash) <= 0

                || EVP_DigestUpdate(&md_ctx, mac_sec, md_size) <= 0

                || EVP_DigestUpdate(&md_ctx, ssl3_pad_2, npad) <= 0

                || EVP_DigestUpdate(&md_ctx, md, md_size) <= 0

                || EVP_DigestFinal_ex(&md_ctx, md, &md_size_u) <= 0) {

            EVP_MD_CTX_cleanup(&md_ctx);

            return -1;

        }

        md_size = md_size_u;

        EVP_MD_CTX_cleanup(&md_ctx);

         * are hashing because that gives an attacker a timing-oracle.

         */

        /* Final param == not SSLv3 */

        ssl3_cbc_digest_record(mac_ctx,

        if (ssl3_cbc_digest_record(mac_ctx,

                                   md, &md_size,

                                   header, rec->input,

                                   rec->length + md_size, rec->orig_len,

                                   ssl->s3->read_mac_secret,

                               ssl->s3->read_mac_secret_size, 0);

                                   ssl->s3->read_mac_secret_size, 0) <= 0) {

            if (!stream_mac)

                EVP_MD_CTX_cleanup(&hmac);

            return -1;

        }

    } else {

        EVP_DigestSignUpdate(mac_ctx, header, sizeof(header));

        EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length);

        t = EVP_DigestSignFinal(mac_ctx, md, &md_size);

        if (t <= 0)

        if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0

                || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0

                || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) {

            if (!stream_mac)

                EVP_MD_CTX_cleanup(&hmac);

            return -1;

        }

        if (!send && !SSL_USE_ETM(ssl) && FIPS_mode())

            tls_fips_digest_extra(ssl->enc_read_ctx,

                                  mac_ctx, rec->input,

    if (!stream_mac)

        EVP_MD_CTX_cleanup(&hmac);

#ifdef TLS_DEBUG

    fprintf(stderr, "seq=");

    {

 * functions, above, we know that data_plus_mac_size is large enough to contain

 * a padding byte and MAC. (If the padding was invalid, it might contain the

 * padding too. )

 * Returns 1 on success or 0 on error

 */

void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,

int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,

                            unsigned char *md_out,

                            size_t *md_out_size,

                            const unsigned char header[13],

    switch (EVP_MD_CTX_type(ctx)) {

    case NID_md5:

        MD5_Init((MD5_CTX *)md_state.c);

        if (MD5_Init((MD5_CTX *)md_state.c) <= 0)

            return 0;

        md_final_raw = tls1_md5_final_raw;

        md_transform =

            (void (*)(void *ctx, const unsigned char *block))MD5_Transform;

        length_is_big_endian = 0;

        break;

    case NID_sha1:

        SHA1_Init((SHA_CTX *)md_state.c);

        if (SHA1_Init((SHA_CTX *)md_state.c) <= 0)

            return 0;

        md_final_raw = tls1_sha1_final_raw;

        md_transform =

            (void (*)(void *ctx, const unsigned char *block))SHA1_Transform;

        md_size = 20;

        break;

    case NID_sha224:

        SHA224_Init((SHA256_CTX *)md_state.c);

        if (SHA224_Init((SHA256_CTX *)md_state.c) <= 0)

            return 0;

        md_final_raw = tls1_sha256_final_raw;

        md_transform =

            (void (*)(void *ctx, const unsigned char *block))SHA256_Transform;

        md_size = 224 / 8;

        break;

    case NID_sha256:

        SHA256_Init((SHA256_CTX *)md_state.c);

        if (SHA256_Init((SHA256_CTX *)md_state.c) <= 0)

            return 0;

        md_final_raw = tls1_sha256_final_raw;

        md_transform =

            (void (*)(void *ctx, const unsigned char *block))SHA256_Transform;

        md_size = 32;

        break;

    case NID_sha384:

        SHA384_Init((SHA512_CTX *)md_state.c);

        if (SHA384_Init((SHA512_CTX *)md_state.c) <= 0)

            return 0;

        md_final_raw = tls1_sha512_final_raw;

        md_transform =

            (void (*)(void *ctx, const unsigned char *block))SHA512_Transform;

        md_length_size = 16;

        break;

    case NID_sha512:

        SHA512_Init((SHA512_CTX *)md_state.c);

        if (SHA512_Init((SHA512_CTX *)md_state.c) <= 0)

            return 0;

        md_final_raw = tls1_sha512_final_raw;

        md_transform =

            (void (*)(void *ctx, const unsigned char *block))SHA512_Transform;

        OPENSSL_assert(0);

        if (md_out_size)

            *md_out_size = -1;

        return;

        return 0;

    }

    OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES);

             */

            if (header_length <= md_block_size) {

                /* Should never happen */

                return;

                return 0;

            }

            overhang = header_length - md_block_size;

            md_transform(md_state.c, header);

    }

    EVP_MD_CTX_init(&md_ctx);

    EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */ );

    if (EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */ ) <= 0)

        goto err;

    if (is_sslv3) {

        /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */

        memset(hmac_pad, 0x5c, sslv3_pad_length);

        EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length);

        EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length);

        EVP_DigestUpdate(&md_ctx, mac_out, md_size);

        if (EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length) <= 0

                || EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length) <= 0

                || EVP_DigestUpdate(&md_ctx, mac_out, md_size) <= 0)

            goto err;

    } else {

        /* Complete the HMAC in the standard manner. */

        for (i = 0; i < md_block_size; i++)

            hmac_pad[i] ^= 0x6a;

        EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size);

        EVP_DigestUpdate(&md_ctx, mac_out, md_size);

        if (EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size) <= 0

                || EVP_DigestUpdate(&md_ctx, mac_out, md_size) <= 0)

            goto err;

    }

    ret = EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u);

    if (ret && md_out_size)

        *md_out_size = md_out_size_u;

    EVP_MD_CTX_cleanup(&md_ctx);

    return 1;

err:

    EVP_MD_CTX_cleanup(&md_ctx);

    return 0;

}

/*

            EVP_CIPHER_CTX_init(s->enc_read_ctx);

        dd = s->enc_read_ctx;

        if (!ssl_replace_hash(&s->read_hash, m)) {

        if (ssl_replace_hash(&s->read_hash, m) == NULL) {

                SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);

                goto err2;

        }

             */

            EVP_CIPHER_CTX_init(s->enc_write_ctx);

        dd = s->enc_write_ctx;

        if (!ssl_replace_hash(&s->write_hash, m)) {

        if (ssl_replace_hash(&s->write_hash, m) == NULL) {

                SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);

                goto err2;

        }

        return 0;

    npad = (48 / n) * n;

    if (sender != NULL)

        EVP_DigestUpdate(&ctx, sender, len);

    EVP_DigestUpdate(&ctx, s->session->master_key,

                     s->session->master_key_length);

    EVP_DigestUpdate(&ctx, ssl3_pad_1, npad);

    EVP_DigestFinal_ex(&ctx, md_buf, &i);

    EVP_DigestInit_ex(&ctx, EVP_MD_CTX_md(&ctx), NULL);

    EVP_DigestUpdate(&ctx, s->session->master_key,

                     s->session->master_key_length);

    EVP_DigestUpdate(&ctx, ssl3_pad_2, npad);

    EVP_DigestUpdate(&ctx, md_buf, i);

    EVP_DigestFinal_ex(&ctx, p, &ret);

    if ((sender != NULL && EVP_DigestUpdate(&ctx, sender, len) <= 0)

            || EVP_DigestUpdate(&ctx, s->session->master_key,

                                s->session->master_key_length) <= 0

            || EVP_DigestUpdate(&ctx, ssl3_pad_1, npad) <= 0

            || EVP_DigestFinal_ex(&ctx, md_buf, &i) <= 0

            || EVP_DigestInit_ex(&ctx, EVP_MD_CTX_md(&ctx), NULL) <= 0

            || EVP_DigestUpdate(&ctx, s->session->master_key,

                                s->session->master_key_length) <= 0

            || EVP_DigestUpdate(&ctx, ssl3_pad_2, npad) <= 0

            || EVP_DigestUpdate(&ctx, md_buf, i) <= 0

            || EVP_DigestFinal_ex(&ctx, p, &ret) <= 0) {

        SSLerr(SSL_F_SSL3_HANDSHAKE_MAC, ERR_R_INTERNAL_ERROR);

        ret = 0;

    }

    EVP_MD_CTX_cleanup(&ctx);

    EVP_MD_CTX_init(&ctx);

    for (i = 0; i < 3; i++) {

        EVP_DigestInit_ex(&ctx, s->ctx->sha1, NULL);

        EVP_DigestUpdate(&ctx, salt[i], strlen((const char *)salt[i]));

        EVP_DigestUpdate(&ctx, p, len);

        EVP_DigestUpdate(&ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE);

        EVP_DigestUpdate(&ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE);

        EVP_DigestFinal_ex(&ctx, buf, &n);

        EVP_DigestInit_ex(&ctx, s->ctx->md5, NULL);

        EVP_DigestUpdate(&ctx, p, len);

        EVP_DigestUpdate(&ctx, buf, n);

        EVP_DigestFinal_ex(&ctx, out, &n);

        if (EVP_DigestInit_ex(&ctx, s->ctx->sha1, NULL) <= 0

                || EVP_DigestUpdate(&ctx, salt[i],

                                    strlen((const char *)salt[i])) <= 0

                || EVP_DigestUpdate(&ctx, p, len) <= 0

                || EVP_DigestUpdate(&ctx, &(s->s3->client_random[0]),

                                    SSL3_RANDOM_SIZE) <= 0

                || EVP_DigestUpdate(&ctx, &(s->s3->server_random[0]),

                                    SSL3_RANDOM_SIZE) <= 0

                || EVP_DigestFinal_ex(&ctx, buf, &n) <= 0

                || EVP_DigestInit_ex(&ctx, s->ctx->md5, NULL) <= 0

                || EVP_DigestUpdate(&ctx, p, len) <= 0

                || EVP_DigestUpdate(&ctx, buf, n) <= 0

                || EVP_DigestFinal_ex(&ctx, out, &n) <= 0) {

            SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR);

            ret = 0;

            break;

        }

        out += n;

        ret += n;

    }

    EVP_MD_CTX_cleanup(&ctx);

#ifdef OPENSSL_SSL_TRACE_CRYPTO

    if (s->msg_callback) {

    if (ret > 0 && s->msg_callback) {

        s->msg_callback(2, s->version, TLS1_RT_CRYPTO_PREMASTER,

                        p, len, s, s->msg_callback_arg);

        s->msg_callback(2, s->version, TLS1_RT_CRYPTO_CLIENT_RANDOM,

    const EVP_PKEY_ASN1_METHOD *ameth;

    int pkey_id = 0;

    ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1);

    if (ameth) {

        EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);

    }

    if (ameth && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL,

                                         ameth) > 0) {

        return pkey_id;

    }

    return 0;

}

#else

    int pkey_id = 0;

    ameth = EVP_PKEY_asn1_find_str(&tmpeng, pkey_name, -1);

    if (ameth) {

        EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);

        if (EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL,

                                    ameth) <= 0)

            pkey_id = 0;

    }

    if (tmpeng)

        ENGINE_finish(tmpeng);