[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Thu May 26 15:53:07 UTC 2016

The branch OpenSSL_1_0_2-stable has been updated
       via  8e0a94a58a4382296b6c2ba6d7381c48e24e26cd (commit)
       via  ada5de7ca1deae28713303319694806214dfa7d9 (commit)
      from  649af484c8a15ad916c101aba86c7529dac7eccb (commit)


- Log -----------------------------------------------------------------
commit 8e0a94a58a4382296b6c2ba6d7381c48e24e26cd
Author: Matt Caswell <matt at openssl.org>
Date:   Thu May 26 15:54:48 2016 +0100

    Check for malloc failure in EVP_PKEY_keygen()
    
    After a call to EVP_PKEY_new() we should check for malloc failure.
    
    RT#4180
    
    Reviewed-by: Stephen Henson <steve at openssl.org>

commit ada5de7ca1deae28713303319694806214dfa7d9
Author: Matt Caswell <matt at openssl.org>
Date:   Thu May 26 15:45:14 2016 +0100

    The ssl3_digest_cached_records() function does not handle errors properly
    
    The ssl3_digest_cached_records() function was failing to handle errors
    that might be returned from EVP_DigestSignInit() and
    EVP_DigestSignUpdate().
    
    RT#4180
    
    Reviewed-by: Stephen Henson <steve at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/pmeth_gn.c | 4 +++-
 ssl/s3_enc.c          | 8 ++++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c
index 6435f1b..6a4d357 100644
--- a/crypto/evp/pmeth_gn.c
+++ b/crypto/evp/pmeth_gn.c
@@ -149,8 +149,10 @@ int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
     if (!ppkey)
         return -1;
 
-    if (!*ppkey)
+    if (*ppkey == NULL)
         *ppkey = EVP_PKEY_new();
+    if (*ppkey == NULL)
+        return -1;
 
     ret = ctx->pmeth->keygen(ctx, *ppkey);
     if (ret <= 0) {
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 47a0ec9..b9fc0c7 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -624,8 +624,12 @@ int ssl3_digest_cached_records(SSL *s)
                                      EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
             }
 #endif
-            EVP_DigestInit_ex(s->s3->handshake_dgst[i], md, NULL);
-            EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata, hdatalen);
+            if (!EVP_DigestInit_ex(s->s3->handshake_dgst[i], md, NULL)
+                || !EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata,
+                                     hdatalen)) {
+                SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
         } else {
             s->s3->handshake_dgst[i] = NULL;
         }
