X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fs3_enc.c;h=093e527da1480db557df2fc85e7bc77d26dc1427;hb=ca0a7a9a4ebe9bb0f646930262f43372fa73254c;hp=3240735fab48c2cf56450f8f5da623be39b626c0;hpb=d166ed8c11e10e9fdaeac182effb9dd318843924;p=oweals%2Fopenssl.git

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 3240735fab..093e527da1 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -61,10 +61,10 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
     EVP_MD_CTX_set_flags(m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
     for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) {
         k++;
-        if (k > sizeof buf) {
+        if (k > sizeof(buf)) {
             /* bug: 'buf' is too small for this ciphersuite */
             SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
-            return 0;
+            goto err;
         }
 
         for (j = 0; j < k; j++)
@@ -140,8 +140,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
         dd = s->enc_read_ctx;
 
         if (ssl_replace_hash(&s->read_hash, m) == NULL) {
-                SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
-                goto err2;
+            SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+            goto err2;
         }
 #ifndef OPENSSL_NO_COMP
         /* COMPRESS */
@@ -170,8 +170,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
             EVP_CIPHER_CTX_reset(s->enc_write_ctx);
         dd = s->enc_write_ctx;
         if (ssl_replace_hash(&s->write_hash, m) == NULL) {
-                SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
-                goto err2;
+            SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+            goto err2;
         }
 #ifndef OPENSSL_NO_COMP
         /* COMPRESS */
@@ -225,7 +225,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
 
     memcpy(mac_secret, ms, i);
 
-    EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE));
+    if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE)))
+        goto err2;
 
 #ifdef OPENSSL_SSL_TRACE_CRYPTO
     if (s->msg_callback) {
@@ -374,7 +375,8 @@ int ssl3_digest_cached_records(SSL *s, int keep)
     if (s->s3->handshake_dgst == NULL) {
         hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
         if (hdatalen <= 0) {
-            SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH);
+            SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS,
+                   SSL_R_BAD_HANDSHAKE_LENGTH);
             return 0;
         }
 
@@ -385,10 +387,8 @@ int ssl3_digest_cached_records(SSL *s, int keep)
         }
 
         md = ssl_handshake_md(s);
-        if (   md == NULL
-            || !EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL)
-            || !EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen))
-        {
+        if (md == NULL || !EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL)
+            || !EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen)) {
             SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_INTERNAL_ERROR);
             return 0;
         }
@@ -431,10 +431,10 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p)
     }
 
     if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0)
-            || EVP_MD_CTX_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET,
-                               s->session->master_key_length,
-                               s->session->master_key) <= 0
-            || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) {
+        || EVP_MD_CTX_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET,
+                           s->session->master_key_length,
+                           s->session->master_key) <= 0
+        || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) {
         SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_INTERNAL_ERROR);
         ret = 0;
     }
@@ -472,19 +472,18 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
     }
     for (i = 0; i < 3; i++) {
         if (EVP_DigestInit_ex(ctx, s->ctx->sha1, NULL) <= 0
-                || EVP_DigestUpdate(ctx, salt[i],
-                                    strlen((const char *)salt[i])) <= 0
-                || EVP_DigestUpdate(ctx, p, len) <= 0
-                || EVP_DigestUpdate(ctx, &(s->s3->client_random[0]),
-                                    SSL3_RANDOM_SIZE) <= 0
-                || EVP_DigestUpdate(ctx, &(s->s3->server_random[0]),
-                                    SSL3_RANDOM_SIZE) <= 0
-                || EVP_DigestFinal_ex(ctx, buf, &n) <= 0
-
-                || EVP_DigestInit_ex(ctx, s->ctx->md5, NULL) <= 0
-                || EVP_DigestUpdate(ctx, p, len) <= 0
-                || EVP_DigestUpdate(ctx, buf, n) <= 0
-                || EVP_DigestFinal_ex(ctx, out, &n) <= 0) {
+            || EVP_DigestUpdate(ctx, salt[i],
+                                strlen((const char *)salt[i])) <= 0
+            || EVP_DigestUpdate(ctx, p, len) <= 0
+            || EVP_DigestUpdate(ctx, &(s->s3->client_random[0]),
+                                SSL3_RANDOM_SIZE) <= 0
+            || EVP_DigestUpdate(ctx, &(s->s3->server_random[0]),
+                                SSL3_RANDOM_SIZE) <= 0
+            || EVP_DigestFinal_ex(ctx, buf, &n) <= 0
+            || EVP_DigestInit_ex(ctx, s->ctx->md5, NULL) <= 0
+            || EVP_DigestUpdate(ctx, p, len) <= 0
+            || EVP_DigestUpdate(ctx, buf, n) <= 0
+            || EVP_DigestFinal_ex(ctx, out, &n) <= 0) {
             SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
             ret = 0;
             break;