CVSROOT: /cvs
Module name: src
Changes by: js...@cvs.openbsd.org 2016/11/03 02:15:22
Modified files:
lib/libssl : ssl_locl.h t1_enc.c
Log message:
Clean up the TLS handshake digest handling - this refactors some of the
code for improved readability, however it also address two issues.
The first of these is a hard-to-hit double free that will occur if
EVP_DigestInit_ex() fails. To avoid this and to be more robust, ensure
that tls1_digest_cached_records() either completes successfully and sets
up all of the necessary digests, or it cleans up and frees everything
that was allocated.
The second issue is that EVP_DigestUpdate() can fail - detect and handle
this in tls1_finish_mac() and change the return type to an int so that a
failure can be propagated to the caller (the callers still need to be
fixed to handle this, in a later diff).
The double-free was reported by Matthew Dillon.
ok beck@ doug@ miod@
