diff options
author | slontis <shane.lontis@oracle.com> | 2022-07-12 14:28:37 +1000 |
---|---|---|
committer | Hugo Landau <hlandau@openssl.org> | 2022-07-13 08:01:55 +0100 |
commit | b740012f77aed97cb4b3cd8a4f1fb2f668542795 (patch) | |
tree | b264216f804e093794d66315badda973dba66804 /ssl/statem | |
parent | a2db4e6cd6478c3ae633d9919d0a88f1eb5678f7 (diff) | |
download | openssl-b740012f77aed97cb4b3cd8a4f1fb2f668542795.tar.gz |
Check for EVP_MD being NULL inside ssl.
Fix multiple places that could potentially segfault if memory
allocations fail. e.g. ssl_load_ciphers() could fail while calling
ssl_evp_md_fetch().
Found by #18355
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18784)
Diffstat (limited to 'ssl/statem')
-rw-r--r-- | ssl/statem/extensions_srvr.c | 4 | ||||
-rw-r--r-- | ssl/statem/statem_clnt.c | 6 |
2 files changed, 8 insertions, 2 deletions
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index c9810520a6..6100362d6e 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -1156,6 +1156,10 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } md = ssl_md(s->ctx, sess->cipher->algorithm2); + if (md == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + goto err; + } if (!EVP_MD_is_a(md, EVP_MD_get0_name(ssl_md(s->ctx, s->s3.tmp.new_cipher->algorithm2)))) { diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 1f089603d2..06e390fd09 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1346,12 +1346,14 @@ static int set_client_ciphersuite(SSL *s, const unsigned char *cipherchars) s->session->cipher_id = s->session->cipher->id; if (s->hit && (s->session->cipher_id != c->id)) { if (SSL_IS_TLS13(s)) { + const EVP_MD *md = ssl_md(s->ctx, c->algorithm2); + /* * In TLSv1.3 it is valid for the server to select a different * ciphersuite as long as the hash is the same. */ - if (ssl_md(s->ctx, c->algorithm2) - != ssl_md(s->ctx, s->session->cipher->algorithm2)) { + if (md == NULL + || md != ssl_md(s->ctx, s->session->cipher->algorithm2)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED); return 0; |