Add missing NULL check after calling EVP_PKEY_new_mac_key().

Based on Adam Langley's chromium patches.
author: jsing <jsing@openbsd.org> 2014-06-07 17:27:14 +0000
committer: jsing <jsing@openbsd.org> 2014-06-07 17:27:14 +0000
commit: 0bbf1a2a25860db766674e884603011794b4abd2 (patch)
tree: accb2f068189250aef929876cbb4b6516c107256
parent: Use !is_read to imply SSL3_CC_WRITE. (diff)
download: wireguard-openbsd-0bbf1a2a25860db766674e884603011794b4abd2.tar.xz
wireguard-openbsd-0bbf1a2a25860db766674e884603011794b4abd2.zip
2 files changed, 4 insertions, 0 deletions
diff --git a/lib/libssl/src/ssl/t1_enc.c b/lib/libssl/src/ssl/t1_enc.c
index fba582d4ad8..59c0c487efe 100644
--- a/lib/libssl/src/ssl/t1_enc.c
+++ b/lib/libssl/src/ssl/t1_enc.c
@@ -487,6 +487,8 @@ tls1_change_cipher_state(SSL *s, int which)
 	if (!(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
 		mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
 		    mac_secret, mac_secret_size);
+		if (mac_key == NULL)
+			goto err;
 		EVP_DigestSignInit(mac_ctx, NULL, mac, NULL, mac_key);
 		EVP_PKEY_free(mac_key);
 	}
diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c
index fba582d4ad8..59c0c487efe 100644
--- a/lib/libssl/t1_enc.c
+++ b/lib/libssl/t1_enc.c
@@ -487,6 +487,8 @@ tls1_change_cipher_state(SSL *s, int which)
 	if (!(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
 		mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
 		    mac_secret, mac_secret_size);
+		if (mac_key == NULL)
+			goto err;
 		EVP_DigestSignInit(mac_ctx, NULL, mac, NULL, mac_key);
 		EVP_PKEY_free(mac_key);
 	}
author	jsing <jsing@openbsd.org>	2014-06-07 17:27:14 +0000
committer	jsing <jsing@openbsd.org>	2014-06-07 17:27:14 +0000
commit	0bbf1a2a25860db766674e884603011794b4abd2 (patch)
tree	accb2f068189250aef929876cbb4b6516c107256
parent	Use !is_read to imply SSL3_CC_WRITE. (diff)
download	wireguard-openbsd-0bbf1a2a25860db766674e884603011794b4abd2.tar.xz wireguard-openbsd-0bbf1a2a25860db766674e884603011794b4abd2.zip