In tls1_cert_verify_mac(), check the return value of EVP_MD_CTX_copy_ex()

to avoid a possible NULL function call on ctx.final(). None of the callers
currently check the return value of calls to cert_verify_mac(), however
the function already returns 0 in another case and the MAC comparison will
later fail.

Issue reported by David Ramos.

2 files changed, 10 insertions, 6 deletions

diff --git a/lib/libssl/src/ssl/t1_enc.c b/lib/libssl/src/ssl/t1_enc.c
index 6dcb2c849f1..922d44ad4e8 100644
--- a/lib/libssl/src/ssl/t1_enc.c
+++ b/lib/libssl/src/ssl/t1_enc.c
@@ -819,8 +819,8 @@ tls1_enc(SSL *s, int send)
 int
 tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
 {
-	unsigned int ret;
 	EVP_MD_CTX ctx, *d = NULL;
+	unsigned int ret;
 	int i;
 
 	if (s->s3->handshake_buffer)
@@ -834,15 +834,17 @@ tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
 			break;
 		}
 	}
-	if (!d) {
+	if (d == NULL) {
 		SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC, SSL_R_NO_REQUIRED_DIGEST);
 		return 0;
 	}
 
 	EVP_MD_CTX_init(&ctx);
-	EVP_MD_CTX_copy_ex(&ctx, d);
+	if (!EVP_MD_CTX_copy_ex(&ctx, d))
+		return 0;
 	EVP_DigestFinal_ex(&ctx, out, &ret);
 	EVP_MD_CTX_cleanup(&ctx);
+
 	return ((int)ret);
 }
 
diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c
index 6dcb2c849f1..922d44ad4e8 100644
--- a/lib/libssl/t1_enc.c
+++ b/lib/libssl/t1_enc.c
@@ -819,8 +819,8 @@ tls1_enc(SSL *s, int send)
 int
 tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
 {
-	unsigned int ret;
 	EVP_MD_CTX ctx, *d = NULL;
+	unsigned int ret;
 	int i;
 
 	if (s->s3->handshake_buffer)
@@ -834,15 +834,17 @@ tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
 			break;
 		}
 	}
-	if (!d) {
+	if (d == NULL) {
 		SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC, SSL_R_NO_REQUIRED_DIGEST);
 		return 0;
 	}
 
 	EVP_MD_CTX_init(&ctx);
-	EVP_MD_CTX_copy_ex(&ctx, d);
+	if (!EVP_MD_CTX_copy_ex(&ctx, d))
+		return 0;
 	EVP_DigestFinal_ex(&ctx, out, &ret);
 	EVP_MD_CTX_cleanup(&ctx);
+
 	return ((int)ret);
 }