Use EVP_CIPHER_CTX_{new,free}() and HMAC_CTX_{new,free}() instead of

allocating on stack.

While here also check the return values from EVP_DecryptInit_ex() and
HMAC_Init_ex().

ok tb@

1 files changed, 29 insertions, 24 deletions

diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c
index 2bae50f5b34..3cde388d6dd 100644
--- a/lib/libssl/t1_lib.c
+++ b/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.162 2019/04/25 04:48:56 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.163 2019/04/25 04:54:35 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -875,19 +875,17 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket, SSL_SESSION **psess)
 {
 	CBS ticket_name, ticket_iv, ticket_encdata, ticket_hmac;
 	SSL_SESSION *sess = NULL;
-	size_t session_id_len = 0;
+	size_t session_id_len;
 	unsigned char *sdec = NULL;
 	const unsigned char *p;
-	int slen, hlen, renew_ticket = 0;
 	unsigned char hmac[EVP_MAX_MD_SIZE];
-	HMAC_CTX hctx;
-	EVP_CIPHER_CTX cctx;
+	HMAC_CTX *hctx = NULL;
+	EVP_CIPHER_CTX *cctx = NULL;
 	SSL_CTX *tctx = s->initial_ctx;
+	int slen, hlen;
+	int renew_ticket = 0;
 	int ret = -1;
 
-	HMAC_CTX_init(&hctx);
-	EVP_CIPHER_CTX_init(&cctx);
-
 	*psess = NULL;
 
 	if (!CBS_get_bytes(ticket, &ticket_name, 16))
@@ -896,6 +894,11 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket, SSL_SESSION **psess)
 	/*
 	 * Initialize session ticket encryption and HMAC contexts.
 	 */
+	if ((cctx = EVP_CIPHER_CTX_new()) == NULL)
+		goto err;
+	if ((hctx = HMAC_CTX_new()) == NULL)
+		goto err;
+
 	if (tctx->internal->tlsext_ticket_key_cb != NULL) {
 		int rv;
 
@@ -910,7 +913,7 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket, SSL_SESSION **psess)
 
 		if ((rv = tctx->internal->tlsext_ticket_key_cb(s,
 		    (unsigned char *)CBS_data(&ticket_name),
-		    (unsigned char *)CBS_data(ticket), &cctx, &hctx, 0)) < 0)
+		    (unsigned char *)CBS_data(ticket), cctx, hctx, 0)) < 0)
 			goto err;
 		if (rv == 0)
 			goto derr;
@@ -922,7 +925,7 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket, SSL_SESSION **psess)
 		 * the IV since its length is known.
 		 */
 		if (!CBS_get_bytes(ticket, &ticket_iv,
-		    EVP_CIPHER_CTX_iv_length(&cctx)))
+		    EVP_CIPHER_CTX_iv_length(cctx)))
 			goto derr;
 	} else {
 		/* Check that the key name matches. */
@@ -930,21 +933,23 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket, SSL_SESSION **psess)
 		    tctx->internal->tlsext_tick_key_name,
 		    sizeof(tctx->internal->tlsext_tick_key_name)))
 			goto derr;
-		HMAC_Init_ex(&hctx, tctx->internal->tlsext_tick_hmac_key,
-		    sizeof(tctx->internal->tlsext_tick_hmac_key), EVP_sha256(),
-		    NULL);
 		if (!CBS_get_bytes(ticket, &ticket_iv,
 		    EVP_CIPHER_iv_length(EVP_aes_128_cbc())))
 			goto derr;
-		EVP_DecryptInit_ex(&cctx, EVP_aes_128_cbc(), NULL,
-		    tctx->internal->tlsext_tick_aes_key, CBS_data(&ticket_iv));
+		if (!EVP_DecryptInit_ex(cctx, EVP_aes_128_cbc(), NULL,
+		    tctx->internal->tlsext_tick_aes_key, CBS_data(&ticket_iv)))
+			goto err;
+		if (!HMAC_Init_ex(hctx, tctx->internal->tlsext_tick_hmac_key,
+		    sizeof(tctx->internal->tlsext_tick_hmac_key), EVP_sha256(),
+		    NULL))
+			goto err;
 	}
 
 	/*
 	 * Attempt to process session ticket.
 	 */
 
-	if ((hlen = HMAC_size(&hctx)) < 0)
+	if ((hlen = HMAC_size(hctx)) < 0)
 		goto err;
 
 	if (hlen > CBS_len(ticket))
@@ -957,16 +962,16 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket, SSL_SESSION **psess)
 		goto err;
 
 	/* Check HMAC of encrypted ticket. */
-	if (HMAC_Update(&hctx, CBS_data(&ticket_name),
+	if (HMAC_Update(hctx, CBS_data(&ticket_name),
 	    CBS_len(&ticket_name)) <= 0)
 		goto err;
-	if (HMAC_Update(&hctx, CBS_data(&ticket_iv),
+	if (HMAC_Update(hctx, CBS_data(&ticket_iv),
 	    CBS_len(&ticket_iv)) <= 0)
 		goto err;
-	if (HMAC_Update(&hctx, CBS_data(&ticket_encdata),
+	if (HMAC_Update(hctx, CBS_data(&ticket_encdata),
 	    CBS_len(&ticket_encdata)) <= 0)
 		goto err;
-	if (HMAC_Final(&hctx, hmac, &hlen) <= 0)
+	if (HMAC_Final(hctx, hmac, &hlen) <= 0)
 		goto err;
 
 	if (!CBS_mem_equal(&ticket_hmac, hmac, hlen))
@@ -975,10 +980,10 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket, SSL_SESSION **psess)
 	/* Attempt to decrypt session data. */
 	if ((sdec = malloc(CBS_len(&ticket_encdata))) == NULL)
 		goto err;
-	if (EVP_DecryptUpdate(&cctx, sdec, &slen, CBS_data(&ticket_encdata),
+	if (EVP_DecryptUpdate(cctx, sdec, &slen, CBS_data(&ticket_encdata),
 	    CBS_len(&ticket_encdata)) <= 0)
 		goto derr;
-	if (EVP_DecryptFinal_ex(&cctx, sdec + slen, &hlen) <= 0)
+	if (EVP_DecryptFinal_ex(cctx, sdec + slen, &hlen) <= 0)
 		goto derr;
 
 	slen += hlen;
@@ -1021,8 +1026,8 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket, SSL_SESSION **psess)
 
  done:
 	free(sdec);
-	HMAC_CTX_cleanup(&hctx);
-	EVP_CIPHER_CTX_cleanup(&cctx);
+	EVP_CIPHER_CTX_free(cctx);
+	HMAC_CTX_free(hctx);
 	SSL_SESSION_free(sess);
 
 	if (ret == 2)