From c65d0191d02962449a29c3b28ea31960e799bf91 Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Tue, 14 Aug 2018 16:19:06 +0000
Subject: [PATCH] Actually check the return values for EVP_Sign* and
 EVP_Verify*.

ok bcook@ beck@ tb@
---
 lib/libssl/ssl_clnt.c | 20 ++++++++++++--------
 lib/libssl/ssl_srvr.c | 18 +++++++++++-------
 2 files changed, 23 insertions(+), 15 deletions(-)

diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index f9cdd8657ad..dcd4da3634c 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.27 2018/08/10 17:52:35 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.28 2018/08/14 16:19:06 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1553,13 +1553,17 @@ ssl3_get_server_key_exchange(SSL *s)
 			goto f_err;
 		}
 
-		EVP_VerifyInit_ex(&md_ctx, md, NULL);
-		EVP_VerifyUpdate(&md_ctx, s->s3->client_random,
-		    SSL3_RANDOM_SIZE);
-		EVP_VerifyUpdate(&md_ctx, s->s3->server_random,
-		    SSL3_RANDOM_SIZE);
-		EVP_VerifyUpdate(&md_ctx, param, param_len);
-		if (EVP_VerifyFinal(&md_ctx, p,(int)n, pkey) <= 0) {
+		if (!EVP_VerifyInit_ex(&md_ctx, md, NULL))
+			goto err;
+		if (!EVP_VerifyUpdate(&md_ctx, s->s3->client_random,
+		    SSL3_RANDOM_SIZE))
+			goto err;
+		if (!EVP_VerifyUpdate(&md_ctx, s->s3->server_random,
+		    SSL3_RANDOM_SIZE))
+			goto err;
+		if (!EVP_VerifyUpdate(&md_ctx, param, param_len))
+			goto err;
+		if (EVP_VerifyFinal(&md_ctx, p, (int)n, pkey) <= 0) {
 			/* bad signature */
 			al = SSL_AD_DECRYPT_ERROR;
 			SSLerror(s, SSL_R_BAD_SIGNATURE);
diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c
index 3d20f0f900c..176a00fb758 100644
--- a/lib/libssl/ssl_srvr.c
+++ b/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.36 2018/08/10 17:44:16 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.37 2018/08/14 16:19:06 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1589,12 +1589,16 @@ ssl3_send_server_key_exchange(SSL *s)
 				}
 				p += 2;
 			}
-			EVP_SignInit_ex(&md_ctx, md, NULL);
-			EVP_SignUpdate(&md_ctx, s->s3->client_random,
-			    SSL3_RANDOM_SIZE);
-			EVP_SignUpdate(&md_ctx, s->s3->server_random,
-			    SSL3_RANDOM_SIZE);
-			EVP_SignUpdate(&md_ctx, d, n);
+			if (!EVP_SignInit_ex(&md_ctx, md, NULL))
+				goto err;
+			if (!EVP_SignUpdate(&md_ctx, s->s3->client_random,
+			    SSL3_RANDOM_SIZE))
+				goto err;
+			if (!EVP_SignUpdate(&md_ctx, s->s3->server_random,
+			    SSL3_RANDOM_SIZE))
+				goto err;
+			if (!EVP_SignUpdate(&md_ctx, d, n))
+				goto err;
 			if (!EVP_SignFinal(&md_ctx, &p[2], (unsigned int *)&i,
 			    pkey)) {
 				SSLerror(s, ERR_R_EVP_LIB);
-- 
2.20.1