diff options
| author | Matt Caswell <matt@openssl.org> | 2014-11-18 15:03:55 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2014-11-27 21:40:39 +0000 |
| commit | 81ec01b21767da5e5f0c03ad79b4d3dc9b632393 (patch) | |
| tree | d052210d73a56a894839d29e68bbabf915c902d1 | |
| parent | 4b87706d20f0a2fdf2e8f1b90256e141c487ef47 (diff) | |
Check EVP_Cipher return values for SSL2
Reviewed-by: Richard Levitte <levitte@openssl.org>
| -rw-r--r-- | ssl/s2_enc.c | 10 | ||||
| -rw-r--r-- | ssl/s2_pkt.c | 9 | ||||
| -rw-r--r-- | ssl/ssl_locl.h | 2 |
3 files changed, 15 insertions, 6 deletions
diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c index 1d08559407..95d6eef6da 100644 --- a/ssl/s2_enc.c +++ b/ssl/s2_enc.c @@ -117,8 +117,9 @@ err: /* read/writes from s->s2->mac_data using length for encrypt and * decrypt. It sets s->s2->padding and s->[rw]length - * if we are encrypting */ -void ssl2_enc(SSL *s, int send) + * if we are encrypting + * Returns 0 on error and 1 on success */ +int ssl2_enc(SSL *s, int send) { EVP_CIPHER_CTX *ds; unsigned long l; @@ -145,7 +146,10 @@ void ssl2_enc(SSL *s, int send) if (bs == 8) l=(l+7)/8*8; - EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l); + if(EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l) < 1) + return 0; + + return 1; } void ssl2_mac(SSL *s, unsigned char *md, int send) diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c index 8bb6ab8baa..acd61dc546 100644 --- a/ssl/s2_pkt.c +++ b/ssl/s2_pkt.c @@ -265,7 +265,11 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek) if ((!s->s2->clear_text) && (s->s2->rlength >= (unsigned int)mac_size)) { - ssl2_enc(s,0); + if(!ssl2_enc(s,0)) + { + SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_DECRYPTION_FAILED); + return(-1); + } s->s2->ract_data_length-=mac_size; ssl2_mac(s,mac,0); s->s2->ract_data_length-=s->s2->padding; @@ -616,7 +620,8 @@ static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len) s->s2->wact_data_length=len+p; ssl2_mac(s,s->s2->mac_data,1); s->s2->wlength+=p+mac_size; - ssl2_enc(s,1); + if(ssl2_enc(s,1) < 1) + return -1; } /* package up the header */ diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index c5de1930f4..1890ae4ad8 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1080,7 +1080,7 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len); int ssl2_enc_init(SSL *s, int client); int ssl2_generate_key_material(SSL *s); -void ssl2_enc(SSL *s,int send_data); +int ssl2_enc(SSL *s,int send_data); void ssl2_mac(SSL *s,unsigned char *mac,int send_data); const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); |