diff options
| author | Matt Caswell <matt@openssl.org> | 2014-11-18 15:03:55 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2014-11-27 21:58:32 +0000 |
| commit | dcf7a2dc4a98c1ccb77137d07fbf0c43fa10e0f8 (patch) | |
| tree | 286350d2ec88805055fe7c4dc1a49c0d24c589ed /ssl | |
| parent | 6ff76b334786a9e356ee1c731b2f233f4470f6e6 (diff) | |
Check EVP_Cipher return values for SSL2
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 5fc8bb6ab71b5f7ce2dd67a47494bb5b5c6dc374)
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/s2_enc.c | 10 | ||||
| -rw-r--r-- | ssl/s2_pkt.c | 9 | ||||
| -rw-r--r-- | ssl/ssl_locl.h | 2 |
3 files changed, 15 insertions, 6 deletions
diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c index ff3395f459..a83d576605 100644 --- a/ssl/s2_enc.c +++ b/ssl/s2_enc.c @@ -117,8 +117,9 @@ err: /* read/writes from s->s2->mac_data using length for encrypt and * decrypt. It sets s->s2->padding and s->[rw]length - * if we are encrypting */ -void ssl2_enc(SSL *s, int send) + * if we are encrypting + * Returns 0 on error and 1 on success */ +int ssl2_enc(SSL *s, int send) { EVP_CIPHER_CTX *ds; unsigned long l; @@ -145,7 +146,10 @@ void ssl2_enc(SSL *s, int send) if (bs == 8) l=(l+7)/8*8; - EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l); + if(EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l) < 1) + return 0; + + return 1; } void ssl2_mac(SSL *s, unsigned char *md, int send) diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c index 8bb6ab8baa..acd61dc546 100644 --- a/ssl/s2_pkt.c +++ b/ssl/s2_pkt.c @@ -265,7 +265,11 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek) if ((!s->s2->clear_text) && (s->s2->rlength >= (unsigned int)mac_size)) { - ssl2_enc(s,0); + if(!ssl2_enc(s,0)) + { + SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_DECRYPTION_FAILED); + return(-1); + } s->s2->ract_data_length-=mac_size; ssl2_mac(s,mac,0); s->s2->ract_data_length-=s->s2->padding; @@ -616,7 +620,8 @@ static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len) s->s2->wact_data_length=len+p; ssl2_mac(s,s->s2->mac_data,1); s->s2->wlength+=p+mac_size; - ssl2_enc(s,1); + if(ssl2_enc(s,1) < 1) + return -1; } /* package up the header */ diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index cdf9385692..a12b08faba 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -830,7 +830,7 @@ void ssl_load_ciphers(void); int ssl2_enc_init(SSL *s, int client); int ssl2_generate_key_material(SSL *s); -void ssl2_enc(SSL *s,int send_data); +int ssl2_enc(SSL *s,int send_data); void ssl2_mac(SSL *s,unsigned char *mac,int send_data); const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); |