diff options
author | Matt Caswell <matt@openssl.org> | 2014-11-18 12:56:26 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2014-11-27 21:44:03 +0000 |
commit | ca88bd4112e53599c90488370a638c55fa4d33d6 (patch) | |
tree | 9208d765594f4b235998c438115631def2eb9495 /ssl | |
parent | 1e7b4891cb373027eede00cdaa312899d2386272 (diff) |
Add checks to the return value of EVP_Cipher to prevent silent encryption failure.
PR#1767
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit fe78f08d1541211566a5656395186bfbdc61b6f8)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/d1_pkt.c | 2 | ||||
-rw-r--r-- | ssl/s3_enc.c | 3 | ||||
-rw-r--r-- | ssl/s3_pkt.c | 3 |
3 files changed, 4 insertions, 4 deletions
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 657c12f975..dc5b6f40c4 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -1635,7 +1635,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, if (eivlen) wr->length += eivlen; - s->method->ssl3_enc->enc(s,1); + if(s->method->ssl3_enc->enc(s,1) < 1) goto err; /* record length after mac and block padding */ /* if (type == SSL3_RT_APPLICATION_DATA || diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 73f3e1730c..b55d0da6e8 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -556,7 +556,8 @@ int ssl3_enc(SSL *s, int send) /* otherwise, rec->length >= bs */ } - EVP_Cipher(ds,rec->data,rec->input,l); + if(EVP_Cipher(ds,rec->data,rec->input,l) < 1) + return -1; if (EVP_MD_CTX_md(s->read_hash) != NULL) mac_size = EVP_MD_CTX_size(s->read_hash); diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 3103b54619..0804d556a1 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -1040,8 +1040,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, wr->length += eivlen; } - /* ssl3_enc can only have an error on read */ - s->method->ssl3_enc->enc(s,1); + if(s->method->ssl3_enc->enc(s,1)<1) goto err; /* record length after mac and block padding */ s2n(wr->length,plen); |