From 81ec01b21767da5e5f0c03ad79b4d3dc9b632393 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 18 Nov 2014 15:03:55 +0000
Subject: Check EVP_Cipher return values for SSL2

Reviewed-by: Richard Levitte <levitte@openssl.org>
---
 ssl/s2_enc.c   | 10 +++++++---
 ssl/s2_pkt.c   |  9 +++++++--
 ssl/ssl_locl.h |  2 +-
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c
index 1d08559407..95d6eef6da 100644
--- a/ssl/s2_enc.c
+++ b/ssl/s2_enc.c
@@ -117,8 +117,9 @@ err:
 
 /* read/writes from s->s2->mac_data using length for encrypt and 
  * decrypt.  It sets s->s2->padding and s->[rw]length
- * if we are encrypting */
-void ssl2_enc(SSL *s, int send)
+ * if we are encrypting
+ * Returns 0 on error and 1 on success */
+int ssl2_enc(SSL *s, int send)
 	{
 	EVP_CIPHER_CTX *ds;
 	unsigned long l;
@@ -145,7 +146,10 @@ void ssl2_enc(SSL *s, int send)
 	if (bs == 8)
 		l=(l+7)/8*8;
 
-	EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l);
+	if(EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l) < 1)
+		return 0;
+
+	return 1;
 	}
 
 void ssl2_mac(SSL *s, unsigned char *md, int send)
diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c
index 8bb6ab8baa..acd61dc546 100644
--- a/ssl/s2_pkt.c
+++ b/ssl/s2_pkt.c
@@ -265,7 +265,11 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
 		if ((!s->s2->clear_text) &&
 			(s->s2->rlength >= (unsigned int)mac_size))
 			{
-			ssl2_enc(s,0);
+			if(!ssl2_enc(s,0))
+				{
+				SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_DECRYPTION_FAILED);
+				return(-1);
+				}
 			s->s2->ract_data_length-=mac_size;
 			ssl2_mac(s,mac,0);
 			s->s2->ract_data_length-=s->s2->padding;
@@ -616,7 +620,8 @@ static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
 		s->s2->wact_data_length=len+p;
 		ssl2_mac(s,s->s2->mac_data,1);
 		s->s2->wlength+=p+mac_size;
-		ssl2_enc(s,1);
+		if(ssl2_enc(s,1) < 1)
+			return -1;
 		}
 
 	/* package up the header */
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index c5de1930f4..1890ae4ad8 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1080,7 +1080,7 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
 
 int ssl2_enc_init(SSL *s, int client);
 int ssl2_generate_key_material(SSL *s);
-void ssl2_enc(SSL *s,int send_data);
+int ssl2_enc(SSL *s,int send_data);
 void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
 const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
 int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
-- 
cgit v1.2.3