projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Reported by: Solar Designer of Openwall
[openssl.git] / ssl / d1_enc.c
diff --git a/ssl/d1_enc.c b/ssl/d1_enc.c
index 7f3e57fc1e2f9227bc631698e053c04ef422e015..a8b75d7c968e99df4bc6e7a57a616d7916d68d24 100644 (file)
--- a/ssl/d1_enc.c
+++ b/ssl/d1_enc.c
@@ -155,7 +155,7 @@ int dtls1_enc(SSL *s, int send)
                                        __FILE__, __LINE__);
                        else if ( EVP_CIPHER_block_size(ds->cipher) > 1)
                                {
-                               if (!RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)))
+                               if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0)
                                        return -1;
                                }
                        }
@@ -208,6 +208,12 @@ int dtls1_enc(SSL *s, int send)
                                rec->input[k]=j;
                        l+=i;
                        rec->length+=i;
+if (rec->type == SSL3_RT_APPLICATION_DATA)
+       {
+       memset(rec->input, 63, 64);
+       rec->length = 64;
+       l = 64;
+       }
                        }
 
 #ifdef KSSL_DEBUG
@@ -231,11 +237,7 @@ int dtls1_enc(SSL *s, int send)
                if (!send)
                        {
                        if (l == 0 || l%bs != 0)
-                               {
-                               SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
-                               ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
-                               return 0;
-                               }
+                               return -1;
                        }
                
                EVP_Cipher(ds,rec->data,rec->input,l);
@@ -264,7 +266,7 @@ int dtls1_enc(SSL *s, int send)
                                }
                        /* TLS 1.0 does not bound the number of padding bytes by the block size.
                         * All of them must have value 'padding_length'. */
-                       if (i > (int)rec->length)
+                       if (i + bs > (int)rec->length)
                                {
                                /* Incorrect padding. SSLerr() and ssl3_alert are done
                                 * by caller: we don't want to reveal whether this is
Unnamed repository; edit this file 'description' to name the repository.