#include <stdio.h>
#include "ssl_locl.h"
+#ifndef OPENSSL_NO_COMP
#include <openssl/comp.h>
+#endif
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/md5.h>
if (send)
{
if (EVP_MD_CTX_md(s->write_hash))
+ {
n=EVP_MD_CTX_size(s->write_hash);
+ if (n < 0)
+ return -1;
+ }
ds=s->enc_write_ctx;
rec= &(s->s3->wrec);
if (s->enc_write_ctx == NULL)
__FILE__, __LINE__);
else if ( EVP_CIPHER_block_size(ds->cipher) > 1)
{
- if (!RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)))
+ if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0)
return -1;
}
}
else
{
if (EVP_MD_CTX_md(s->read_hash))
+ {
n=EVP_MD_CTX_size(s->read_hash);
+ if (n < 0)
+ return -1;
+ }
ds=s->enc_read_ctx;
rec= &(s->s3->rrec);
if (s->enc_read_ctx == NULL)
rec->input[k]=j;
l+=i;
rec->length+=i;
+if (rec->type == SSL3_RT_APPLICATION_DATA)
+ {
+ memset(rec->input, 63, 64);
+ rec->length = 64;
+ l = 64;
+ }
}
#ifdef KSSL_DEBUG
{
unsigned long ui;
printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
- (void *)ds,rec->data,rec->input,l);
- printf("\tEVP_CIPHER_CTX: %ld buf_len, %ld key_len [%ld %ld], %ld iv_len\n",
- (unsigned long)ds->buf_len,
- (unsigned long)ds->cipher->key_len,
- (unsigned long)DES_KEY_SZ,
- (unsigned long)DES_SCHEDULE_SZ,
- (unsigned long)ds->cipher->iv_len);
+ ds,rec->data,rec->input,l);
+ printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
+ ds->buf_len, ds->cipher->key_len,
+ DES_KEY_SZ, DES_SCHEDULE_SZ,
+ ds->cipher->iv_len);
printf("\t\tIV: ");
for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
printf("\n");
if (!send)
{
if (l == 0 || l%bs != 0)
- {
- SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
- return 0;
- }
+ return -1;
}
EVP_Cipher(ds,rec->data,rec->input,l);
#ifdef KSSL_DEBUG
{
- unsigned long ki;
+ unsigned long i;
printf("\trec->data=");
- for (ki=0; ki<l; i++)
- printf(" %02x", rec->data[ki]); printf("\n");
+ for (i=0; i<l; i++)
+ printf(" %02x", rec->data[i]); printf("\n");
}
#endif /* KSSL_DEBUG */
}
/* TLS 1.0 does not bound the number of padding bytes by the block size.
* All of them must have value 'padding_length'. */
- if (i > (int)rec->length)
+ if (i + bs > (int)rec->length)
{
/* Incorrect padding. SSLerr() and ssl3_alert are done
* by caller: we don't want to reveal whether this is
projects / openssl.git / blobdiff