Check EVP_Cipher return values for SSL2

[openssl.git] / ssl / s3_enc.c

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 13ebfc6996f48c968c81113abd14f668a60b3ebe..63774bcc8746d078e2b6c25b7cfe21b4a2bb33a7 100644 (file)
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -140,7 +140,7 @@
 #include <openssl/evp.h>
 #include <openssl/md5.h>
 
-static unsigned char ssl3_pad_1[48]={
+static const unsigned char ssl3_pad_1[48]={
        0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
        0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
        0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
@@ -148,7 +148,7 @@ static unsigned char ssl3_pad_1[48]={
        0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
        0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36 };
 
-static unsigned char ssl3_pad_2[48]={
+static const unsigned char ssl3_pad_2[48]={
        0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
        0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
        0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
@@ -418,7 +418,7 @@ int ssl3_setup_key_block(SSL *s)
        if (s->s3->tmp.key_block_length != 0)
                return(1);
 
-       if (!ssl_cipher_get_evp(s->session,&c,&hash,NULL,NULL,&comp))
+       if (!ssl_cipher_get_evp(s->session,&c,&hash,NULL,NULL,&comp, 0))
                {
                SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
                return(0);
@@ -487,6 +487,15 @@ void ssl3_cleanup_key_block(SSL *s)
        s->s3->tmp.key_block_length=0;
        }
 
+/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
+ *
+ * Returns:
+ *   0: (in non-constant time) if the record is publically invalid (i.e. too
+ *       short etc).
+ *   1: if the record's padding is valid / the encryption was successful.
+ *   -1: if the record's padding is invalid or, if sending, an internal error
+ *       occurred.
+ */
 int ssl3_enc(SSL *s, int send)
        {
        SSL3_RECORD *rec;
@@ -543,17 +552,12 @@ int ssl3_enc(SSL *s, int send)
                if (!send)
                        {
                        if (l == 0 || l%bs != 0)
-                               {
-                               SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
-                               ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
                                return 0;
-                               }
                        /* otherwise, rec->length >= bs */
                        }
                
-               EVP_Cipher(ds,rec->data,rec->input,l);
-
-               rec->orig_len = rec->length;
+               if(EVP_Cipher(ds,rec->data,rec->input,l) < 1)
+                       return -1;
 
                if (EVP_MD_CTX_md(s->read_hash) != NULL)
                        mac_size = EVP_MD_CTX_size(s->read_hash);
@@ -660,10 +664,18 @@ int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p)
 int ssl3_final_finish_mac(SSL *s, 
             const char *sender, int len, unsigned char *p)
        {
-       int ret;
+       int ret, sha1len;
        ret=ssl3_handshake_mac(s,NID_md5,sender,len,p);
+       if(ret == 0)
+               return 0;
+
        p+=ret;
-       ret+=ssl3_handshake_mac(s,NID_sha1,sender,len,p);
+
+       sha1len=ssl3_handshake_mac(s,NID_sha1,sender,len,p);
+       if(sha1len == 0)
+               return 0;
+
+       ret+=sha1len;
        return(ret);
        }
 static int ssl3_handshake_mac(SSL *s, int md_nid,
@@ -926,7 +938,7 @@ int ssl3_alert_code(int code)
        case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(SSL3_AD_HANDSHAKE_FAILURE);
        case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(SSL3_AD_HANDSHAKE_FAILURE);
        case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
+       case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK);
        default:                        return(-1);
                }
        }
-