Check EVP_Cipher return values for SSL2

[openssl.git] / ssl / s3_enc.c

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 6c103a042fcbb6f2eb5f67e9113e37fdd4042ad6..63774bcc8746d078e2b6c25b7cfe21b4a2bb33a7 100644 (file)
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -140,7 +140,7 @@
 #include <openssl/evp.h>
 #include <openssl/md5.h>
 
-static unsigned char ssl3_pad_1[48]={
+static const unsigned char ssl3_pad_1[48]={
        0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
        0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
        0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
@@ -148,7 +148,7 @@ static unsigned char ssl3_pad_1[48]={
        0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
        0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36 };
 
-static unsigned char ssl3_pad_2[48]={
+static const unsigned char ssl3_pad_2[48]={
        0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
        0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
        0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
@@ -556,7 +556,8 @@ int ssl3_enc(SSL *s, int send)
                        /* otherwise, rec->length >= bs */
                        }
                
-               EVP_Cipher(ds,rec->data,rec->input,l);
+               if(EVP_Cipher(ds,rec->data,rec->input,l) < 1)
+                       return -1;
 
                if (EVP_MD_CTX_md(s->read_hash) != NULL)
                        mac_size = EVP_MD_CTX_size(s->read_hash);
@@ -937,7 +938,7 @@ int ssl3_alert_code(int code)
        case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(SSL3_AD_HANDSHAKE_FAILURE);
        case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(SSL3_AD_HANDSHAKE_FAILURE);
        case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
+       case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK);
        default:                        return(-1);
                }
        }
-