X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fd1_enc.c;h=07a5e97ce5cda574154f7a91b3906e765a1692f7;hp=cbff7495c502a45c91f27db3d9268bb849329dba;hb=becfdb995baa14d1db3ebed7991545a15d6040d1;hpb=8c5a2bd6bb9a8c2bb3e1b63c03e57bb1115275d1 diff --git a/ssl/d1_enc.c b/ssl/d1_enc.c index cbff7495c5..07a5e97ce5 100644 --- a/ssl/d1_enc.c +++ b/ssl/d1_enc.c @@ -115,12 +115,16 @@ #include #include "ssl_locl.h" +#ifndef OPENSSL_NO_COMP #include +#endif #include #include #include #include - +#ifdef KSSL_DEBUG +#include +#endif int dtls1_enc(SSL *s, int send) { @@ -132,8 +136,12 @@ int dtls1_enc(SSL *s, int send) if (send) { - if (s->write_hash != NULL) - n=EVP_MD_size(s->write_hash); + if (EVP_MD_CTX_md(s->write_hash)) + { + n=EVP_MD_CTX_size(s->write_hash); + if (n < 0) + return -1; + } ds=s->enc_write_ctx; rec= &(s->s3->wrec); if (s->enc_write_ctx == NULL) @@ -147,15 +155,19 @@ int dtls1_enc(SSL *s, int send) __FILE__, __LINE__); else if ( EVP_CIPHER_block_size(ds->cipher) > 1) { - if (!RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher))) + if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0) return -1; } } } else { - if (s->read_hash != NULL) - n=EVP_MD_size(s->read_hash); + if (EVP_MD_CTX_md(s->read_hash)) + { + n=EVP_MD_CTX_size(s->read_hash); + if (n < 0) + return -1; + } ds=s->enc_read_ctx; rec= &(s->s3->rrec); if (s->enc_read_ctx == NULL) @@ -219,11 +231,7 @@ int dtls1_enc(SSL *s, int send) if (!send) { if (l == 0 || l%bs != 0) - { - SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); - return 0; - } + return -1; } EVP_Cipher(ds,rec->data,rec->input,l); @@ -252,7 +260,7 @@ int dtls1_enc(SSL *s, int send) } /* TLS 1.0 does not bound the number of padding bytes by the block size. * All of them must have value 'padding_length'. */ - if (i > (int)rec->length) + if (i + bs > (int)rec->length) { /* Incorrect padding. SSLerr() and ssl3_alert are done * by caller: we don't want to reveal whether this is