Check EVP_Cipher return values for SSL2
authorMatt Caswell <matt@openssl.org>
Tue, 18 Nov 2014 15:03:55 +0000 (15:03 +0000)
committerMatt Caswell <matt@openssl.org>
Thu, 27 Nov 2014 21:40:39 +0000 (21:40 +0000)
Reviewed-by: Richard Levitte <levitte@openssl.org>
ssl/s2_enc.c
ssl/s2_pkt.c
ssl/ssl_locl.h

index 1d0855940776b73a95bb37bd29073f891336c6d0..95d6eef6da8b7758815f4e513d5bcb8995e74218 100644 (file)
@@ -117,8 +117,9 @@ err:
 
 /* read/writes from s->s2->mac_data using length for encrypt and 
  * decrypt.  It sets s->s2->padding and s->[rw]length
- * if we are encrypting */
-void ssl2_enc(SSL *s, int send)
+ * if we are encrypting
+ * Returns 0 on error and 1 on success */
+int ssl2_enc(SSL *s, int send)
        {
        EVP_CIPHER_CTX *ds;
        unsigned long l;
@@ -145,7 +146,10 @@ void ssl2_enc(SSL *s, int send)
        if (bs == 8)
                l=(l+7)/8*8;
 
-       EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l);
+       if(EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l) < 1)
+               return 0;
+
+       return 1;
        }
 
 void ssl2_mac(SSL *s, unsigned char *md, int send)
index 8bb6ab8baa33501dcd6f0991d53ad80b3d9361aa..acd61dc546afb37c344d3d77c113b76b847528ec 100644 (file)
@@ -265,7 +265,11 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
                if ((!s->s2->clear_text) &&
                        (s->s2->rlength >= (unsigned int)mac_size))
                        {
-                       ssl2_enc(s,0);
+                       if(!ssl2_enc(s,0))
+                               {
+                               SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_DECRYPTION_FAILED);
+                               return(-1);
+                               }
                        s->s2->ract_data_length-=mac_size;
                        ssl2_mac(s,mac,0);
                        s->s2->ract_data_length-=s->s2->padding;
@@ -616,7 +620,8 @@ static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
                s->s2->wact_data_length=len+p;
                ssl2_mac(s,s->s2->mac_data,1);
                s->s2->wlength+=p+mac_size;
-               ssl2_enc(s,1);
+               if(ssl2_enc(s,1) < 1)
+                       return -1;
                }
 
        /* package up the header */
index c5de1930f403ccbee11bedce7735e5079d705a1d..1890ae4ad886918da875013fca98b6070a0577db 100644 (file)
@@ -1080,7 +1080,7 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
 
 int ssl2_enc_init(SSL *s, int client);
 int ssl2_generate_key_material(SSL *s);
-void ssl2_enc(SSL *s,int send_data);
+int ssl2_enc(SSL *s,int send_data);
 void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
 const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
 int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);