From: Matt Caswell Date: Tue, 18 Nov 2014 15:03:55 +0000 (+0000) Subject: Check EVP_Cipher return values for SSL2 X-Git-Tag: OpenSSL_1_0_2-pre-reformat~100 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ac3dc3ee87b14a2e3ebd1e66597f5d8baae91fef;p=openssl Check EVP_Cipher return values for SSL2 Reviewed-by: Richard Levitte (cherry picked from commit 81ec01b21767da5e5f0c03ad79b4d3dc9b632393) --- diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c index ff3395f459..a83d576605 100644 --- a/ssl/s2_enc.c +++ b/ssl/s2_enc.c @@ -117,8 +117,9 @@ err: /* read/writes from s->s2->mac_data using length for encrypt and * decrypt. It sets s->s2->padding and s->[rw]length - * if we are encrypting */ -void ssl2_enc(SSL *s, int send) + * if we are encrypting + * Returns 0 on error and 1 on success */ +int ssl2_enc(SSL *s, int send) { EVP_CIPHER_CTX *ds; unsigned long l; @@ -145,7 +146,10 @@ void ssl2_enc(SSL *s, int send) if (bs == 8) l=(l+7)/8*8; - EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l); + if(EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l) < 1) + return 0; + + return 1; } void ssl2_mac(SSL *s, unsigned char *md, int send) diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c index 8bb6ab8baa..acd61dc546 100644 --- a/ssl/s2_pkt.c +++ b/ssl/s2_pkt.c @@ -265,7 +265,11 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek) if ((!s->s2->clear_text) && (s->s2->rlength >= (unsigned int)mac_size)) { - ssl2_enc(s,0); + if(!ssl2_enc(s,0)) + { + SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_DECRYPTION_FAILED); + return(-1); + } s->s2->ract_data_length-=mac_size; ssl2_mac(s,mac,0); s->s2->ract_data_length-=s->s2->padding; @@ -616,7 +620,8 @@ static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len) s->s2->wact_data_length=len+p; ssl2_mac(s,s->s2->mac_data,1); s->s2->wlength+=p+mac_size; - ssl2_enc(s,1); + if(ssl2_enc(s,1) < 1) + return -1; } /* package up the header */ diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index ed0a1584b3..91c7605b54 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1065,7 +1065,7 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len); int ssl2_enc_init(SSL *s, int client); int ssl2_generate_key_material(SSL *s); -void ssl2_enc(SSL *s,int send_data); +int ssl2_enc(SSL *s,int send_data); void ssl2_mac(SSL *s,unsigned char *mac,int send_data); const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);