Check EVP_Cipher return values for SSL2

Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Matt Caswell 2014-11-18 15:03:55 +00:00
parent 4b87706d20
commit 81ec01b217
3 changed files with 15 additions and 6 deletions

View file

@ -117,8 +117,9 @@ err:
/* read/writes from s->s2->mac_data using length for encrypt and
* decrypt. It sets s->s2->padding and s->[rw]length
* if we are encrypting */
void ssl2_enc(SSL *s, int send)
* if we are encrypting
* Returns 0 on error and 1 on success */
int ssl2_enc(SSL *s, int send)
{
EVP_CIPHER_CTX *ds;
unsigned long l;
@ -145,7 +146,10 @@ void ssl2_enc(SSL *s, int send)
if (bs == 8)
l=(l+7)/8*8;
EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l);
if(EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l) < 1)
return 0;
return 1;
}
void ssl2_mac(SSL *s, unsigned char *md, int send)

View file

@ -265,7 +265,11 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
if ((!s->s2->clear_text) &&
(s->s2->rlength >= (unsigned int)mac_size))
{
ssl2_enc(s,0);
if(!ssl2_enc(s,0))
{
SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_DECRYPTION_FAILED);
return(-1);
}
s->s2->ract_data_length-=mac_size;
ssl2_mac(s,mac,0);
s->s2->ract_data_length-=s->s2->padding;
@ -616,7 +620,8 @@ static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
s->s2->wact_data_length=len+p;
ssl2_mac(s,s->s2->mac_data,1);
s->s2->wlength+=p+mac_size;
ssl2_enc(s,1);
if(ssl2_enc(s,1) < 1)
return -1;
}
/* package up the header */

View file

@ -1080,7 +1080,7 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
int ssl2_enc_init(SSL *s, int client);
int ssl2_generate_key_material(SSL *s);
void ssl2_enc(SSL *s,int send_data);
int ssl2_enc(SSL *s,int send_data);
void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);