From 81ec01b21767da5e5f0c03ad79b4d3dc9b632393 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 18 Nov 2014 15:03:55 +0000 Subject: [PATCH] Check EVP_Cipher return values for SSL2 Reviewed-by: Richard Levitte --- ssl/s2_enc.c | 10 +++++++--- ssl/s2_pkt.c | 9 +++++++-- ssl/ssl_locl.h | 2 +- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c index 1d08559407..95d6eef6da 100644 --- a/ssl/s2_enc.c +++ b/ssl/s2_enc.c @@ -117,8 +117,9 @@ err: /* read/writes from s->s2->mac_data using length for encrypt and * decrypt. It sets s->s2->padding and s->[rw]length - * if we are encrypting */ -void ssl2_enc(SSL *s, int send) + * if we are encrypting + * Returns 0 on error and 1 on success */ +int ssl2_enc(SSL *s, int send) { EVP_CIPHER_CTX *ds; unsigned long l; @@ -145,7 +146,10 @@ void ssl2_enc(SSL *s, int send) if (bs == 8) l=(l+7)/8*8; - EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l); + if(EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l) < 1) + return 0; + + return 1; } void ssl2_mac(SSL *s, unsigned char *md, int send) diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c index 8bb6ab8baa..acd61dc546 100644 --- a/ssl/s2_pkt.c +++ b/ssl/s2_pkt.c @@ -265,7 +265,11 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek) if ((!s->s2->clear_text) && (s->s2->rlength >= (unsigned int)mac_size)) { - ssl2_enc(s,0); + if(!ssl2_enc(s,0)) + { + SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_DECRYPTION_FAILED); + return(-1); + } s->s2->ract_data_length-=mac_size; ssl2_mac(s,mac,0); s->s2->ract_data_length-=s->s2->padding; @@ -616,7 +620,8 @@ static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len) s->s2->wact_data_length=len+p; ssl2_mac(s,s->s2->mac_data,1); s->s2->wlength+=p+mac_size; - ssl2_enc(s,1); + if(ssl2_enc(s,1) < 1) + return -1; } /* package up the header */ diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index c5de1930f4..1890ae4ad8 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1080,7 +1080,7 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len); int ssl2_enc_init(SSL *s, int client); int ssl2_generate_key_material(SSL *s); -void ssl2_enc(SSL *s,int send_data); +int ssl2_enc(SSL *s,int send_data); void ssl2_mac(SSL *s,unsigned char *mac,int send_data); const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); -- 2.25.1