Add checks to the return value of EVP_Cipher to prevent silent encryption failure.

PR#1767

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 244d0955adc027c0f41a3251e55d145bf940f9ce)
This commit is contained in:
Matt Caswell 2014-11-18 12:56:26 +00:00
parent 3b12515180
commit 6ff76b3347
4 changed files with 6 additions and 5 deletions

View File

@ -241,7 +241,8 @@ int dtls1_enc(SSL *s, int send)
return 0;
}
EVP_Cipher(ds,rec->data,rec->input,l);
if(EVP_Cipher(ds,rec->data,rec->input,l) < 1)
return -1;
#ifdef KSSL_DEBUG
{

View File

@ -1511,7 +1511,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
wr->length += bs;
}
s->method->ssl3_enc->enc(s,1);
if(s->method->ssl3_enc->enc(s,1) < 1) goto err;
/* record length after mac and block padding */
/* if (type == SSL3_RT_APPLICATION_DATA ||

View File

@ -534,7 +534,8 @@ int ssl3_enc(SSL *s, int send)
/* otherwise, rec->length >= bs */
}
EVP_Cipher(ds,rec->data,rec->input,l);
if(EVP_Cipher(ds,rec->data,rec->input,l) < 1)
return -1;
if (EVP_MD_CTX_md(s->read_hash) != NULL)
mac_size = EVP_MD_CTX_size(s->read_hash);

View File

@ -816,8 +816,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
wr->data=p;
}
/* ssl3_enc can only have an error on read */
s->method->ssl3_enc->enc(s,1);
if(s->method->ssl3_enc->enc(s,1)<1) goto err;
/* record length after mac and block padding */
s2n(wr->length,plen);