generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add checks to the return value of EVP_Cipher to prevent silent encryption failure.

Browse Source 
PR#1767

Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Matt Caswell 2014-11-18 12:56:26 +00:00
parent fc3968a25c
commit fe78f08d15
3 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/d1_pkt.c
View File

@ -1632,7 +1632,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
if (eivlen) if (eivlen)
wr->length += eivlen; wr->length += eivlen;
s->method->ssl3_enc->enc(s,1); if(s->method->ssl3_enc->enc(s,1) < 1) goto err;
/* record length after mac and block padding */ /* record length after mac and block padding */
/* if (type == SSL3_RT_APPLICATION_DATA || /* if (type == SSL3_RT_APPLICATION_DATA ||

3
ssl/s3_enc.c
View File

@ -556,7 +556,8 @@ int ssl3_enc(SSL *s, int send)
/* otherwise, rec->length >= bs */ /* otherwise, rec->length >= bs */
} }
EVP_Cipher(ds,rec->data,rec->input,l); if(EVP_Cipher(ds,rec->data,rec->input,l) < 1)
return -1;
if (EVP_MD_CTX_md(s->read_hash) != NULL) if (EVP_MD_CTX_md(s->read_hash) != NULL)
mac_size = EVP_MD_CTX_size(s->read_hash); mac_size = EVP_MD_CTX_size(s->read_hash);

3
ssl/s3_pkt.c
View File

@ -1118,8 +1118,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
wr->length += eivlen; wr->length += eivlen;
} }
/* ssl3_enc can only have an error on read */ if(s->method->ssl3_enc->enc(s,1)<1) goto err;
s->method->ssl3_enc->enc(s,1);
if (SSL_USE_ETM(s) && mac_size != 0) if (SSL_USE_ETM(s) && mac_size != 0)
{ {