Add checks to the return value of EVP_Cipher to prevent silent encryption failure.

PR#1767 Reviewed-by: N Richard Levitte <levitte@openssl.org>

Add checks to the return value of EVP_Cipher to prevent silent encryption failure.
PR#1767 Reviewed-by: N Richard Levitte <levitte@openssl.org>
fe78f08d · Matt Caswell · fc3968a2 · fe78f08d · fe78f08d · fe78f08d
隐藏空白更改
内联并排

Showing with 4 addition and 4 deletion

ssl/d1_pkt.c ssl/d1_pkt.c +1 -1

ssl/s3_enc.c ssl/s3_enc.c +2 -1

ssl/s3_pkt.c ssl/s3_pkt.c +1 -2

未找到文件。
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -1632,7 +1632,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
 	if (eivlen)
 		wr->length += eivlen;

-	s->method->ssl3_enc->enc(s,1);
+	if(s->method->ssl3_enc->enc(s,1) < 1) goto err;

 	/* record length after mac and block padding */
 /*	if (type == SSL3_RT_APPLICATION_DATA ||

--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -556,7 +556,8 @@ int ssl3_enc(SSL *s, int send)
 			/* otherwise, rec->length >= bs */
 			}
 		
-		EVP_Cipher(ds,rec->data,rec->input,l);
+		if(EVP_Cipher(ds,rec->data,rec->input,l) < 1)
+			return -1;

 		if (EVP_MD_CTX_md(s->read_hash) != NULL)
 			mac_size = EVP_MD_CTX_size(s->read_hash);

--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1118,8 +1118,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
 		wr->length += eivlen;
 		}

-	/* ssl3_enc can only have an error on read */
-	s->method->ssl3_enc->enc(s,1);
+	if(s->method->ssl3_enc->enc(s,1)<1) goto err;

 	if (SSL_USE_ETM(s) && mac_size != 0)
 		{