openssl/openssl-1.0.1e-enc-fail.patch
Tomas Mraz 477d4a1758 properly detect encryption failure in BIO
- use 2048 bit RSA key in FIPS selftests
2014-03-17 17:22:08 +01:00

40 lines
1.2 KiB
Diff

diff -up openssl-1.0.1e/crypto/evp/bio_enc.c.enc-fail openssl-1.0.1e/crypto/evp/bio_enc.c
--- openssl-1.0.1e/crypto/evp/bio_enc.c.enc-fail 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/crypto/evp/bio_enc.c 2014-03-04 15:21:12.185821738 +0100
@@ -198,10 +198,15 @@ static int enc_read(BIO *b, char *out, i
}
else
{
- EVP_CipherUpdate(&(ctx->cipher),
+ if (!EVP_CipherUpdate(&(ctx->cipher),
(unsigned char *)ctx->buf,&ctx->buf_len,
- (unsigned char *)&(ctx->buf[BUF_OFFSET]),i);
- ctx->cont=1;
+ (unsigned char *)&(ctx->buf[BUF_OFFSET]),i))
+ {
+ ctx->ok = 0;
+ ctx->cont = 0;
+ }
+ else
+ ctx->cont=1;
/* Note: it is possible for EVP_CipherUpdate to
* decrypt zero bytes because this is or looks like
* the final block: if this happens we should retry
@@ -257,9 +262,14 @@ static int enc_write(BIO *b, const char
while (inl > 0)
{
n=(inl > ENC_BLOCK_SIZE)?ENC_BLOCK_SIZE:inl;
- EVP_CipherUpdate(&(ctx->cipher),
+ if (!EVP_CipherUpdate(&(ctx->cipher),
(unsigned char *)ctx->buf,&ctx->buf_len,
- (unsigned char *)in,n);
+ (unsigned char *)in,n))
+ {
+ BIO_copy_next_retry(b);
+ ctx->ok = 0;
+ return ret - inl;
+ }
inl-=n;
in+=n;