Add checks to the return value of EVP_Cipher to prevent silent encryption failure.
PR#1767
Reviewed-by: Richard Levitte <levitte@openssl.org>
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index ed246a0..2952bcc 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -1632,7 +1632,7 @@
if (eivlen)
wr->length += eivlen;
- s->method->ssl3_enc->enc(s,1);
+ if(s->method->ssl3_enc->enc(s,1) < 1) goto err;
/* record length after mac and block padding */
/* if (type == SSL3_RT_APPLICATION_DATA ||
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 6b71323..63774bc 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -556,7 +556,8 @@
/* otherwise, rec->length >= bs */
}
- EVP_Cipher(ds,rec->data,rec->input,l);
+ if(EVP_Cipher(ds,rec->data,rec->input,l) < 1)
+ return -1;
if (EVP_MD_CTX_md(s->read_hash) != NULL)
mac_size = EVP_MD_CTX_size(s->read_hash);
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index ea45b86..8fedf5a 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1118,8 +1118,7 @@
wr->length += eivlen;
}
- /* ssl3_enc can only have an error on read */
- s->method->ssl3_enc->enc(s,1);
+ if(s->method->ssl3_enc->enc(s,1)<1) goto err;
if (SSL_USE_ETM(s) && mac_size != 0)
{
