ssl/s3_pkt.c: detect RAND_bytes error in multi-block.

(cherry picked from commit 701134320a94908d8c0ac513741cab41e215a7b5)

2 files changed, 4 insertions, 2 deletions

diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
index 0b6f292f62..6ece66f27a 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -212,7 +212,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
 	u64		seqnum;
 #endif
 
-	RAND_bytes((IVs=blocks[0].c),16*x4);	/* ask for IVs in bulk */
+	if (RAND_bytes((IVs=blocks[0].c),16*x4)<=0)	/* ask for IVs in bulk */
+		return 0;
 
 	ctx = (SHA1_MB_CTX *)(storage+32-((size_t)storage%32));	/* align */
 
diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
index c2c48f045c..df031cc1c0 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -208,7 +208,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
 	u64		seqnum;
 #endif
 
-	RAND_bytes((IVs=blocks[0].c),16*x4);	/* ask for IVs in bulk */
+	if (RAND_bytes((IVs=blocks[0].c),16*x4)<=0)	/* ask for IVs in bulk */
+		return 0;
 
 	ctx = (SHA256_MB_CTX *)(storage+32-((size_t)storage%32));	/* align */