From 244d0955adc027c0f41a3251e55d145bf940f9ce Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 18 Nov 2014 12:56:26 +0000
Subject: Add checks to the return value of EVP_Cipher to prevent silent
 encryption failure.

PR#1767

Reviewed-by: Richard Levitte <levitte@openssl.org>
---
 ssl/s3_pkt.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'ssl/s3_pkt.c')

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 4c9285f355..d1cd752209 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -856,8 +856,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
 		wr->length += eivlen;
 		}
 
-	/* ssl3_enc can only have an error on read */
-	s->method->ssl3_enc->enc(s,1);
+	if(s->method->ssl3_enc->enc(s,1)<1) goto err;
 
 	/* record length after mac and block padding */
 	s2n(wr->length,plen);
-- 
cgit v1.2.3