diff --git a/ssl/d1_enc.c b/ssl/d1_enc.c index 712c4647f..3da2b4c8c 100644 --- a/ssl/d1_enc.c +++ b/ssl/d1_enc.c @@ -241,7 +241,8 @@ int dtls1_enc(SSL *s, int send) return 0; } - EVP_Cipher(ds,rec->data,rec->input,l); + if(EVP_Cipher(ds,rec->data,rec->input,l) < 1) + return -1; #ifdef KSSL_DEBUG { diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 3615423f6..800452827 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -1511,7 +1511,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, wr->length += bs; } - s->method->ssl3_enc->enc(s,1); + if(s->method->ssl3_enc->enc(s,1) < 1) goto err; /* record length after mac and block padding */ /* if (type == SSL3_RT_APPLICATION_DATA || diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 9a494f306..2ba52c45a 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -534,7 +534,8 @@ int ssl3_enc(SSL *s, int send) /* otherwise, rec->length >= bs */ } - EVP_Cipher(ds,rec->data,rec->input,l); + if(EVP_Cipher(ds,rec->data,rec->input,l) < 1) + return -1; if (EVP_MD_CTX_md(s->read_hash) != NULL) mac_size = EVP_MD_CTX_size(s->read_hash); diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 504b468ec..92a65c38b 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -816,8 +816,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, wr->data=p; } - /* ssl3_enc can only have an error on read */ - s->method->ssl3_enc->enc(s,1); + if(s->method->ssl3_enc->enc(s,1)<1) goto err; /* record length after mac and block padding */ s2n(wr->length,plen);