Add checks to the return value of EVP_Cipher to prevent silent encryption failure.

PR#1767 Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit fe78f08d15)
2014-11-18 12:56:26 +00:00
parent 1e7b4891cb
commit ca88bd4112
3 changed files with 4 additions and 4 deletions
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -556,7 +556,8 @@ int ssl3_enc(SSL *s, int send)
 			/* otherwise, rec->length >= bs */
 			}
 		
-		EVP_Cipher(ds,rec->data,rec->input,l);
+		if(EVP_Cipher(ds,rec->data,rec->input,l) < 1)
+			return -1;

 		if (EVP_MD_CTX_md(s->read_hash) != NULL)
 			mac_size = EVP_MD_CTX_size(s->read_hash);