X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=ssl%2Fd1_enc.c;h=07a5e97ce5cda574154f7a91b3906e765a1692f7;hb=aeda172afd37e6f7b2f285b5f18a5978415cbc9b;hp=9de787e8f64b4bcba542ff4c85f13d1533d4d3b5;hpb=0eab41fb78cf4d7c76e563fd677ab6c32fc28bb0;p=openssl.git

diff --git a/ssl/d1_enc.c b/ssl/d1_enc.c
index 9de787e8f6..07a5e97ce5 100644
--- a/ssl/d1_enc.c
+++ b/ssl/d1_enc.c
@@ -115,7 +115,9 @@
 
 #include <stdio.h>
 #include "ssl_locl.h"
+#ifndef OPENSSL_NO_COMP
 #include <openssl/comp.h>
+#endif
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <openssl/md5.h>
@@ -153,7 +155,7 @@ int dtls1_enc(SSL *s, int send)
 					__FILE__, __LINE__);
 			else if ( EVP_CIPHER_block_size(ds->cipher) > 1)
 				{
-				if (!RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)))
+				if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0)
 					return -1;
 				}
 			}
@@ -229,11 +231,7 @@ int dtls1_enc(SSL *s, int send)
 		if (!send)
 			{
 			if (l == 0 || l%bs != 0)
-				{
-				SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
-				return 0;
-				}
+				return -1;
 			}
 		
 		EVP_Cipher(ds,rec->data,rec->input,l);
@@ -262,7 +260,7 @@ int dtls1_enc(SSL *s, int send)
 				}
 			/* TLS 1.0 does not bound the number of padding bytes by the block size.
 			 * All of them must have value 'padding_length'. */
-			if (i > (int)rec->length)
+			if (i + bs > (int)rec->length)
 				{
 				/* Incorrect padding. SSLerr() and ssl3_alert are done
 				 * by caller: we don't want to reveal whether this is