ssl/s3_pkt.c: detect RAND_bytes error in multi-block.
authorAndy Polyakov <appro@openssl.org>
Fri, 14 Feb 2014 16:43:31 +0000 (17:43 +0100)
committerAndy Polyakov <appro@openssl.org>
Fri, 14 Feb 2014 16:43:31 +0000 (17:43 +0100)
crypto/evp/e_aes_cbc_hmac_sha1.c
crypto/evp/e_aes_cbc_hmac_sha256.c
ssl/s3_pkt.c

index 0b6f292..6ece66f 100644 (file)
@@ -212,7 +212,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
        u64             seqnum;
 #endif
 
-       RAND_bytes((IVs=blocks[0].c),16*x4);    /* ask for IVs in bulk */
+       if (RAND_bytes((IVs=blocks[0].c),16*x4)<=0)     /* ask for IVs in bulk */
+               return 0;
 
        ctx = (SHA1_MB_CTX *)(storage+32-((size_t)storage%32)); /* align */
 
index c2c48f0..df031cc 100644 (file)
@@ -208,7 +208,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
        u64             seqnum;
 #endif
 
-       RAND_bytes((IVs=blocks[0].c),16*x4);    /* ask for IVs in bulk */
+       if (RAND_bytes((IVs=blocks[0].c),16*x4)<=0)     /* ask for IVs in bulk */
+               return 0;
 
        ctx = (SHA256_MB_CTX *)(storage+32-((size_t)storage%32));       /* align */
 
index 93778d1..b9e45c7 100644 (file)
@@ -764,9 +764,10 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
                        mb_param.inp = &buf[tot];
                        mb_param.len = nw;
 
-                       EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
-                               EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
-                               sizeof(mb_param),&mb_param);
+                       if (EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
+                                       EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
+                                       sizeof(mb_param),&mb_param)<=0)
+                               return -1;
 
                        s->s3->write_sequence[7] += mb_param.interleave;
                        if (s->s3->write_sequence[7] < mb_param.interleave)