From 701134320a94908d8c0ac513741cab41e215a7b5 Mon Sep 17 00:00:00 2001
From: Andy Polyakov <appro@openssl.org>
Date: Fri, 14 Feb 2014 17:43:31 +0100
Subject: [PATCH] ssl/s3_pkt.c: detect RAND_bytes error in multi-block.

---
 crypto/evp/e_aes_cbc_hmac_sha1.c   | 3 ++-
 crypto/evp/e_aes_cbc_hmac_sha256.c | 3 ++-
 ssl/s3_pkt.c                       | 7 ++++---
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
index 0b6f292f62..6ece66f27a 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -212,7 +212,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
 	u64		seqnum;
 #endif
 
-	RAND_bytes((IVs=blocks[0].c),16*x4);	/* ask for IVs in bulk */
+	if (RAND_bytes((IVs=blocks[0].c),16*x4)<=0)	/* ask for IVs in bulk */
+		return 0;
 
 	ctx = (SHA1_MB_CTX *)(storage+32-((size_t)storage%32));	/* align */
 
diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
index c2c48f045c..df031cc1c0 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -208,7 +208,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
 	u64		seqnum;
 #endif
 
-	RAND_bytes((IVs=blocks[0].c),16*x4);	/* ask for IVs in bulk */
+	if (RAND_bytes((IVs=blocks[0].c),16*x4)<=0)	/* ask for IVs in bulk */
+		return 0;
 
 	ctx = (SHA256_MB_CTX *)(storage+32-((size_t)storage%32));	/* align */
 
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 93778d15a3..b9e45c74bc 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -764,9 +764,10 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
 			mb_param.inp = &buf[tot];
 			mb_param.len = nw;
 
-			EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
-				EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
-				sizeof(mb_param),&mb_param);
+			if (EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
+					EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
+					sizeof(mb_param),&mb_param)<=0)
+				return -1;
 
 			s->s3->write_sequence[7] += mb_param.interleave;
 			if (s->s3->write_sequence[7] < mb_param.interleave)
-- 
2.34.1