a1fb60
diff -up openssl-1.0.2a/crypto/evp/bio_enc.c.enc-fail openssl-1.0.2a/crypto/evp/bio_enc.c
a1fb60
--- openssl-1.0.2a/crypto/evp/bio_enc.c.enc-fail	2015-03-19 14:19:00.000000000 +0100
a1fb60
+++ openssl-1.0.2a/crypto/evp/bio_enc.c	2015-04-22 18:10:06.491819948 +0200
a1fb60
@@ -201,10 +201,14 @@ static int enc_read(BIO *b, char *out, i
a1fb60
                 break;
a1fb60
             }
a1fb60
         } else {
a1fb60
-            EVP_CipherUpdate(&(ctx->cipher),
a1fb60
-                             (unsigned char *)ctx->buf, &ctx->buf_len,
a1fb60
-                             (unsigned char *)&(ctx->buf[BUF_OFFSET]), i);
a1fb60
-            ctx->cont = 1;
a1fb60
+            if (!EVP_CipherUpdate(&(ctx->cipher),
a1fb60
+                                  (unsigned char *)ctx->buf, &ctx->buf_len,
a1fb60
+                                  (unsigned char *)&(ctx->buf[BUF_OFFSET]),
a1fb60
+                                  i)) {
a1fb60
+                ctx->ok = 0;
a1fb60
+                ctx->cont = 0;
a1fb60
+            } else
a1fb60
+                ctx->cont = 1;
a1fb60
             /*
a1fb60
              * Note: it is possible for EVP_CipherUpdate to decrypt zero
a1fb60
              * bytes because this is or looks like the final block: if this
a1fb60
@@ -260,9 +264,13 @@ static int enc_write(BIO *b, const char
a1fb60
     ctx->buf_off = 0;
a1fb60
     while (inl > 0) {
a1fb60
         n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl;
a1fb60
-        EVP_CipherUpdate(&(ctx->cipher),
a1fb60
-                         (unsigned char *)ctx->buf, &ctx->buf_len,
a1fb60
-                         (unsigned char *)in, n);
a1fb60
+        if (!EVP_CipherUpdate(&(ctx->cipher),
a1fb60
+                              (unsigned char *)ctx->buf, &ctx->buf_len,
a1fb60
+                              (unsigned char *)in, n)) {
a1fb60
+            BIO_copy_next_retry(b);
a1fb60
+            ctx->ok = 0;
a1fb60
+            return ret - inl;
a1fb60
+        }
a1fb60
         inl -= n;
a1fb60
         in += n;
a1fb60
 
a1fb60
@@ -298,8 +306,9 @@ static long enc_ctrl(BIO *b, int cmd, lo
a1fb60
     case BIO_CTRL_RESET:
a1fb60
         ctx->ok = 1;
a1fb60
         ctx->finished = 0;
a1fb60
-        EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL,
a1fb60
-                          ctx->cipher.encrypt);
a1fb60
+        if (!EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL,
a1fb60
+                               ctx->cipher.encrypt))
a1fb60
+             ctx->ok = 0;
a1fb60
         ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
a1fb60
         break;
a1fb60
     case BIO_CTRL_EOF:         /* More to read */
a1fb60
@@ -421,7 +430,8 @@ void BIO_set_cipher(BIO *b, const EVP_CI
a1fb60
 
a1fb60
     b->init = 1;
a1fb60
     ctx = (BIO_ENC_CTX *)b->ptr;
a1fb60
-    EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e);
a1fb60
+    if (!EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e))
a1fb60
+        ctx->ok = 0;
a1fb60
 
a1fb60
     if (b->callback != NULL)
a1fb60
         b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L);