diff -up openssl-1.0.2a/crypto/evp/bio_enc.c.enc-fail openssl-1.0.2a/crypto/evp/bio_enc.c
--- openssl-1.0.2a/crypto/evp/bio_enc.c.enc-fail 2015-03-19 14:19:00.000000000 +0100
+++ openssl-1.0.2a/crypto/evp/bio_enc.c 2015-04-22 18:10:06.491819948 +0200
@@ -201,10 +201,14 @@ static int enc_read(BIO *b, char *out, i
break;
}
} else {
- EVP_CipherUpdate(&(ctx->cipher),
- (unsigned char *)ctx->buf, &ctx->buf_len,
- (unsigned char *)&(ctx->buf[BUF_OFFSET]), i);
- ctx->cont = 1;
+ if (!EVP_CipherUpdate(&(ctx->cipher),
+ (unsigned char *)ctx->buf, &ctx->buf_len,
+ (unsigned char *)&(ctx->buf[BUF_OFFSET]),
+ i)) {
+ ctx->ok = 0;
+ ctx->cont = 0;
+ } else
+ ctx->cont = 1;
/*
* Note: it is possible for EVP_CipherUpdate to decrypt zero
* bytes because this is or looks like the final block: if this
@@ -260,9 +264,13 @@ static int enc_write(BIO *b, const char
ctx->buf_off = 0;
while (inl > 0) {
n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl;
- EVP_CipherUpdate(&(ctx->cipher),
- (unsigned char *)ctx->buf, &ctx->buf_len,
- (unsigned char *)in, n);
+ if (!EVP_CipherUpdate(&(ctx->cipher),
+ (unsigned char *)ctx->buf, &ctx->buf_len,
+ (unsigned char *)in, n)) {
+ BIO_copy_next_retry(b);
+ ctx->ok = 0;
+ return ret - inl;
+ }
inl -= n;
in += n;
@@ -298,8 +306,9 @@ static long enc_ctrl(BIO *b, int cmd, lo
case BIO_CTRL_RESET:
ctx->ok = 1;
ctx->finished = 0;
- EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL,
- ctx->cipher.encrypt);
+ if (!EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL,
+ ctx->cipher.encrypt))
+ ctx->ok = 0;
ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
break;
case BIO_CTRL_EOF: /* More to read */
@@ -421,7 +430,8 @@ void BIO_set_cipher(BIO *b, const EVP_CI
b->init = 1;
ctx = (BIO_ENC_CTX *)b->ptr;
- EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e);
+ if (!EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e))
+ ctx->ok = 0;
if (b->callback != NULL)
b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L);