ssl/s3_pkt.c: detect RAND_bytes error in multi-block.

crypto/evp/e_aes_cbc_hmac_sha1.c

@@ -212,7 +212,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
 	u64		seqnum;
 #endif
 
-	RAND_bytes((IVs=blocks[0].c),16*x4);	/* ask for IVs in bulk */
+	if (RAND_bytes((IVs=blocks[0].c),16*x4)<=0)	/* ask for IVs in bulk */
+		return 0;
 
 	ctx = (SHA1_MB_CTX *)(storage+32-((size_t)storage%32));	/* align */
 

crypto/evp/e_aes_cbc_hmac_sha256.c

@@ -208,7 +208,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
 	u64		seqnum;
 #endif
 
-	RAND_bytes((IVs=blocks[0].c),16*x4);	/* ask for IVs in bulk */
+	if (RAND_bytes((IVs=blocks[0].c),16*x4)<=0)	/* ask for IVs in bulk */
+		return 0;
 
 	ctx = (SHA256_MB_CTX *)(storage+32-((size_t)storage%32));	/* align */
 

ssl/s3_pkt.c

@@ -764,9 +764,10 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
 			mb_param.inp = &buf[tot];
 			mb_param.len = nw;
 
-			EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
-				EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
-				sizeof(mb_param),&mb_param);
+			if (EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
+					EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
+					sizeof(mb_param),&mb_param)<=0)
+				return -1;
 
 			s->s3->write_sequence[7] += mb_param.interleave;
 			if (s->s3->write_sequence[7] < mb_param.interleave)