From 2bc9beff4e7e4404b48e98e8c4bccfe464a47b90 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sun, 2 Aug 2020 07:33:15 +0000
Subject: Check the return value of tls1_enc() in the write path.

The write path can return a failure in the AEAD path and there is no reason
not to check a return value.

Spotted by tb@ during another review.

ok tb@
---
 src/lib/libssl/d1_pkt.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/lib/libssl/d1_pkt.c')

diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index f888592223..0caf2a5965 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.75 2020/08/01 16:50:16 jsing Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.76 2020/08/02 07:33:15 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -1254,8 +1254,8 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
 	wr->input = p;
 	wr->length += eivlen;
 
-	/* tls1_enc can only have an error on read */
-	tls1_enc(s, 1);
+	if (tls1_enc(s, 1) != 1)
+		goto err;
 
 	if (!CBB_add_u16(&cbb, wr->length))
 		goto err;
-- 
cgit v1.2.3-55-g6feb