openssl/openssl-1.0.2a-enc-fail.patch

diff -up openssl-1.0.2a/crypto/evp/bio_enc.c.enc-fail openssl-1.0.2a/crypto/evp/bio_enc.c
--- openssl-1.0.2a/crypto/evp/bio_enc.c.enc-fail	2015-03-19 14:19:00.000000000 +0100
+++ openssl-1.0.2a/crypto/evp/bio_enc.c	2015-04-22 18:10:06.491819948 +0200
@@ -201,10 +201,14 @@ static int enc_read(BIO *b, char *out, i
                 break;
             }
         } else {
-            EVP_CipherUpdate(&(ctx->cipher),
-                             (unsigned char *)ctx->buf, &ctx->buf_len,
-                             (unsigned char *)&(ctx->buf[BUF_OFFSET]), i);
-            ctx->cont = 1;
+            if (!EVP_CipherUpdate(&(ctx->cipher),
+                                  (unsigned char *)ctx->buf, &ctx->buf_len,
+                                  (unsigned char *)&(ctx->buf[BUF_OFFSET]),
+                                  i)) {
+                ctx->ok = 0;
+                ctx->cont = 0;
+            } else
+                ctx->cont = 1;
             /*
              * Note: it is possible for EVP_CipherUpdate to decrypt zero
              * bytes because this is or looks like the final block: if this
@@ -260,9 +264,13 @@ static int enc_write(BIO *b, const char
     ctx->buf_off = 0;
     while (inl > 0) {
         n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl;
-        EVP_CipherUpdate(&(ctx->cipher),
-                         (unsigned char *)ctx->buf, &ctx->buf_len,
-                         (unsigned char *)in, n);
+        if (!EVP_CipherUpdate(&(ctx->cipher),
+                              (unsigned char *)ctx->buf, &ctx->buf_len,
+                              (unsigned char *)in, n)) {
+            BIO_copy_next_retry(b);
+            ctx->ok = 0;
+            return ret - inl;
+        }
         inl -= n;
         in += n;
 
@@ -298,8 +306,9 @@ static long enc_ctrl(BIO *b, int cmd, lo
     case BIO_CTRL_RESET:
         ctx->ok = 1;
         ctx->finished = 0;
-        EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL,
-                          ctx->cipher.encrypt);
+        if (!EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL,
+                               ctx->cipher.encrypt))
+             ctx->ok = 0;
         ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
         break;
     case BIO_CTRL_EOF:         /* More to read */
@@ -421,7 +430,8 @@ void BIO_set_cipher(BIO *b, const EVP_CI
 
     b->init = 1;
     ctx = (BIO_ENC_CTX *)b->ptr;
-    EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e);
+    if (!EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e))
+        ctx->ok = 0;
 
     if (b->callback != NULL)
         b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L);