Check the return value of tls1_enc() in the write path.

The write path can return a failure in the AEAD path and there is no reason
not to check a return value.

Spotted by tb@ during another review.

ok tb@

2 files changed, 6 insertions, 6 deletions

diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c
index f888592223c..0caf2a59656 100644
--- a/lib/libssl/d1_pkt.c
+++ b/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.75 2020/08/01 16:50:16 jsing Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.76 2020/08/02 07:33:15 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -1254,8 +1254,8 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
 	wr->input = p;
 	wr->length += eivlen;
 
-	/* tls1_enc can only have an error on read */
-	tls1_enc(s, 1);
+	if (tls1_enc(s, 1) != 1)
+		goto err;
 
 	if (!CBB_add_u16(&cbb, wr->length))
 		goto err;
diff --git a/lib/libssl/ssl_pkt.c b/lib/libssl/ssl_pkt.c
index 6bb722098a1..39ce46381df 100644
--- a/lib/libssl/ssl_pkt.c
+++ b/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.27 2020/08/01 16:50:16 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.28 2020/08/02 07:33:15 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -674,8 +674,8 @@ ssl3_create_record(SSL *s, unsigned char *p, uint16_t version, uint8_t type,
 	wr->input = p;
 	wr->length += eivlen;
 
-	/* tls1_enc can only have an error on read */
-	tls1_enc(s, 1);
+	if (tls1_enc(s, 1) != 1)
+		goto err;
 
 	/* record length after mac and block padding */
 	if (!CBB_add_u16(&cbb, wr->length))