Add information on 0.9.6a (in a form such that the list can be

[openssl.git] / ssl / s3_enc.c

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 9e442a1f1bf2c95d29f9764efa082f881ebdd7d3..b27e9562b96cb2580c99013ecb415237fa1b1897 100644 (file)
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -81,11 +81,11 @@ static unsigned char ssl3_pad_2[48]={
 static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
        const char *sender, int len, unsigned char *p);
 
-static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
+static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
        {
        MD5_CTX m5;
        SHA_CTX s1;
-       unsigned char buf[8],smd[SHA_DIGEST_LENGTH];
+       unsigned char buf[16],smd[SHA_DIGEST_LENGTH];
        unsigned char c='A';
        int i,j,k;
 
@@ -96,6 +96,13 @@ static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
        for (i=0; i<num; i+=MD5_DIGEST_LENGTH)
                {
                k++;
+               if (k > sizeof buf)
+                       {
+                       /* bug: 'buf' is too small for this ciphersuite */
+                       SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
+                       return 0;
+                       }
+               
                for (j=0; j<k; j++)
                        buf[j]=c;
                c++;
@@ -122,6 +129,7 @@ static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
                km+=MD5_DIGEST_LENGTH;
                }
        memset(smd,0,SHA_DIGEST_LENGTH);
+       return 1;
        }
 
 int ssl3_change_cipher_state(SSL *s, int which)
@@ -306,9 +314,8 @@ int ssl3_setup_key_block(SSL *s)
        s->s3->tmp.key_block_length=num;
        s->s3->tmp.key_block=p;
 
-       ssl3_generate_key_block(s,p,num);
+       return ssl3_generate_key_block(s,p,num);
 
-       return(1);
 err:
        SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
        return(0);