Fix DTLS handshake message size checks.

[openssl.git] / ssl / s3_enc.c

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index bcc17d7bae85e618df49426a553ed0b2918dac60..86f06d02c7493a0ca242e47fc56efd5f1d89045e 100644 (file)
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -418,13 +418,7 @@ int ssl3_setup_key_block(SSL *s)
        if (s->s3->tmp.key_block_length != 0)
                return(1);
 
-       if (!ssl_cipher_get_comp(s->session, &comp))
-               {
-               SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
-               return(0);
-               }
-
-       if (!ssl_cipher_get_evp(s->session,&c,&hash,NULL,NULL))
+       if (!ssl_cipher_get_evp(s->session,&c,&hash,NULL,NULL,&comp))
                {
                SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
                return(0);
@@ -669,10 +663,18 @@ int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p)
 int ssl3_final_finish_mac(SSL *s, 
             const char *sender, int len, unsigned char *p)
        {
-       int ret;
+       int ret, sha1len;
        ret=ssl3_handshake_mac(s,NID_md5,sender,len,p);
+       if(ret == 0)
+               return 0;
+
        p+=ret;
-       ret+=ssl3_handshake_mac(s,NID_sha1,sender,len,p);
+
+       sha1len=ssl3_handshake_mac(s,NID_sha1,sender,len,p);
+       if(sha1len == 0)
+               return 0;
+
+       ret+=sha1len;
        return(ret);
        }
 static int ssl3_handshake_mac(SSL *s, int md_nid,