projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
If we're going to return errors (no matter how stupid), then we should
[openssl.git] / ssl / t1_lib.c
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index e6ba33d85b1b847a6ba90670e8865b0fadc3c7e5..c1d4173b5e89207707c6181e821c6e4907ae1b18 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1532,6 +1532,11 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
         * integrity checks on ticket.
         */
        mlen = HMAC_size(&hctx);
+       if (mlen < 0)
+               {
+               EVP_CIPHER_CTX_cleanup(&ctx);
+               return -1;
+               }
        eticklen -= mlen;
        /* Check HMAC of encrypted ticket */
        HMAC_Update(&hctx, etick, eticklen);
Unnamed repository; edit this file 'description' to name the repository.