Fixed incorrect return code handling in ssl3_final_finish_mac.
authorMatt Caswell <matt@openssl.org>
Tue, 10 Jun 2014 22:24:28 +0000 (23:24 +0100)
committerMatt Caswell <matt@openssl.org>
Fri, 13 Jun 2014 14:36:20 +0000 (15:36 +0100)
Based on an original patch by Joel Sing (OpenBSD) who also originally identified the issue.

ssl/s3_enc.c

index f1b264185362599d990685c61b20429d806434ca..6c103a042fcbb6f2eb5f67e9113e37fdd4042ad6 100644 (file)
@@ -663,10 +663,18 @@ int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p)
 int ssl3_final_finish_mac(SSL *s, 
             const char *sender, int len, unsigned char *p)
        {
-       int ret;
+       int ret, sha1len;
        ret=ssl3_handshake_mac(s,NID_md5,sender,len,p);
+       if(ret == 0)
+               return 0;
+
        p+=ret;
-       ret+=ssl3_handshake_mac(s,NID_sha1,sender,len,p);
+
+       sha1len=ssl3_handshake_mac(s,NID_sha1,sender,len,p);
+       if(sha1len == 0)
+               return 0;
+
+       ret+=sha1len;
        return(ret);
        }
 static int ssl3_handshake_mac(SSL *s, int md_nid,