diff options
| author |   jsing <jsing@openbsd.org> | 2014-06-10 11:26:34 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2014-06-10 11:26:34 +0000 |
| commit | 2e189a1b864a04b3f70026230b7e3ad1d6f2feab (patch) | |
| tree | 48e9e1fe84d1402fe570fbc08a8261d51145e775 | |
| parent | Rearrange the inequality. (diff) | |
| download | wireguard-openbsd-2e189a1b864a04b3f70026230b7e3ad1d6f2feab.tar.xz wireguard-openbsd-2e189a1b864a04b3f70026230b7e3ad1d6f2feab.zip | |
Ensure ssl3_final_finish_mac() returns failure if either the MD5 or SHA1
handshake MAC calculation fails. Currently, the result from both
ssl3_handshake_mac() calls is added together. This means that unless both
MD5 and SHA1 fail, a positive value will be returned to the caller,
indicating success rather than failure.
ok deraadt@ miod@ sthen@
| -rw-r--r-- | lib/libssl/src/ssl/s3_enc.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/lib/libssl/src/ssl/s3_enc.c b/lib/libssl/src/ssl/s3_enc.c index 8a1758f8b71..dbefad77b27 100644 --- a/lib/libssl/src/ssl/s3_enc.c +++ b/lib/libssl/src/ssl/s3_enc.c @@ -625,11 +625,16 @@ ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p) int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p) { - int ret; - ret = ssl3_handshake_mac(s, NID_md5, sender, len, p); - p += ret; - ret += ssl3_handshake_mac(s, NID_sha1, sender, len, p); - return (ret); + int ret_md5, ret_sha1; + + ret_md5 = ssl3_handshake_mac(s, NID_md5, sender, len, p); + if (ret_md5 == 0) + return 0; + p += ret_md5; + ret_sha1 = ssl3_handshake_mac(s, NID_sha1, sender, len, p); + if (ret_sha1 == 0) + return 0; + return (ret_md5 + ret_sha1); } static int |