From: Matt Caswell <matt@openssl.org>
Date: Tue, 10 Jun 2014 22:24:28 +0000 (+0100)
Subject: Fixed incorrect return code handling in ssl3_final_finish_mac.
X-Git-Tag: OpenSSL_1_0_0n~71
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=2dc967ddd0408821ea6cfc7a192da78f2c5b0a26;p=oweals%2Fopenssl.git

Fixed incorrect return code handling in ssl3_final_finish_mac.
Based on an original patch by Joel Sing (OpenBSD) who also originally identified the issue.
---

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 6bc0812162..c44cc9298a 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -631,10 +631,18 @@ int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p)
 int ssl3_final_finish_mac(SSL *s, 
 	     const char *sender, int len, unsigned char *p)
 	{
-	int ret;
+	int ret, sha1len;
 	ret=ssl3_handshake_mac(s,NID_md5,sender,len,p);
+	if(ret == 0)
+		return 0;
+
 	p+=ret;
-	ret+=ssl3_handshake_mac(s,NID_sha1,sender,len,p);
+
+	sha1len=ssl3_handshake_mac(s,NID_sha1,sender,len,p);
+	if(sha1len == 0)
+		return 0;
+
+	ret+=sha1len;
 	return(ret);
 	}
 static int ssl3_handshake_mac(SSL *s, int md_nid,