From f08731cd82566d14275b7749ca553bdd7f6267f3 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 12 Mar 2015 14:37:26 +0000
Subject: [PATCH] Add sanity check to PRF

The function tls1_PRF counts the number of digests in use and partitions
security evenly between them. There always needs to be at least one digest
in use, otherwise this is an internal error. Add a sanity check for this.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 668f6f08c62177ab5893fc26ebb67053aafdffc8)
---
 ssl/t1_enc.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index fa1c002bf3..4e2845fa6e 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -261,6 +261,11 @@ static int tls1_PRF(long digest_mask,
         if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask)
             count++;
     }
+    if(!count) {
+        /* Should never happen */
+        SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
     len = slen / count;
     if (count == 1)
         slen = 0;
-- 
2.25.1