diff options
| author | Matt Caswell <matt@openssl.org> | 2015-03-12 14:37:26 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-03-17 13:39:53 +0000 |
| commit | 668f6f08c62177ab5893fc26ebb67053aafdffc8 (patch) | |
| tree | 4850441d3a7d103b37914516fa7e7c1893697f98 /ssl | |
| parent | 7132ac830fa08d9a936e011d7c541b0c52115b33 (diff) | |
| download | openssl-668f6f08c62177ab5893fc26ebb67053aafdffc8.tar.gz | |
Add sanity check to PRF
The function tls1_PRF counts the number of digests in use and partitions
security evenly between them. There always needs to be at least one digest
in use, otherwise this is an internal error. Add a sanity check for this.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/t1_enc.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 1833eb7646..26f8415dcb 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -260,6 +260,11 @@ static int tls1_PRF(long digest_mask, if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) count++; } + if(!count) { + /* Should never happen */ + SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR); + goto err; + } len = slen / count; if (count == 1) slen = 0; |