Fixed incorrect return code handling in ssl3_final_finish_mac.

Based on an original patch by Joel Sing (OpenBSD) who also originally identified the issue.
author: Matt Caswell <matt@openssl.org> 2014-06-10 23:24:28 +0100
committer: Matt Caswell <matt@openssl.org> 2014-06-13 15:53:29 +0100
commit: 042ef467ee657206d434ce35715aa4cb13723865 (patch)
tree: 0ac6cc1f98758571171d78089d7f0e425e0749ae
parent: 01736e6c415c1b08ea907380bedcd63ad4a66330 (diff)
1 files changed, 10 insertions, 2 deletions
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index e3cd4f062c..996267725e 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -642,10 +642,18 @@ int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p)
 int ssl3_final_finish_mac(SSL *s, 
 	     const char *sender, int len, unsigned char *p)
 	{
-	int ret;
+	int ret, sha1len;
 	ret=ssl3_handshake_mac(s,NID_md5,sender,len,p);
+	if(ret == 0)
+		return 0;
+
 	p+=ret;
-	ret+=ssl3_handshake_mac(s,NID_sha1,sender,len,p);
+
+	sha1len=ssl3_handshake_mac(s,NID_sha1,sender,len,p);
+	if(sha1len == 0)
+		return 0;
+
+	ret+=sha1len;
 	return(ret);
 	}
 static int ssl3_handshake_mac(SSL *s, int md_nid,
author	Matt Caswell <matt@openssl.org>	2014-06-10 23:24:28 +0100
committer	Matt Caswell <matt@openssl.org>	2014-06-13 15:53:29 +0100
commit	042ef467ee657206d434ce35715aa4cb13723865 (patch)
tree	0ac6cc1f98758571171d78089d7f0e425e0749ae
parent	01736e6c415c1b08ea907380bedcd63ad4a66330 (diff)