Check EVP errors for handshake digests.

Partial mitigation of PR#3200
author: Dr. Stephen Henson <steve@openssl.org> 2013-12-14 13:55:48 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2013-12-18 13:26:10 +0000
commit: 0294b2be5f4c11e60620c0018674ff0e17b14238 (patch)
tree: c142a5421d1c829539854d097551bed703cd552e /ssl/s3_pkt.c
parent: f1068a1ab726f477ad57783d0d488d4d55f87ded (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 804291e27c..c4bc4e787d 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1459,8 +1459,14 @@ int ssl3_do_change_cipher_spec(SSL *s)
 		slen=s->method->ssl3_enc->client_finished_label_len;
 		}
 
-	s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
+	i = s->method->ssl3_enc->final_finish_mac(s,
 		sender,slen,s->s3->tmp.peer_finish_md);
+	if (i == 0)
+		{
+		SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
+		return 0;
+		}
+	s->s3->tmp.peer_finish_md_len = i;
 
 	return(1);
 	}
author	Dr. Stephen Henson <steve@openssl.org>	2013-12-14 13:55:48 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2013-12-18 13:26:10 +0000
commit	0294b2be5f4c11e60620c0018674ff0e17b14238 (patch)
tree	c142a5421d1c829539854d097551bed703cd552e /ssl/s3_pkt.c
parent	f1068a1ab726f477ad57783d0d488d4d55f87ded (diff)