Commit 668f6f08 authored Mar 12, 2015 by Matt Caswell

Add sanity check to PRF

The function tls1_PRF counts the number of digests in use and partitions
security evenly between them. There always needs to be at least one digest
in use, otherwise this is an internal error. Add a sanity check for this.

Reviewed-by: Richard Levitte <levitte@openssl.org>

parent 7132ac83

ssl/t1_enc.c

+5 −0

Original line number	Diff line number	Diff line
		@@ -260,6 +260,11 @@ static int tls1_PRF(long digest_mask,
		if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask)
		count++;
		}
		if(!count) {
		/* Should never happen */
		SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR);
		goto err;
		}
		len = slen / count;
		if (count == 1)
		slen = 0;