Add sanity check to PRF

The function tls1_PRF counts the number of digests in use and partitions security evenly between them. There always needs to be at least one digest in use, otherwise this is an internal error. Add a sanity check for this. Reviewed-by: N Richard Levitte <levitte@openssl.org>

Add sanity check to PRF
The function tls1_PRF counts the number of digests in use and partitions security evenly between them. There always needs to be at least one digest in use, otherwise this is an internal error. Add a sanity check for this. Reviewed-by: N Richard Levitte <levitte@openssl.org>
668f6f08 · Matt Caswell · 7132ac83 · 668f6f08
显示空白变更内容
内联并排

Showing with 5 addition and 0 deletion

ssl/t1_enc.c ssl/t1_enc.c +5 -0

未找到文件。
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -260,6 +260,11 @@ static int tls1_PRF(long digest_mask,
        if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask)
            count++;
    }
+    if(!count) {
+        /* Should never happen */
+        SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
    len = slen / count;
    if (count == 1)
        slen = 0;