From fcb61b6c92ac21c51ad23e4b983600747cdd8db1 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 12 Mar 2015 14:37:26 +0000 Subject: [PATCH] Add sanity check to PRF The function tls1_PRF counts the number of digests in use and partitions security evenly between them. There always needs to be at least one digest in use, otherwise this is an internal error. Add a sanity check for this. Reviewed-by: Richard Levitte (cherry picked from commit 668f6f08c62177ab5893fc26ebb67053aafdffc8) --- ssl/t1_enc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 84f589606b..577885fe08 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -260,6 +260,11 @@ static int tls1_PRF(long digest_mask, if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) count++; } + if(!count) { + /* Should never happen */ + SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR); + goto err; + } len = slen / count; if (count == 1) slen = 0;