From 09ba6d078e8d82c7c1639a2749f8e7b22a5b4b47 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Tue, 10 Jun 2014 11:26:34 +0000
Subject: Ensure ssl3_final_finish_mac() returns failure if either the MD5 or
 SHA1 handshake MAC calculation fails. Currently, the result from both
 ssl3_handshake_mac() calls is added together. This means that unless both MD5
 and SHA1 fail, a positive value will be returned to the caller, indicating
 success rather than failure.

ok deraadt@ miod@ sthen@
---
 src/lib/libssl/src/ssl/s3_enc.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index 8a1758f8b7..dbefad77b2 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -625,11 +625,16 @@ ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p)
 int
 ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p)
 {
-	int ret;
-	ret = ssl3_handshake_mac(s, NID_md5, sender, len, p);
-	p += ret;
-	ret += ssl3_handshake_mac(s, NID_sha1, sender, len, p);
-	return (ret);
+	int ret_md5, ret_sha1;
+
+	ret_md5 = ssl3_handshake_mac(s, NID_md5, sender, len, p);
+	if (ret_md5 == 0)
+		return 0;
+	p += ret_md5;
+	ret_sha1 = ssl3_handshake_mac(s, NID_sha1, sender, len, p);
+	if (ret_sha1 == 0)
+		return 0;
+	return (ret_md5 + ret_sha1);
 }
 
 static int
-- 
cgit v1.2.3-55-g6feb