artulab
projects
/
openbsd
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
e22ac56
)
Harden tls12_finished_verify_data() by checking master key length.
author
jsing
<jsing@openbsd.org>
Sun, 2 May 2021 15:57:29 +0000
(15:57 +0000)
committer
jsing
<jsing@openbsd.org>
Sun, 2 May 2021 15:57:29 +0000
(15:57 +0000)
Require master key length to be greater than zero if we're asked to derive
verify data for a finished or peer finished message.
ok tb@
lib/libssl/tls12_lib.c
patch
|
blob
|
history
diff --git
a/lib/libssl/tls12_lib.c
b/lib/libssl/tls12_lib.c
index
e7171ba
..
f30f3a7
100644
(file)
--- a/
lib/libssl/tls12_lib.c
+++ b/
lib/libssl/tls12_lib.c
@@
-1,4
+1,4
@@
-/* $OpenBSD: tls12_lib.c,v 1.
2 2021/04/30 19:26:45
jsing Exp $ */
+/* $OpenBSD: tls12_lib.c,v 1.
3 2021/05/02 15:57:29
jsing Exp $ */
/*
* Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
*
@@
-27,6
+27,9
@@
tls12_finished_verify_data(SSL *s, const char *finished_label,
*out_len = 0;
+ if (s->session->master_key_length <= 0)
+ return 0;
+
if (verify_data_len < TLS1_FINISH_MAC_LENGTH)
return 0;
projects / openbsd / commitdiff