From f55f2bcfa8ecd36582506743c67f10f1d06e41c8 Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Sun, 2 May 2021 15:57:29 +0000
Subject: [PATCH] Harden tls12_finished_verify_data() by checking master key
 length.

Require master key length to be greater than zero if we're asked to derive
verify data for a finished or peer finished message.

ok tb@
---
 lib/libssl/tls12_lib.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/libssl/tls12_lib.c b/lib/libssl/tls12_lib.c
index e7171ba8333..f30f3a7b463 100644
--- a/lib/libssl/tls12_lib.c
+++ b/lib/libssl/tls12_lib.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls12_lib.c,v 1.2 2021/04/30 19:26:45 jsing Exp $ */
+/*	$OpenBSD: tls12_lib.c,v 1.3 2021/05/02 15:57:29 jsing Exp $ */
 /*
  * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
  *
@@ -27,6 +27,9 @@ tls12_finished_verify_data(SSL *s, const char *finished_label,
 
 	*out_len = 0;
 
+	if (s->session->master_key_length <= 0)
+		return 0;
+
 	if (verify_data_len < TLS1_FINISH_MAC_LENGTH)
 		return 0;
 
-- 
2.20.1