[openssl] OpenSSL_1_1_1-stable update
tomas at openssl.org
tomas at openssl.org
Wed Jun 2 07:59:45 UTC 2021
The branch OpenSSL_1_1_1-stable has been updated
via 5b74c197f315fe1e6591876aaa82e275e4f05f54 (commit)
from 3ee328ab9eff0bf0c86d07b24555a81f403d2ecb (commit)
- Log -----------------------------------------------------------------
commit 5b74c197f315fe1e6591876aaa82e275e4f05f54
Author: Trev Larock <tlarock at juniper.net>
Date: Fri May 28 02:26:41 2021 +0000
Modify ssl_handshake_hash to call SSLfatal
When EVP_MD_CTX_new fails call SSLfatal before the goto err.
This resolves a state machine issue on the out of memory condition:
ssl/statem/statem.c:643: OpenSSL internal error: Assertion failed:
(s)->statem.in_init && (s)->statem.state == MSG_FLOW_ERROR
Fixes #15491.
CLA: trivial
Reviewed-by: Ben Kaduk <kaduk at mit.edu>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15511)
-----------------------------------------------------------------------
Summary of changes:
ssl/ssl_lib.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 5501ecdb58..e1c95ddc60 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -4557,8 +4557,11 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
}
ctx = EVP_MD_CTX_new();
- if (ctx == NULL)
+ if (ctx == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,
+ ERR_R_INTERNAL_ERROR);
goto err;
+ }
if (!EVP_MD_CTX_copy_ex(ctx, hdgst)
|| EVP_DigestFinal_ex(ctx, out, NULL) <= 0) {
More information about the openssl-commits
mailing list