[openssl/openssl] ea9e16: Check for EVP_MD being NULL inside ssl.

slontis noreply at reply.github.openssl.org
Wed Jul 13 07:03:30 UTC 2022


  Branch: refs/heads/openssl-3.0
  Home:   https://github.openssl.org/openssl/openssl
  Commit: ea9e16d16b17d9aa1544e54e79c6438aef9b2e6e
      https://github.openssl.org/openssl/openssl/commit/ea9e16d16b17d9aa1544e54e79c6438aef9b2e6e
  Author: slontis <shane.lontis at oracle.com>
  Date:   2022-07-13 (Wed, 13 Jul 2022)

  Changed paths:
    M ssl/s3_lib.c
    M ssl/ssl_ciph.c
    M ssl/statem/extensions_srvr.c
    M ssl/statem/statem_clnt.c
    M ssl/tls13_enc.c

  Log Message:
  -----------
  Check for EVP_MD being NULL inside ssl.

Fix multiple places that could potentially segfault if memory
allocations fail. e.g. ssl_load_ciphers() could fail while calling
ssl_evp_md_fetch().

Found by #18355

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18784)

(cherry picked from commit b740012f77aed97cb4b3cd8a4f1fb2f668542795)




More information about the openssl-commits mailing list