The branch master has been updated via 157af9be4106c951afadf7b12afe4cbaba0c0823 (commit) from ac48fba036e1764dfa98ed0f0aa932491aa1c4ef (commit)
- Log ----------------------------------------------------------------- commit 157af9be4106c951afadf7b12afe4cbaba0c0823 Author: Matt Caswell <m...@openssl.org> Date: Thu Nov 8 14:03:17 2018 +0000 Add a missing SSLfatal call A missing SSLfatal call can result in an assertion failed error if the condition gets triggered. Reviewed-by: Tim Hudson <t...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7594) ----------------------------------------------------------------------- Summary of changes: ssl/s3_msg.c | 8 ++++++-- ssl/t1_enc.c | 5 ++++- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/ssl/s3_msg.c b/ssl/s3_msg.c index 4238254..040a728 100644 --- a/ssl/s3_msg.c +++ b/ssl/s3_msg.c @@ -26,12 +26,16 @@ int ssl3_do_change_cipher_spec(SSL *s) } s->session->cipher = s->s3->tmp.new_cipher; - if (!s->method->ssl3_enc->setup_key_block(s)) + if (!s->method->ssl3_enc->setup_key_block(s)) { + /* SSLfatal() already called */ return 0; + } } - if (!s->method->ssl3_enc->change_cipher_state(s, i)) + if (!s->method->ssl3_enc->change_cipher_state(s, i)) { + /* SSLfatal() already called */ return 0; + } return 1; } diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 2db913f..2be37c7 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -131,8 +131,11 @@ int tls1_change_cipher_state(SSL *s, int which) } dd = s->enc_read_ctx; mac_ctx = ssl_replace_hash(&s->read_hash, NULL); - if (mac_ctx == NULL) + if (mac_ctx == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE, + ERR_R_INTERNAL_ERROR); goto err; + } #ifndef OPENSSL_NO_COMP COMP_CTX_free(s->expand); s->expand = NULL; _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits