The branch OpenSSL_1_1_1-stable has been updated via 5b74c197f315fe1e6591876aaa82e275e4f05f54 (commit) from 3ee328ab9eff0bf0c86d07b24555a81f403d2ecb (commit)
- Log ----------------------------------------------------------------- commit 5b74c197f315fe1e6591876aaa82e275e4f05f54 Author: Trev Larock <tlar...@juniper.net> Date: Fri May 28 02:26:41 2021 +0000 Modify ssl_handshake_hash to call SSLfatal When EVP_MD_CTX_new fails call SSLfatal before the goto err. This resolves a state machine issue on the out of memory condition: ssl/statem/statem.c:643: OpenSSL internal error: Assertion failed: (s)->statem.in_init && (s)->statem.state == MSG_FLOW_ERROR Fixes #15491. CLA: trivial Reviewed-by: Ben Kaduk <ka...@mit.edu> Reviewed-by: Paul Dale <pa...@openssl.org> Reviewed-by: Tomas Mraz <to...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15511) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_lib.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 5501ecdb58..e1c95ddc60 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -4557,8 +4557,11 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, } ctx = EVP_MD_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH, + ERR_R_INTERNAL_ERROR); goto err; + } if (!EVP_MD_CTX_copy_ex(ctx, hdgst) || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) {