Fix crash in tls13_enc

If s->s3->tmp.new_cipher is NULL then a crash can occur. This can happen
if an alert gets sent after version negotiation (i.e. we have selected
TLSv1.3 and ended up in tls13_enc), but before a ciphersuite has been
selected.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2575)

1 files changed, 12 insertions, 1 deletions

diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c
index 9dc7075cc2..d96a042ff9 100644
--- a/ssl/record/ssl3_record_tls13.c
+++ b/ssl/record/ssl3_record_tls13.c
@@ -7,6 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include <assert.h>
 #include "../ssl_locl.h"
 #include "record_locl.h"
 
@@ -29,7 +30,7 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send)
     unsigned char *seq;
     int lenu, lenf;
     SSL3_RECORD *rec = &recs[0];
-    uint32_t alg_enc = s->s3->tmp.new_cipher->algorithm_enc;
+    uint32_t alg_enc;
 
     if (n_recs != 1) {
         /* Should not happen */
@@ -52,8 +53,18 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send)
         rec->input = rec->data;
         return 1;
     }
+
     ivlen = EVP_CIPHER_CTX_iv_length(ctx);
 
+    /*
+     * To get here we must have selected a ciphersuite - otherwise ctx would
+     * be NULL
+     */
+    assert(s->s3->tmp.new_cipher != NULL);
+    if (s->s3->tmp.new_cipher == NULL)
+        return -1;
+    alg_enc = s->s3->tmp.new_cipher->algorithm_enc;
+
     if (alg_enc & SSL_AESCCM) {
         if (alg_enc & (SSL_AES128CCM8 | SSL_AES256CCM8))
             taglen = EVP_CCM8_TLS_TAG_LEN;