Replace instances of OPENSSL_assert() with soft asserts in libssl

Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3496)
author: Matt Caswell <matt@openssl.org> 2017-05-19 09:35:19 +0100
committer: Matt Caswell <matt@openssl.org> 2017-05-22 14:00:19 +0100
commit: 380a522f689252e7f19e0c44ea49461ec7bd040f (patch)
tree: 81a5820773c28b57d18610fea28e4b5dd074b18c /ssl/ssl_lib.c
parent: 98d132cf6a879faf0147aa83ea0c07ff326260ed (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index de63f84fc4..b318055eab 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -575,7 +575,8 @@ SSL *SSL_new(SSL_CTX *ctx)
     s->record_padding_arg = ctx->record_padding_arg;
     s->block_padding = ctx->block_padding;
     s->sid_ctx_length = ctx->sid_ctx_length;
-    OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
+    if (!ossl_assert(s->sid_ctx_length <= sizeof s->sid_ctx))
+        goto err;
     memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
     s->verify_callback = ctx->default_verify_callback;
     s->generate_session_id = ctx->generate_session_id;
@@ -3609,7 +3610,8 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
      * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
      * so setter APIs must prevent invalid lengths from entering the system.
      */
-    OPENSSL_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx));
+    if (!ossl_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx)))
+        return NULL;
 
     /*
      * If the session ID context matches that of the parent SSL_CTX,
author	Matt Caswell <matt@openssl.org>	2017-05-19 09:35:19 +0100
committer	Matt Caswell <matt@openssl.org>	2017-05-22 14:00:19 +0100
commit	380a522f689252e7f19e0c44ea49461ec7bd040f (patch)
tree	81a5820773c28b57d18610fea28e4b5dd074b18c /ssl/ssl_lib.c
parent	98d132cf6a879faf0147aa83ea0c07ff326260ed (diff)