diff options
author | Trev Larock <tlarock@juniper.net> | 2021-05-28 12:54:44 +0000 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-06-01 16:43:43 +0200 |
commit | 147ed5f9def86840c9f6ba512e63a890d58ac1d6 (patch) | |
tree | 8d2e6b9c6d4e26b31082e0164eb3ca649452c6db /ssl | |
parent | 7e8d6bafd0347de8653c336e6f067d8f3686a386 (diff) |
Modify ssl_handshake_hash to call SSLfatal
When EVP_MD_CTX_new fails call SSLfatal before the goto err.
This resolves a state machine issue on the out of memory condition.
Fixes #15491.
CLA: trivial
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15520)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_lib.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index c8ab4a66a0..063134015a 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -4773,8 +4773,10 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, } ctx = EVP_MD_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; + } if (!EVP_MD_CTX_copy_ex(ctx, hdgst) || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) { |