From 157af9be4106c951afadf7b12afe4cbaba0c0823 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 8 Nov 2018 14:03:17 +0000
Subject: Add a missing SSLfatal call

A missing SSLfatal call can result in an assertion failed error if the
condition gets triggered.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7594)
---
 ssl/s3_msg.c | 8 ++++++--
 ssl/t1_enc.c | 5 ++++-
 2 files changed, 10 insertions(+), 3 deletions(-)

(limited to 'ssl')

diff --git a/ssl/s3_msg.c b/ssl/s3_msg.c
index 42382547fb..040a7284b0 100644
--- a/ssl/s3_msg.c
+++ b/ssl/s3_msg.c
@@ -26,12 +26,16 @@ int ssl3_do_change_cipher_spec(SSL *s)
         }
 
         s->session->cipher = s->s3->tmp.new_cipher;
-        if (!s->method->ssl3_enc->setup_key_block(s))
+        if (!s->method->ssl3_enc->setup_key_block(s)) {
+            /* SSLfatal() already called */
             return 0;
+        }
     }
 
-    if (!s->method->ssl3_enc->change_cipher_state(s, i))
+    if (!s->method->ssl3_enc->change_cipher_state(s, i)) {
+        /* SSLfatal() already called */
         return 0;
+    }
 
     return 1;
 }
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 2db913fb06..2be37c76b2 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -131,8 +131,11 @@ int tls1_change_cipher_state(SSL *s, int which)
         }
         dd = s->enc_read_ctx;
         mac_ctx = ssl_replace_hash(&s->read_hash, NULL);
-        if (mac_ctx == NULL)
+        if (mac_ctx == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                     ERR_R_INTERNAL_ERROR);
             goto err;
+        }
 #ifndef OPENSSL_NO_COMP
         COMP_CTX_free(s->expand);
         s->expand = NULL;
-- 
cgit v1.2.3