projects / oweals / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e395ba2)
Make sure we always send an alert in libssl if we hit a fatal error
authorMatt Caswell <matt@openssl.org>
Mon, 13 Apr 2020 15:57:16 +0000 (16:57 +0100)
committerMatt Caswell <matt@openssl.org>
Wed, 15 Apr 2020 10:38:33 +0000 (11:38 +0100)
We had a spot where a fatal error was occurring but we hadn't sent an
alert. This results in a later assertion failure.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11537)

ssl/statem/statem_srvr.c patch | blob | history

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 1bab800ced067953ddd710613e01a5b94ebaa47b..25a23b3ad84a42dc04063d9be96225ff4cddb2ee 100644 (file)
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2633,8 +2633,10 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
          * THIS IS TEMPORARY
          */
         EVP_PKEY_get0(s->s3.tmp.pkey);
-        if (EVP_PKEY_id(s->s3.tmp.pkey) == EVP_PKEY_NONE)
+        if (EVP_PKEY_id(s->s3.tmp.pkey) == EVP_PKEY_NONE) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, 0, ERR_R_EC_LIB);
             goto err;
+        }
 
         /* Encode the public key. */
         encodedlen = EVP_PKEY_get1_tls_encodedpoint(s->s3.tmp.pkey,
Unnamed repository; edit this file 'description' to name the repository.