Remove an OPENSSL_assert which could fail

An OPENSSL_assert was being used which could fail (e.g. on a malloc
failure).

Reviewed-by: Rich Salz <rsalz@openssl.org>

diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 86aaf4fcd8be4c442fa91abff98f9a82d1b8a574..359d247bbbf6c39f8f5da250854e77e1089d9d44 100644 (file)
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -954,7 +954,8 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
         EVP_DigestSignUpdate(mac_ctx, header, sizeof(header));
         EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length);
         t = EVP_DigestSignFinal(mac_ctx, md, &md_size);
-        OPENSSL_assert(t > 0);
+        if (t <= 0)
+            return -1;
         if (!send && !SSL_USE_ETM(ssl) && FIPS_mode())
             tls_fips_digest_extra(ssl->enc_read_ctx,
                                   mac_ctx, rec->input,