From 09b3654096ed344edd78cf156cb3ddcdbced6f9a Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 13 Apr 2020 16:57:16 +0100 Subject: [PATCH] Make sure we always send an alert in libssl if we hit a fatal error We had a spot where a fatal error was occurring but we hadn't sent an alert. This results in a later assertion failure. Reviewed-by: Paul Yang Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/11537) --- ssl/statem/statem_srvr.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 1bab800ced..25a23b3ad8 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2633,8 +2633,10 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) * THIS IS TEMPORARY */ EVP_PKEY_get0(s->s3.tmp.pkey); - if (EVP_PKEY_id(s->s3.tmp.pkey) == EVP_PKEY_NONE) + if (EVP_PKEY_id(s->s3.tmp.pkey) == EVP_PKEY_NONE) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, 0, ERR_R_EC_LIB); goto err; + } /* Encode the public key. */ encodedlen = EVP_PKEY_get1_tls_encodedpoint(s->s3.tmp.pkey, -- 2.25.1