WARNING! Gitlab maintenance operation scheduled for Monday, 20 April between 12:00 and 14:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.

Commit f9f674eb authored Nov 23, 2017 by Matt Caswell

Assert that SSLfatal() only gets called once



We shouldn't call SSLfatal() multiple times for the same error condition.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4778)

parent 47e2ee07

ssl/statem/statem.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -11,6 +11,7 @@
		#include <openssl/rand.h>
		#include "../ssl_locl.h"
		#include "statem_locl.h"
		#include <assert.h>

		/*
		* This file implements the SSL/TLS/DTLS state machines.
		@@ -117,6 +118,8 @@ void ossl_statem_set_renegotiate(SSL *s)
		void ossl_statem_fatal(SSL s, int al, int func, int reason, const char file,
		int line)
		{
		/* We shouldn't call SSLfatal() twice. Once is enough */
		assert(s->statem.state != MSG_FLOW_ERROR);
		s->statem.in_init = 1;
		s->statem.state = MSG_FLOW_ERROR;
		ERR_put_error(ERR_LIB_SSL, func, reason, file, line);

ssl/statem/statem_clnt.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -2938,10 +2938,12 @@ static int tls_construct_cke_dhe(SSL s, WPACKET pkt)
		return 1;
		err:
		EVP_PKEY_free(ckey);
		#endif
		return 0;
		#else
		SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
		ERR_R_INTERNAL_ERROR);
		return 0;
		#endif
		}

		static int tls_construct_cke_ecdhe(SSL s, WPACKET pkt)