Commit 157af9be authored by Matt Caswell's avatar Matt Caswell
Browse files

Add a missing SSLfatal call 



A missing SSLfatal call can result in an assertion failed error if the
condition gets triggered.

Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7594)
parent ac48fba0

ssl/s3_msg.c

+6 −2
Original line number Diff line number Diff line
@@ -26,12 +26,16 @@ int ssl3_do_change_cipher_spec(SSL *s) 
        }



        s->session->cipher = s->s3->tmp.new_cipher;

        if (!s->method->ssl3_enc->setup_key_block(s))

        if (!s->method->ssl3_enc->setup_key_block(s)) {

            /* SSLfatal() already called */

            return 0;

        }

    }



    if (!s->method->ssl3_enc->change_cipher_state(s, i))

    if (!s->method->ssl3_enc->change_cipher_state(s, i)) {

        /* SSLfatal() already called */

        return 0;

    }



    return 1;

}

ssl/t1_enc.c

+4 −1
Original line number Diff line number Diff line
@@ -131,8 +131,11 @@ int tls1_change_cipher_state(SSL *s, int which) 
        }

        dd = s->enc_read_ctx;

        mac_ctx = ssl_replace_hash(&s->read_hash, NULL);

        if (mac_ctx == NULL)

        if (mac_ctx == NULL) {

            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,

                     ERR_R_INTERNAL_ERROR);

            goto err;

        }

#ifndef OPENSSL_NO_COMP

        COMP_CTX_free(s->expand);

        s->expand = NULL;