Ensure that handshake hash is non-NULL in tls1_transcript_hash_value().

There are several paths where a subtle bug could result in
tls1_transcript_hash_value() being called with a NULL handshake hash - add
an explicit check for this case. As noted by tb@, due to the wonders of
the libcrypto EVP APIs, combined with integer promotion, we already have
a NULL check - this one is just more obvious.

ok tb@

diff --git a/lib/libssl/ssl_transcript.c b/lib/libssl/ssl_transcript.c
index f97b2b9..688f6dc 100644 (file)
--- a/lib/libssl/ssl_transcript.c
+++ b/lib/libssl/ssl_transcript.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_transcript.c,v 1.3 2021/04/23 18:30:18 tb Exp $ */
+/* $OpenBSD: ssl_transcript.c,v 1.4 2021/05/02 16:00:33 jsing Exp $ */
 /*
  * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
  *
@@ -76,6 +76,9 @@ tls1_transcript_hash_value(SSL *s, const unsigned char *out, size_t len,
        unsigned int mdlen;
        int ret = 0;
 
+       if (S3I(s)->handshake_hash == NULL)
+               goto err;
+
        if (EVP_MD_CTX_size(S3I(s)->handshake_hash) > len)
                goto err;