From eda45bbcab28a97ef3e6bb07e5de8aab7abd0c33 Mon Sep 17 00:00:00 2001 From: jsing Date: Sun, 2 May 2021 16:00:33 +0000 Subject: [PATCH] Ensure that handshake hash is non-NULL in tls1_transcript_hash_value(). There are several paths where a subtle bug could result in tls1_transcript_hash_value() being called with a NULL handshake hash - add an explicit check for this case. As noted by tb@, due to the wonders of the libcrypto EVP APIs, combined with integer promotion, we already have a NULL check - this one is just more obvious. ok tb@ --- lib/libssl/ssl_transcript.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/libssl/ssl_transcript.c b/lib/libssl/ssl_transcript.c index f97b2b91908..688f6dca433 100644 --- a/lib/libssl/ssl_transcript.c +++ b/lib/libssl/ssl_transcript.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_transcript.c,v 1.3 2021/04/23 18:30:18 tb Exp $ */ +/* $OpenBSD: ssl_transcript.c,v 1.4 2021/05/02 16:00:33 jsing Exp $ */ /* * Copyright (c) 2017 Joel Sing * @@ -76,6 +76,9 @@ tls1_transcript_hash_value(SSL *s, const unsigned char *out, size_t len, unsigned int mdlen; int ret = 0; + if (S3I(s)->handshake_hash == NULL) + goto err; + if (EVP_MD_CTX_size(S3I(s)->handshake_hash) > len) goto err; -- 2.20.1