Remove an OPENSSL_assert which could fail

author Matt Caswell <matt@openssl.org>

Fri, 30 Oct 2015 16:50:17 +0000 (16:50 +0000)

committer Matt Caswell <matt@openssl.org>

Mon, 2 Nov 2015 14:29:37 +0000 (14:29 +0000)
author Matt Caswell <matt@openssl.org>
Fri, 30 Oct 2015 16:50:17 +0000 (16:50 +0000)
committer Matt Caswell <matt@openssl.org>
Mon, 2 Nov 2015 14:29:37 +0000 (14:29 +0000)
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c

index 86aaf4fcd8be4c442fa91abff98f9a82d1b8a574..359d247bbbf6c39f8f5da250854e77e1089d9d44 100644 (file)
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -954,7 +954,8 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
          EVP_DigestSignUpdate(mac_ctx, header, sizeof(header));
          EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length);
          t = EVP_DigestSignFinal(mac_ctx, md, &md_size);
-        OPENSSL_assert(t > 0);
+        if (t <= 0)
+            return -1;
          if (!send && !SSL_USE_ETM(ssl) && FIPS_mode())
              tls_fips_digest_extra(ssl->enc_read_ctx,
                                    mac_ctx, rec->input,
author	Matt Caswell <matt@openssl.org>
	Fri, 30 Oct 2015 16:50:17 +0000 (16:50 +0000)
committer	Matt Caswell <matt@openssl.org>
	Mon, 2 Nov 2015 14:29:37 +0000 (14:29 +0000)