Remove an OPENSSL_assert which could fail
authorMatt Caswell <matt@openssl.org>
Fri, 30 Oct 2015 16:50:17 +0000 (16:50 +0000)
committerMatt Caswell <matt@openssl.org>
Mon, 2 Nov 2015 14:29:37 +0000 (14:29 +0000)
An OPENSSL_assert was being used which could fail (e.g. on a malloc
failure).

Reviewed-by: Rich Salz <rsalz@openssl.org>
ssl/record/ssl3_record.c

index 86aaf4f..359d247 100644 (file)
@@ -954,7 +954,8 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
         EVP_DigestSignUpdate(mac_ctx, header, sizeof(header));
         EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length);
         t = EVP_DigestSignFinal(mac_ctx, md, &md_size);
-        OPENSSL_assert(t > 0);
+        if (t <= 0)
+            return -1;
         if (!send && !SSL_USE_ETM(ssl) && FIPS_mode())
             tls_fips_digest_extra(ssl->enc_read_ctx,
                                   mac_ctx, rec->input,