From fd4dbd5fe6f9115e21352ba8bf2af64733fefecd Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sun, 2 May 2021 16:00:33 +0000
Subject: Ensure that handshake hash is non-NULL in
 tls1_transcript_hash_value().

There are several paths where a subtle bug could result in
tls1_transcript_hash_value() being called with a NULL handshake hash - add
an explicit check for this case. As noted by tb@, due to the wonders of
the libcrypto EVP APIs, combined with integer promotion, we already have
a NULL check - this one is just more obvious.

ok tb@
---
 src/lib/libssl/ssl_transcript.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/lib/libssl/ssl_transcript.c b/src/lib/libssl/ssl_transcript.c
index f97b2b9190..688f6dca43 100644
--- a/src/lib/libssl/ssl_transcript.c
+++ b/src/lib/libssl/ssl_transcript.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_transcript.c,v 1.3 2021/04/23 18:30:18 tb Exp $ */
+/* $OpenBSD: ssl_transcript.c,v 1.4 2021/05/02 16:00:33 jsing Exp $ */
 /*
  * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
  *
@@ -76,6 +76,9 @@ tls1_transcript_hash_value(SSL *s, const unsigned char *out, size_t len,
 	unsigned int mdlen;
 	int ret = 0;
 
+	if (S3I(s)->handshake_hash == NULL)
+		goto err;
+
 	if (EVP_MD_CTX_size(S3I(s)->handshake_hash) > len)
 		goto err;
 
-- 
cgit v1.2.3-55-g6feb