Fix a crash in SSLfatal due to invalid enc_write_ctx Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5645)
diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index a574853..1f221e7 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c
@@ -123,7 +123,7 @@ s->statem.in_init = 1; s->statem.state = MSG_FLOW_ERROR; ERR_put_error(ERR_LIB_SSL, func, reason, file, line); - if (al != SSL_AD_NO_ALERT) + if (al != SSL_AD_NO_ALERT && !s->statem.invalid_enc_write_ctx) ssl3_send_alert(s, SSL3_AL_FATAL, al); }
diff --git a/ssl/statem/statem.h b/ssl/statem/statem.h index 1935718..95dd881 100644 --- a/ssl/statem/statem.h +++ b/ssl/statem/statem.h
@@ -100,6 +100,7 @@ /* Should we skip the CertificateVerify message? */ unsigned int no_cert_verify; int use_timer; + int invalid_enc_write_ctx; }; typedef struct ossl_statem_st OSSL_STATEM;