From 147ed5f9def86840c9f6ba512e63a890d58ac1d6 Mon Sep 17 00:00:00 2001
From: Trev Larock <tlarock@juniper.net>
Date: Fri, 28 May 2021 12:54:44 +0000
Subject: [PATCH] Modify ssl_handshake_hash to call SSLfatal

When EVP_MD_CTX_new fails call SSLfatal before the goto err.
This resolves a state machine issue on the out of memory condition.

Fixes #15491.
CLA: trivial

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15520)
---
 ssl/ssl_lib.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index c8ab4a66a0e..063134015a1 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -4773,8 +4773,10 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
     }
 
     ctx = EVP_MD_CTX_new();
-    if (ctx == NULL)
+    if (ctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
         goto err;
+    }
 
     if (!EVP_MD_CTX_copy_ex(ctx, hdgst)
         || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) {
-- 
2.47.3