Assert SSLFatal on keylog failure

We hit an check_failure assert during memfail testing in
ssl_read_state_machine, based on a return of WORK_ERROR without an
SSLFatal call being made.  This occurs because, if we fail in
ssl_log_secret (which we do due to memfail testing, we don't actually
assert an SSL fatal error.

Fix it by adding the SSLFatal call

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28216)

diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 0aa97648c4eda0c5ac42595a0b9ed9f561dbb041..5953de323308cf446d85f253673973c0cc3ca46b 100644 (file)
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -603,7 +603,7 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
 
             if (!ssl_log_secret(s, EARLY_EXPORTER_SECRET_LABEL,
                                 s->early_exporter_master_secret, hashlen)) {
-                /* SSLfatal() already called */
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
                 goto err;
             }
         } else if (which & SSL3_CC_HANDSHAKE) {