Avoid segfault in SSL_export_keying_material if there is no session

Fixes #12588

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12594)

(cherry picked from commit dffeec1c10a874d7c7b83c221dbbce82f755edb1)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 433a53796995885f6cb172a7c36d5009d26195fe..b1df374817c7ec3545017e643c743842971869f9 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2897,7 +2897,8 @@ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
                                const unsigned char *context, size_t contextlen,
                                int use_context)
 {
-    if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)
+    if (s->session == NULL
+        || (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER))
         return -1;
 
     return s->method->ssl3_enc->export_keying_material(s, out, olen, label,