From: Neil Horman <nhorman@openssl.org>
Date: Sun, 10 Aug 2025 21:53:28 +0000 (-0400)
Subject: Assert SSLFatal on keylog failure
X-Git-Tag: openssl-3.6.0-alpha1~182
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7d78cd722b63e53a668c7ec13b9eeb6e13e32f13;p=thirdparty%2Fopenssl.git

Assert SSLFatal on keylog failure

We hit an check_failure assert during memfail testing in
ssl_read_state_machine, based on a return of WORK_ERROR without an
SSLFatal call being made.  This occurs because, if we fail in
ssl_log_secret (which we do due to memfail testing, we don't actually
assert an SSL fatal error.

Fix it by adding the SSLFatal call

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28216)
---

diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 0aa97648c4e..5953de32330 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -603,7 +603,7 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
 
             if (!ssl_log_secret(s, EARLY_EXPORTER_SECRET_LABEL,
                                 s->early_exporter_master_secret, hashlen)) {
-                /* SSLfatal() already called */
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
                 goto err;
             }
         } else if (which & SSL3_CC_HANDSHAKE) {