[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Fri Apr 20 10:50:22 UTC 2018 

The branch master has been updated
       via  033c181ba690ef234812c51d4c6cb7d8dd337cb7 (commit)
       via  4ce787b97aa66e1b4c1d48f6ec047141408056f7 (commit)
      from  4b7c6385f779e92ffcd76159b03b4dac301e93e7 (commit)


- Log -----------------------------------------------------------------
commit 033c181ba690ef234812c51d4c6cb7d8dd337cb7
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Apr 19 15:44:52 2018 +0100

    Test the state of SSL_in_init() from the info_callback
    
    Check that in a handshake done event SSL_in_init() is 0 (see #4574)
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6019)

commit 4ce787b97aa66e1b4c1d48f6ec047141408056f7
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Apr 19 15:26:28 2018 +0100

    Make sure SSL_in_init() returns 0 at SSL_CB_HANDSHAKE_DONE
    
    In 1.1.0 and before calling SSL_in_init() from the info_callback
    at SSL_CB_HANDSHAKE_DONE would return 0. This commit fixes it so
    that it does again for 1.1.1. This broke Node.
    
    Fixes #4574
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6019)

-----------------------------------------------------------------------

Summary of changes:
 ssl/statem/statem_lib.c | 9 +++++++--
 test/sslapitest.c       | 6 ++++++
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index a17dec9..6d0778d 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1090,13 +1090,18 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop)
     else if (s->ctx->info_callback != NULL)
         cb = s->ctx->info_callback;
 
+    /* The callback may expect us to not be in init at handshake done */
+    ossl_statem_set_in_init(s, 0);
+
     if (cb != NULL)
         cb(s, SSL_CB_HANDSHAKE_DONE, 1);
 
-    if (!stop)
+    if (!stop) {
+        /* If we've got more work to do we go back into init */
+        ossl_statem_set_in_init(s, 1);
         return WORK_FINISHED_CONTINUE;
+    }
 
-    ossl_statem_set_in_init(s, 0);
     return WORK_FINISHED_STOP;
 }
 
diff --git a/test/sslapitest.c b/test/sslapitest.c
index c4c0868..25230c8 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -4269,6 +4269,12 @@ static void sslapi_info_callback(const SSL *s, int where, int ret)
         info_cb_failed = 1;
         return;
     }
+
+    /* Check that, if we've got SSL_CB_HANDSHAKE_DONE we are not in init */
+    if ((where & SSL_CB_HANDSHAKE_DONE) && SSL_in_init((SSL *)s) != 0) {
+        info_cb_failed = 1;
+        return;
+    }
 }
 
 /*

More information about the openssl-commits mailing list