[openssl] OpenSSL_1_1_1-stable update

tmraz at fedoraproject.org tmraz at fedoraproject.org
Thu Aug 13 08:20:01 UTC 2020


The branch OpenSSL_1_1_1-stable has been updated
       via  46a9ee8c796c8b5f8d95290676119b4f3d72be91 (commit)
      from  925a9d0a8168bfd0b532bc6600ba3e7ab47a7592 (commit)


- Log -----------------------------------------------------------------
commit 46a9ee8c796c8b5f8d95290676119b4f3d72be91
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date:   Thu Aug 6 15:14:29 2020 +0200

    sslapitest: Add test for premature call of SSL_export_keying_material
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/12594)
    
    (cherry picked from commit ea9f6890eb54e4b9e8b81cc1318ca3a6fc0c8356)

-----------------------------------------------------------------------

Summary of changes:
 test/sslapitest.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/test/sslapitest.c b/test/sslapitest.c
index 52207226f4..ad1824c68d 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -4432,9 +4432,20 @@ static int test_export_key_mat(int tst)
     SSL_CTX_set_min_proto_version(cctx, protocols[tst]);
 
     if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
-                                      NULL))
-            || !TEST_true(create_ssl_connection(serverssl, clientssl,
-                                                SSL_ERROR_NONE)))
+                                      NULL)))
+        goto end;
+
+    /*
+     * Premature call of SSL_export_keying_material should just fail.
+     */
+    if (!TEST_int_le(SSL_export_keying_material(clientssl, ckeymat1,
+                                                sizeof(ckeymat1), label,
+                                                SMALL_LABEL_LEN + 1, context,
+                                                sizeof(context) - 1, 1), 0))
+        goto end;
+
+    if (!TEST_true(create_ssl_connection(serverssl, clientssl,
+                                         SSL_ERROR_NONE)))
         goto end;
 
     if (tst == 5) {


More information about the openssl-commits mailing list