[openssl] OpenSSL_1_1_1-stable update

dev at ddvo.net dev at ddvo.net
Fri Dec 3 10:55:49 UTC 2021


The branch OpenSSL_1_1_1-stable has been updated
       via  54c358382e917a6adc912ee0958989609c8ee136 (commit)
       via  f623a68efad0b00c698b3e10963f51971f55ffba (commit)
      from  76eb12aa278cb30a495bcee3fdc176d0a6c35052 (commit)


- Log -----------------------------------------------------------------
commit 54c358382e917a6adc912ee0958989609c8ee136
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Thu Sep 30 11:12:49 2021 +0200

    BIO_f_ssl.pod: Make clear where an SSL BIOs are expected as an argument
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17135)

commit f623a68efad0b00c698b3e10963f51971f55ffba
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Mon Sep 27 14:22:40 2021 +0200

    Fix ssl_free() and thus BIO_free() to respect BIO_NOCLOSE
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17135)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/BIO_f_ssl.pod | 17 ++++++++---------
 ssl/bio_ssl.c          |  7 +++----
 2 files changed, 11 insertions(+), 13 deletions(-)

diff --git a/doc/man3/BIO_f_ssl.pod b/doc/man3/BIO_f_ssl.pod
index 641ee2329e..8866785cfe 100644
--- a/doc/man3/BIO_f_ssl.pod
+++ b/doc/man3/BIO_f_ssl.pod
@@ -54,26 +54,26 @@ The SSL BIO is then reset to the initial accept or connect state.
 If the close flag is set when an SSL BIO is freed then the internal
 SSL structure is also freed using SSL_free().
 
-BIO_set_ssl() sets the internal SSL pointer of BIO B<b> to B<ssl> using
+BIO_set_ssl() sets the internal SSL pointer of SSL BIO B<b> to B<ssl> using
 the close flag B<c>.
 
-BIO_get_ssl() retrieves the SSL pointer of BIO B<b>, it can then be
+BIO_get_ssl() retrieves the SSL pointer of SSL BIO B<b>, it can then be
 manipulated using the standard SSL library functions.
 
 BIO_set_ssl_mode() sets the SSL BIO mode to B<client>. If B<client>
 is 1 client mode is set. If B<client> is 0 server mode is set.
 
-BIO_set_ssl_renegotiate_bytes() sets the renegotiate byte count
+BIO_set_ssl_renegotiate_bytes() sets the renegotiate byte count of SSL BIO B<b>
 to B<num>. When set after every B<num> bytes of I/O (read and write)
 the SSL session is automatically renegotiated. B<num> must be at
 least 512 bytes.
 
-BIO_set_ssl_renegotiate_timeout() sets the renegotiate timeout to
-B<seconds>. When the renegotiate timeout elapses the session is
-automatically renegotiated.
+BIO_set_ssl_renegotiate_timeout() sets the renegotiate timeout of SSL BIO B<b>
+to B<seconds>.
+When the renegotiate timeout elapses the session is automatically renegotiated.
 
 BIO_get_num_renegotiates() returns the total number of session
-renegotiations due to I/O or timeout.
+renegotiations due to I/O or timeout of SSL BIO B<b>.
 
 BIO_new_ssl() allocates an SSL BIO using SSL_CTX B<ctx> and using
 client mode if B<client> is non zero.
@@ -82,8 +82,7 @@ BIO_new_ssl_connect() creates a new BIO chain consisting of an
 SSL BIO (using B<ctx>) followed by a connect BIO.
 
 BIO_new_buffer_ssl_connect() creates a new BIO chain consisting
-of a buffering BIO, an SSL BIO (using B<ctx>) and a connect
-BIO.
+of a buffering BIO, an SSL BIO (using B<ctx>), and a connect BIO.
 
 BIO_ssl_copy_session_id() copies an SSL session id between
 BIO chains B<from> and B<to>. It does this by locating the
diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c
index c4239345b6..67097d5cca 100644
--- a/ssl/bio_ssl.c
+++ b/ssl/bio_ssl.c
@@ -76,13 +76,12 @@ static int ssl_free(BIO *a)
     if (a == NULL)
         return 0;
     bs = BIO_get_data(a);
-    if (bs->ssl != NULL)
-        SSL_shutdown(bs->ssl);
     if (BIO_get_shutdown(a)) {
+        if (bs->ssl != NULL)
+            SSL_shutdown(bs->ssl);
         if (BIO_get_init(a))
             SSL_free(bs->ssl);
-        /* Clear all flags */
-        BIO_clear_flags(a, ~0);
+        BIO_clear_flags(a, ~0); /* Clear all flags */
         BIO_set_init(a, 0);
     }
     OPENSSL_free(bs);


More information about the openssl-commits mailing list