[openssl/openssl] 3520f5: Remove spurious error queue entries on early data

Matt Caswell noreply at github.com
Tue Mar 14 21:47:30 UTC 2023


  Branch: refs/heads/openssl-3.0
  Home:   https://github.com/openssl/openssl
  Commit: 3520f5ac91ad79d539857a8cd9648b88690c970c
      https://github.com/openssl/openssl/commit/3520f5ac91ad79d539857a8cd9648b88690c970c
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-03-15 (Wed, 15 Mar 2023)

  Changed paths:
    M ssl/record/ssl3_record.c

  Log Message:
  -----------
  Remove spurious error queue entries on early data

Early data decryption is expected to fail sometimes. If it does we should
not leave spurious error entries on the queue.

Fixes #20377

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20442)

(cherry picked from commit d015b50dc9af0640c7c019a693368c3488d692d8)


  Commit: 00e9d52f14fc2d3b43114d33e704156d5c9b6f49
      https://github.com/openssl/openssl/commit/00e9d52f14fc2d3b43114d33e704156d5c9b6f49
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-03-15 (Wed, 15 Mar 2023)

  Changed paths:
    M test/sslapitest.c

  Log Message:
  -----------
  Test that there are no errors on the stack for rejected early data

If we reject early data then it is normal for decryption operations to
fail. We should ensure there are no spurious errors on the stack in that
case. This adds a test for that scenario.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20442)

(cherry picked from commit 85e247ebc08c07ed4a86f8a128ddceeb3f48bcbc)


Compare: https://github.com/openssl/openssl/compare/ce31a7c60460...00e9d52f14fc


More information about the openssl-commits mailing list