[openssl/openssl] de1b21: Fix an assertion failure in tls_common.c

Matt Caswell noreply at github.com
Wed Jan 31 10:24:50 UTC 2024 

  Branch: refs/heads/openssl-3.2
  Home:   https://github.com/openssl/openssl
  Commit: de1b21fcfc476269460b8e23161eb41829cb66b9
      https://github.com/openssl/openssl/commit/de1b21fcfc476269460b8e23161eb41829cb66b9
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-01-31 (Wed, 31 Jan 2024)

  Changed paths:
    M ssl/ssl_lib.c

  Log Message:
  -----------
  Fix an assertion failure in tls_common.c

When we clear the record layer, we better make sure we clear all relevant
fields, otherwise we can get ourselves into an unexpected state.

Fixes #23255

Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23256)

(cherry picked from commit 5fb065589d3a4dfeeb6d48b0561ab3145ceb2127)


  Commit: f39273857f7abba8b3bcc1faf0ad4b25f301759f
      https://github.com/openssl/openssl/commit/f39273857f7abba8b3bcc1faf0ad4b25f301759f
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-01-31 (Wed, 31 Jan 2024)

  Changed paths:
    M ssl/statem/statem_lib.c

  Log Message:
  -----------
  When selecting a method ensure we use the correct client/server version

Using the client one when the server once should be used could cause a
later call to SSL_set_accept_state() to unexpectedly fail.

Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23256)

(cherry picked from commit a86714041d8a5868c629e9027e28c6d1dacde5f9)


  Commit: ef3ea0985c7535612d52b25bed45e5a9ce6fe3cc
      https://github.com/openssl/openssl/commit/ef3ea0985c7535612d52b25bed45e5a9ce6fe3cc
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-01-31 (Wed, 31 Jan 2024)

  Changed paths:
    M ssl/record/rec_layer_s3.c
    M ssl/record/record.h
    M ssl/ssl_lib.c

  Log Message:
  -----------
  Rationalise RECORD_LAYER_clear() and clear_record_layer()

We had two functions which were very similarly named, that did almost the
same thing, but not quite. We bring the two together. Doing this also fixes
a possible bug where some data may not be correctly freed when the
RECORD_LAYER_clear() version was used.

Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23256)

(cherry picked from commit 4a0e4849af1588dfe9d7e01738acc96799b83447)


  Commit: 7dffb363b2a4feba16e6df57a88c7f5f9f48942e
      https://github.com/openssl/openssl/commit/7dffb363b2a4feba16e6df57a88c7f5f9f48942e
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-01-31 (Wed, 31 Jan 2024)

  Changed paths:
    M ssl/quic/quic_tserver.c

  Log Message:
  -----------
  Free the tserver TLS object before freeing the channel

The TLS object may make callbacks into QUIC during cleanup so we must
free it first.

Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23256)

(cherry picked from commit fa4b1151c829b8be1d83cb49c9809d3a4f59fb03)


  Commit: 52154968f9e982c0baeb38a3a6baf56f882bd589
      https://github.com/openssl/openssl/commit/52154968f9e982c0baeb38a3a6baf56f882bd589
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-01-31 (Wed, 31 Jan 2024)

  Changed paths:
    M ssl/quic/quic_impl.c

  Log Message:
  -----------
  Free the QUIC TLS object before freeing the channel

Freeing the QUIC TLS object may make calls back into QUIC so we should
free it first.

Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23256)

(cherry picked from commit f7f2b665cf91650deb28beb1145ea3eca7df67aa)


  Commit: a801d21e0e941c268b8a6c81c54031c565145596
      https://github.com/openssl/openssl/commit/a801d21e0e941c268b8a6c81c54031c565145596
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-01-31 (Wed, 31 Jan 2024)

  Changed paths:
    M test/sslapitest.c

  Log Message:
  -----------
  Extend the testing of resetting/clearing an SSL connection

SSL_clear() explicitly clears an SSL object to enable it to be reused.
You can have a similar effect by calling SSL_set_accept_state() or
SSL_set_connect_state(). We extend the testing of SSL_clear() to use these
other methods. We also ensure we test the case where we have unread
bufferred data that needs to be cleared.

Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23256)

(cherry picked from commit 5de8c49d6c019ad93149871989b755b5cc7b821c)


Compare: https://github.com/openssl/openssl/compare/1e86ae513dd4...a801d21e0e94

More information about the openssl-commits mailing list