Make sure SSL_in_init() returns 0 at SSL_CB_HANDSHAKE_DONE
authorMatt Caswell <matt@openssl.org>
Thu, 19 Apr 2018 14:26:28 +0000 (15:26 +0100)
committerMatt Caswell <matt@openssl.org>
Fri, 20 Apr 2018 10:46:12 +0000 (11:46 +0100)
In 1.1.0 and before calling SSL_in_init() from the info_callback
at SSL_CB_HANDSHAKE_DONE would return 0. This commit fixes it so
that it does again for 1.1.1. This broke Node.

Fixes #4574

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6019)

ssl/statem/statem_lib.c

index a17dec9..6d0778d 100644 (file)
@@ -1090,13 +1090,18 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop)
     else if (s->ctx->info_callback != NULL)
         cb = s->ctx->info_callback;
 
+    /* The callback may expect us to not be in init at handshake done */
+    ossl_statem_set_in_init(s, 0);
+
     if (cb != NULL)
         cb(s, SSL_CB_HANDSHAKE_DONE, 1);
 
-    if (!stop)
+    if (!stop) {
+        /* If we've got more work to do we go back into init */
+        ossl_statem_set_in_init(s, 1);
         return WORK_FINISHED_CONTINUE;
+    }
 
-    ossl_statem_set_in_init(s, 0);
     return WORK_FINISHED_STOP;
 }