From: Matt Caswell <matt@openssl.org>
Date: Thu, 19 Apr 2018 14:26:28 +0000 (+0100)
Subject: Make sure SSL_in_init() returns 0 at SSL_CB_HANDSHAKE_DONE
X-Git-Tag: OpenSSL_1_1_1-pre6~72
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=4ce787b97aa66e1b4c1d48f6ec047141408056f7;p=oweals%2Fopenssl.git

Make sure SSL_in_init() returns 0 at SSL_CB_HANDSHAKE_DONE

In 1.1.0 and before calling SSL_in_init() from the info_callback
at SSL_CB_HANDSHAKE_DONE would return 0. This commit fixes it so
that it does again for 1.1.1. This broke Node.

Fixes #4574

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6019)
---

diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index a17dec9dcb..6d0778db3f 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1090,13 +1090,18 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop)
     else if (s->ctx->info_callback != NULL)
         cb = s->ctx->info_callback;
 
+    /* The callback may expect us to not be in init at handshake done */
+    ossl_statem_set_in_init(s, 0);
+
     if (cb != NULL)
         cb(s, SSL_CB_HANDSHAKE_DONE, 1);
 
-    if (!stop)
+    if (!stop) {
+        /* If we've got more work to do we go back into init */
+        ossl_statem_set_in_init(s, 1);
         return WORK_FINISHED_CONTINUE;
+    }
 
-    ossl_statem_set_in_init(s, 0);
     return WORK_FINISHED_STOP;
 }