]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 445c094)
Always use NULL BIOs when using the QUIC TLS API
authorMatt Caswell <matt@openssl.org>
Tue, 18 Mar 2025 12:51:29 +0000 (12:51 +0000)
committerTomas Mraz <tomas@openssl.org>
Thu, 20 Mar 2025 10:24:26 +0000 (11:24 +0100)
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27091)

ssl/quic/quic_tls.c patch | blob | blame | history

diff --git a/ssl/quic/quic_tls.c b/ssl/quic/quic_tls.c
index 0ed227ff894ec7f545524d1a3ae8941972afda47..dba1ec338fb754f6ed422cd5d532d024140f6ef6 100644 (file)
--- a/ssl/quic/quic_tls.c
+++ b/ssl/quic/quic_tls.c
@@ -708,10 +708,21 @@ static int raise_error(QUIC_TLS *qtls, uint64_t error_code,
 int ossl_quic_tls_configure(QUIC_TLS *qtls)
 {
     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(qtls->args.s);
+    BIO *nullbio;
 
     if (sc == NULL || !SSL_set_min_proto_version(qtls->args.s, TLS1_3_VERSION))
         return RAISE_INTERNAL_ERROR(qtls);
 
+    nullbio = BIO_new(BIO_s_null());
+    if (nullbio == NULL)
+        return RAISE_INTERNAL_ERROR(qtls);
+
+    /*
+     * Our custom record layer doesn't use the BIO - but libssl generally
+     * expects one to be present.
+     */
+    SSL_set_bio(qtls->args.s, nullbio, nullbio);
+
     SSL_clear_options(qtls->args.s, SSL_OP_ENABLE_MIDDLEBOX_COMPAT);
     ossl_ssl_set_custom_record_layer(sc, &quic_tls_record_method, qtls);
 
@@ -768,7 +779,6 @@ int ossl_quic_tls_tick(QUIC_TLS *qtls)
     if (!qtls->configured) {
         SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(qtls->args.s);
         SSL_CTX *sctx;
-        BIO *nullbio;
 
         if (sc == NULL)
             return RAISE_INTERNAL_ERROR(qtls);
@@ -792,16 +802,6 @@ int ossl_quic_tls_tick(QUIC_TLS *qtls)
         if (!ossl_quic_tls_configure(qtls))
             return RAISE_INTERNAL_ERROR(qtls);
 
-        nullbio = BIO_new(BIO_s_null());
-        if (nullbio == NULL)
-            return RAISE_INTERNAL_ERROR(qtls);
-
-        /*
-         * Our custom record layer doesn't use the BIO - but libssl generally
-         * expects one to be present.
-         */
-        SSL_set_bio(qtls->args.s, nullbio, nullbio);
-
         if (qtls->args.is_server)
             SSL_set_accept_state(qtls->args.s);
         else
Mirror of https://github.com/openssl/openssl.git