aboutsummaryrefslogtreecommitdiff
path: root/crypto/openssl/ssl
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssl/ssl')
-rw-r--r--crypto/openssl/ssl/quic/quic_impl.c7
-rw-r--r--crypto/openssl/ssl/record/methods/tls_common.c11
-rw-r--r--crypto/openssl/ssl/ssl_rsa.c5
-rw-r--r--crypto/openssl/ssl/t1_trce.c4
4 files changed, 20 insertions, 7 deletions
diff --git a/crypto/openssl/ssl/quic/quic_impl.c b/crypto/openssl/ssl/quic/quic_impl.c
index c44e6b33c2a8..cec05d5bd37b 100644
--- a/crypto/openssl/ssl/quic/quic_impl.c
+++ b/crypto/openssl/ssl/quic/quic_impl.c
@@ -3197,6 +3197,7 @@ int ossl_quic_conn_stream_conclude(SSL *s)
QCTX ctx;
QUIC_STREAM *qs;
int err;
+ int ret;
if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/0, &ctx))
return 0;
@@ -3204,13 +3205,15 @@ int ossl_quic_conn_stream_conclude(SSL *s)
qs = ctx.xso->stream;
if (!quic_mutation_allowed(ctx.qc, /*req_active=*/1)) {
+ ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
qctx_unlock(&ctx);
- return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
+ return ret;
}
if (!quic_validate_for_write(ctx.xso, &err)) {
+ ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
qctx_unlock(&ctx);
- return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
+ return ret;
}
if (ossl_quic_sstream_get_final_size(qs->sstream, NULL)) {
diff --git a/crypto/openssl/ssl/record/methods/tls_common.c b/crypto/openssl/ssl/record/methods/tls_common.c
index 80d4477bd0c0..b9c79099462d 100644
--- a/crypto/openssl/ssl/record/methods/tls_common.c
+++ b/crypto/openssl/ssl/record/methods/tls_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1093,9 +1093,12 @@ int tls13_common_post_process_record(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
return 0;
}
- if (rl->msg_callback != NULL)
- rl->msg_callback(0, rl->version, SSL3_RT_INNER_CONTENT_TYPE, &rec->type,
- 1, rl->cbarg);
+ if (rl->msg_callback != NULL) {
+ unsigned char ctype = (unsigned char)rec->type;
+
+ rl->msg_callback(0, rl->version, SSL3_RT_INNER_CONTENT_TYPE, &ctype,
+ 1, rl->cbarg);
+ }
/*
* TLSv1.3 alert and handshake records are required to be non-zero in
diff --git a/crypto/openssl/ssl/ssl_rsa.c b/crypto/openssl/ssl/ssl_rsa.c
index e833bcdbc377..f4731a87af90 100644
--- a/crypto/openssl/ssl/ssl_rsa.c
+++ b/crypto/openssl/ssl/ssl_rsa.c
@@ -1056,10 +1056,13 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr
}
}
- if (!X509_up_ref(x509))
+ if (!X509_up_ref(x509)) {
+ OSSL_STACK_OF_X509_free(dup_chain);
goto out;
+ }
if (!EVP_PKEY_up_ref(privatekey)) {
+ OSSL_STACK_OF_X509_free(dup_chain);
X509_free(x509);
goto out;
}
diff --git a/crypto/openssl/ssl/t1_trce.c b/crypto/openssl/ssl/t1_trce.c
index 35c60feb4371..73fd4ebaa4b0 100644
--- a/crypto/openssl/ssl/t1_trce.c
+++ b/crypto/openssl/ssl/t1_trce.c
@@ -549,8 +549,12 @@ static const ssl_trace_tbl ssl_groups_tbl[] = {
{258, "ffdhe4096"},
{259, "ffdhe6144"},
{260, "ffdhe8192"},
+ {512, "MLKEM512"},
+ {513, "MLKEM768"},
+ {514, "MLKEM1024"},
{4587, "SecP256r1MLKEM768"},
{4588, "X25519MLKEM768"},
+ {4589, "SecP384r1MLKEM1024"},
{25497, "X25519Kyber768Draft00"},
{25498, "SecP256r1Kyber768Draft00"},
{0xFF01, "arbitrary_explicit_prime_curves"},