diff options
author | Matt Caswell <matt@openssl.org> | 2022-10-31 16:31:28 +0000 |
---|---|---|
committer | Hugo Landau <hlandau@openssl.org> | 2022-11-14 07:51:17 +0000 |
commit | b83eac48ed44afecd0d392c2fa055d345578078d (patch) | |
tree | 9f348f240f2e875e3d7d1118ea1f1d48b974babb | |
parent | 6d814fd6074b5f293abc3f19a190d3e34c426b6a (diff) |
Remove the read_iv/write_iv fields from SSL_CONNECTION
These fields are instead held in the new record layer code and are
therefore no longer needed.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19586)
-rw-r--r-- | ssl/ssl_local.h | 3 | ||||
-rw-r--r-- | ssl/tls13_enc.c | 15 |
2 files changed, 3 insertions, 15 deletions
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 33ae4c9663..cc1239287c 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -1500,9 +1500,6 @@ struct ssl_connection_st { unsigned char exporter_master_secret[EVP_MAX_MD_SIZE]; unsigned char early_exporter_master_secret[EVP_MAX_MD_SIZE]; - unsigned char read_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static read IV */ - unsigned char write_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static write IV */ - /* session info */ /* client cert? */ /* This is used to hold the server certificate used */ diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 1c7fd93240..6d2f46441a 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -429,7 +429,7 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which) static const unsigned char resumption_master_secret[] = "\x72\x65\x73\x20\x6D\x61\x73\x74\x65\x72"; /* ASCII: "e exp master", in hex for EBCDIC compatibility */ static const unsigned char early_exporter_master_secret[] = "\x65\x20\x65\x78\x70\x20\x6D\x61\x73\x74\x65\x72"; - unsigned char *iv; + unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char key[EVP_MAX_KEY_LENGTH]; unsigned char secret[EVP_MAX_MD_SIZE]; unsigned char hashval[EVP_MAX_MD_SIZE]; @@ -449,11 +449,6 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which) int direction = (which & SSL3_CC_READ) != 0 ? OSSL_RECORD_DIRECTION_READ : OSSL_RECORD_DIRECTION_WRITE; - if (which & SSL3_CC_READ) - iv = s->read_iv; - else - iv = s->write_iv; - if (((which & SSL3_CC_CLIENT) && (which & SSL3_CC_WRITE)) || ((which & SSL3_CC_SERVER) && (which & SSL3_CC_READ))) { if (which & SSL3_CC_EARLY) { @@ -707,13 +702,14 @@ int tls13_update_key(SSL_CONNECTION *s, int sending) const EVP_MD *md = ssl_handshake_md(s); size_t hashlen; unsigned char key[EVP_MAX_KEY_LENGTH]; - unsigned char *insecret, *iv; + unsigned char *insecret; unsigned char secret[EVP_MAX_MD_SIZE]; char *log_label; size_t keylen, ivlen, taglen; int ret = 0, l; int direction = sending ? OSSL_RECORD_DIRECTION_WRITE : OSSL_RECORD_DIRECTION_READ; + unsigned char iv[EVP_MAX_IV_LENGTH]; if ((l = EVP_MD_get_size(md)) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -726,11 +722,6 @@ int tls13_update_key(SSL_CONNECTION *s, int sending) else insecret = s->client_app_traffic_secret; - if (sending) - iv = s->write_iv; - else - iv = s->read_iv; - if (!derive_secret_key_and_iv(s, sending, md, s->s3.tmp.new_sym_enc, insecret, NULL, application_traffic, |