Fix early_data with an HRR

early_data is not allowed after an HRR. We failed to handle that correctly. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3933)
author: Matt Caswell <matt@openssl.org> 2017-07-14 14:50:48 +0100
committer: Matt Caswell <matt@openssl.org> 2017-07-18 16:51:58 +0100
commit: d4504fe5792b2dcf8ae6ef35634f1494e72d109b (patch)
tree: 7b51694b056efe6d8c86b92b6677b6eecf83372a /ssl/statem/statem_clnt.c
parent: 1e3f62a3823f7e3db9d403f724fd9d66f5b04cf8 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 55ac4dd03e..ed9bd5c209 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1571,6 +1571,13 @@ static MSG_PROCESS_RETURN tls_process_hello_retry_request(SSL *s, PACKET *pkt)
 
     s->hello_retry_request = 1;
 
+    /*
+     * If we were sending early_data then the enc_write_ctx is now invalid and
+     * should not be used.
+     */
+    EVP_CIPHER_CTX_free(s->enc_write_ctx);
+    s->enc_write_ctx = NULL;
+
     /* This will fail if it doesn't choose TLSv1.3+ */
     errorcode = ssl_choose_client_version(s, sversion, 0, &al);
     if (errorcode != 0) {
author	Matt Caswell <matt@openssl.org>	2017-07-14 14:50:48 +0100
committer	Matt Caswell <matt@openssl.org>	2017-07-18 16:51:58 +0100
commit	d4504fe5792b2dcf8ae6ef35634f1494e72d109b (patch)
tree	7b51694b056efe6d8c86b92b6677b6eecf83372a /ssl/statem/statem_clnt.c
parent	1e3f62a3823f7e3db9d403f724fd9d66f5b04cf8 (diff)