Remove enc_write_state

This field was used to track whether a cipher ctx was valid for writing
or not, and also whether we should write out plaintext alerts. With the new
record layer design we no longer need to track whether a cipher ctx is valid
since the whole record layer will be aborted if it is not. Also we have a
different mechanism for tracking whether we should write out plaintext
alerts. Therefore this field is removed from the SSL object.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)

1 files changed, 13 insertions, 46 deletions

diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 95861eb3f4..1c7fd93240 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -343,8 +343,7 @@ static int derive_secret_key_and_iv(SSL_CONNECTION *s, int sending,
                                     size_t labellen, unsigned char *secret,
                                     unsigned char *key, size_t *keylen,
                                     unsigned char *iv, size_t *ivlen,
-                                    size_t *taglen,
-                                    EVP_CIPHER_CTX *ciph_ctx)
+                                    size_t *taglen)
 {
     int hashleni = EVP_MD_get_size(md);
     size_t hashlen;
@@ -409,17 +408,6 @@ static int derive_secret_key_and_iv(SSL_CONNECTION *s, int sending,
         return 0;
     }
 
-    if (sending) {
-        if (EVP_CipherInit_ex(ciph_ctx, ciph, NULL, NULL, NULL, sending) <= 0
-            || EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_IVLEN, *ivlen, NULL) <= 0
-            || (mode == EVP_CIPH_CCM_MODE
-                && EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG, *taglen, NULL) <= 0)
-            || EVP_CipherInit_ex(ciph_ctx, NULL, NULL, key, NULL, -1) <= 0) {
-            SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
-            return 0;
-        }
-    }
-
     return 1;
 }
 
@@ -449,7 +437,6 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
     unsigned char *insecret;
     unsigned char *finsecret = NULL;
     const char *log_label = NULL;
-    EVP_CIPHER_CTX *ciph_ctx = NULL;
     size_t finsecretlen = 0;
     const unsigned char *label;
     size_t labellen, hashlen = 0;
@@ -462,25 +449,11 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
     int direction = (which & SSL3_CC_READ) != 0 ? OSSL_RECORD_DIRECTION_READ
                                                 : OSSL_RECORD_DIRECTION_WRITE;
 
-    if (which & SSL3_CC_READ) {
+    if (which & SSL3_CC_READ)
         iv = s->read_iv;
-    } else {
-        s->statem.enc_write_state = ENC_WRITE_STATE_INVALID;
-        if (s->enc_write_ctx != NULL) {
-            EVP_CIPHER_CTX_reset(s->enc_write_ctx);
-        } else {
-            s->enc_write_ctx = EVP_CIPHER_CTX_new();
-            if (s->enc_write_ctx == NULL) {
-                SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
-                goto err;
-            }
-        }
-        ciph_ctx = s->enc_write_ctx;
+    else
         iv = s->write_iv;
 
-        RECORD_LAYER_reset_write_sequence(&s->rlayer);
-    }
-
     if (((which & SSL3_CC_CLIENT) && (which & SSL3_CC_WRITE))
             || ((which & SSL3_CC_SERVER) && (which & SSL3_CC_READ))) {
         if (which & SSL3_CC_EARLY) {
@@ -658,7 +631,7 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
 
     if (!derive_secret_key_and_iv(s, which & SSL3_CC_WRITE, md, cipher,
                                   insecret, hash, label, labellen, secret, key,
-                                  &keylen, iv, &ivlen, &taglen, ciph_ctx)) {
+                                  &keylen, iv, &ivlen, &taglen)) {
         /* SSLfatal() already called */
         goto err;
     }
@@ -695,10 +668,12 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
         goto err;
     }
 
-    if (!s->server && label == client_early_traffic)
-        s->statem.enc_write_state = ENC_WRITE_STATE_WRITE_PLAIN_ALERTS;
-    else
-        s->statem.enc_write_state = ENC_WRITE_STATE_VALID;
+    if ((which & SSL3_CC_WRITE) != 0) {
+        if (!s->server && label == client_early_traffic)
+            s->rlayer.wrlmethod->set_plain_alerts(s->rlayer.wrl, 1);
+        else
+            s->rlayer.wrlmethod->set_plain_alerts(s->rlayer.wrl, 0);
+    }
 
     level = (which & SSL3_CC_EARLY) != 0
             ? OSSL_RECORD_PROTECTION_LEVEL_EARLY
@@ -735,7 +710,6 @@ int tls13_update_key(SSL_CONNECTION *s, int sending)
     unsigned char *insecret, *iv;
     unsigned char secret[EVP_MAX_MD_SIZE];
     char *log_label;
-    EVP_CIPHER_CTX *ciph_ctx;
     size_t keylen, ivlen, taglen;
     int ret = 0, l;
     int direction = sending ? OSSL_RECORD_DIRECTION_WRITE
@@ -752,21 +726,16 @@ int tls13_update_key(SSL_CONNECTION *s, int sending)
     else
         insecret = s->client_app_traffic_secret;
 
-    if (sending) {
-        s->statem.enc_write_state = ENC_WRITE_STATE_INVALID;
+    if (sending)
         iv = s->write_iv;
-        ciph_ctx = s->enc_write_ctx;
-        RECORD_LAYER_reset_write_sequence(&s->rlayer);
-    } else {
+    else
         iv = s->read_iv;
-        ciph_ctx = s->enc_read_ctx;
-    }
 
     if (!derive_secret_key_and_iv(s, sending, md,
                                   s->s3.tmp.new_sym_enc, insecret, NULL,
                                   application_traffic,
                                   sizeof(application_traffic) - 1, secret, key,
-                                  &keylen, iv, &ivlen, &taglen, ciph_ctx)) {
+                                  &keylen, iv, &ivlen, &taglen)) {
         /* SSLfatal() already called */
         goto err;
     }
@@ -789,8 +758,6 @@ int tls13_update_key(SSL_CONNECTION *s, int sending)
         /* SSLfatal() already called */
         goto err;
     }
-
-    s->statem.enc_write_state = ENC_WRITE_STATE_VALID;
     ret = 1;
  err:
     OPENSSL_cleanse(key, sizeof(key));