diff options
-rw-r--r-- | ssl/record/rec_layer_d1.c | 4 | ||||
-rw-r--r-- | ssl/record/rec_layer_s3.c | 2 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 36 | ||||
-rw-r--r-- | ssl/ssl_local.h | 8 | ||||
-rw-r--r-- | ssl/statem/statem_clnt.c | 18 |
5 files changed, 19 insertions, 49 deletions
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 3a1c2f8e66..729f1a16e2 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -318,8 +318,8 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * make sure that we are not getting application data when we are * doing a handshake for the first time */ - if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && - (sc->enc_read_ctx == NULL)) { + if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) + && (SSL_IS_FIRST_HANDSHAKE(sc))) { SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_APP_DATA_IN_HANDSHAKE); return -1; diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 2de466ac5b..32bd7cf7c2 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -622,7 +622,7 @@ int ssl3_read_bytes(SSL *ssl, int type, int *recvd_type, unsigned char *buf, * doing a handshake for the first time */ if (SSL_in_init(ssl) && type == SSL3_RT_APPLICATION_DATA - && s->enc_read_ctx == NULL) { + && SSL_IS_FIRST_HANDSHAKE(s)) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_APP_DATA_IN_HANDSHAKE); return -1; } diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index e71f0b5da5..2c8a8fd3ec 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -546,8 +546,6 @@ static void clear_ciphers(SSL_CONNECTION *s) { /* clear the current cipher */ ssl_clear_cipher_ctx(s); - ssl_clear_hash_ctx(&s->read_hash); - ssl_clear_hash_ctx(&s->write_hash); } int SSL_clear(SSL *s) @@ -4716,14 +4714,6 @@ SSL *SSL_dup(SSL *s) void ssl_clear_cipher_ctx(SSL_CONNECTION *s) { - if (s->enc_read_ctx != NULL) { - EVP_CIPHER_CTX_free(s->enc_read_ctx); - s->enc_read_ctx = NULL; - } - if (s->enc_write_ctx != NULL) { - EVP_CIPHER_CTX_free(s->enc_write_ctx); - s->enc_write_ctx = NULL; - } #ifndef OPENSSL_NO_COMP COMP_CTX_free(s->expand); s->expand = NULL; @@ -5505,32 +5495,6 @@ size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx) return ctx->num_tickets; } -/* - * Allocates new EVP_MD_CTX and sets pointer to it into given pointer - * variable, freeing EVP_MD_CTX previously stored in that variable, if any. - * If EVP_MD pointer is passed, initializes ctx with this |md|. - * Returns the newly allocated ctx; - */ - -EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md) -{ - ssl_clear_hash_ctx(hash); - *hash = EVP_MD_CTX_new(); - if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) { - EVP_MD_CTX_free(*hash); - *hash = NULL; - return NULL; - } - return *hash; -} - -void ssl_clear_hash_ctx(EVP_MD_CTX **hash) -{ - - EVP_MD_CTX_free(*hash); - *hash = NULL; -} - /* Retrieve handshake hashes */ int ssl_handshake_hash(SSL_CONNECTION *s, unsigned char *out, size_t outlen, diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 043e9bb4fe..d568ce317b 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -1499,14 +1499,12 @@ struct ssl_connection_st { unsigned char server_app_traffic_secret[EVP_MAX_MD_SIZE]; unsigned char exporter_master_secret[EVP_MAX_MD_SIZE]; unsigned char early_exporter_master_secret[EVP_MAX_MD_SIZE]; - EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ + unsigned char read_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static read IV */ - EVP_MD_CTX *read_hash; /* used for mac generation */ COMP_CTX *compress; /* compression */ COMP_CTX *expand; /* uncompress */ - EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ unsigned char write_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static write IV */ - EVP_MD_CTX *write_hash; /* used for mac generation */ + /* session info */ /* client cert? */ /* This is used to hold the server certificate used */ @@ -2824,8 +2822,6 @@ __owur int ssl_security_cert_chain(SSL_CONNECTION *s, STACK_OF(X509) *sk, int tls_choose_sigalg(SSL_CONNECTION *s, int fatalerrs); -__owur EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md); -void ssl_clear_hash_ctx(EVP_MD_CTX **hash); __owur long ssl_get_algorithm2(SSL_CONNECTION *s); __owur int tls12_copy_sigalgs(SSL_CONNECTION *s, WPACKET *pkt, const uint16_t *psig, size_t psiglen); diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 402654b7a4..4114131435 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1785,11 +1785,21 @@ static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL_CONNECTION *s, RAW_EXTENSION *extensions = NULL; /* - * If we were sending early_data then the enc_write_ctx is now invalid and - * should not be used. + * If we were sending early_data then any alerts should not be sent using + * the old wrlmethod. */ - EVP_CIPHER_CTX_free(s->enc_write_ctx); - s->enc_write_ctx = NULL; + if (s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING + && !ssl_set_new_record_layer(s, + TLS_ANY_VERSION, + OSSL_RECORD_DIRECTION_WRITE, + OSSL_RECORD_PROTECTION_LEVEL_NONE, + NULL, 0, NULL, 0, NULL, 0, NULL, 0, + NID_undef, NULL, NULL)) { + /* SSLfatal already called */ + goto err; + } + /* We are definitely going to be using TLSv1.3 */ + s->rlayer.wrlmethod->set_protocol_version(s->rlayer.wrl, TLS1_3_VERSION); if (!tls_collect_extensions(s, extpkt, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST, &extensions, NULL, 1) |