projects
/
oweals
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Use secure_getenv(3) when available.
[oweals/openssl.git]
/
ssl
/
tls13_enc.c
diff --git
a/ssl/tls13_enc.c
b/ssl/tls13_enc.c
index 3fc8e96a899c864a5a1adc9d1146c926f5c1f9a4..f7ab0fa4704003dbf111e41667b6695875b9405d 100644
(file)
--- a/
ssl/tls13_enc.c
+++ b/
ssl/tls13_enc.c
@@
-271,6
+271,7
@@
size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finsecret,
hashlen);
key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finsecret,
hashlen);
+ OPENSSL_cleanse(finsecret, sizeof(finsecret));
}
if (key == NULL
}
if (key == NULL
@@
-425,7
+426,7
@@
int tls13_change_cipher_state(SSL *s, int which)
RECORD_LAYER_reset_read_sequence(&s->rlayer);
} else {
RECORD_LAYER_reset_read_sequence(&s->rlayer);
} else {
- s->statem.
invalid_enc_write_ctx = 1
;
+ s->statem.
enc_write_state = ENC_WRITE_STATE_INVALID
;
if (s->enc_write_ctx != NULL) {
EVP_CIPHER_CTX_reset(s->enc_write_ctx);
} else {
if (s->enc_write_ctx != NULL) {
EVP_CIPHER_CTX_reset(s->enc_write_ctx);
} else {
@@
-602,12
+603,11
@@
int tls13_change_cipher_state(SSL *s, int which)
if (!tls13_hkdf_expand(s, ssl_handshake_md(s), insecret,
resumption_master_secret,
sizeof(resumption_master_secret) - 1,
if (!tls13_hkdf_expand(s, ssl_handshake_md(s), insecret,
resumption_master_secret,
sizeof(resumption_master_secret) - 1,
- hashval, hashlen, s->
session->master_key
,
+ hashval, hashlen, s->
resumption_master_secret
,
hashlen)) {
/* SSLfatal() already called */
goto err;
}
hashlen)) {
/* SSLfatal() already called */
goto err;
}
- s->session->master_key_length = hashlen;
}
if (!derive_secret_key_and_iv(s, which & SSL3_CC_WRITE, md, cipher,
}
if (!derive_secret_key_and_iv(s, which & SSL3_CC_WRITE, md, cipher,
@@
-649,7
+649,10
@@
int tls13_change_cipher_state(SSL *s, int which)
goto err;
}
goto err;
}
- s->statem.invalid_enc_write_ctx = 0;
+ if (!s->server && label == client_early_traffic)
+ s->statem.enc_write_state = ENC_WRITE_STATE_WRITE_PLAIN_ALERTS;
+ else
+ s->statem.enc_write_state = ENC_WRITE_STATE_VALID;
ret = 1;
err:
OPENSSL_cleanse(secret, sizeof(secret));
ret = 1;
err:
OPENSSL_cleanse(secret, sizeof(secret));
@@
-672,7
+675,7
@@
int tls13_update_key(SSL *s, int sending)
insecret = s->client_app_traffic_secret;
if (sending) {
insecret = s->client_app_traffic_secret;
if (sending) {
- s->statem.
invalid_enc_write_ctx = 1
;
+ s->statem.
enc_write_state = ENC_WRITE_STATE_INVALID
;
iv = s->write_iv;
ciph_ctx = s->enc_write_ctx;
RECORD_LAYER_reset_write_sequence(&s->rlayer);
iv = s->write_iv;
ciph_ctx = s->enc_write_ctx;
RECORD_LAYER_reset_write_sequence(&s->rlayer);
@@
-693,7
+696,7
@@
int tls13_update_key(SSL *s, int sending)
memcpy(insecret, secret, hashlen);
memcpy(insecret, secret, hashlen);
- s->statem.
invalid_enc_write_ctx = 0
;
+ s->statem.
enc_write_state = ENC_WRITE_STATE_VALID
;
ret = 1;
err:
OPENSSL_cleanse(secret, sizeof(secret));
ret = 1;
err:
OPENSSL_cleanse(secret, sizeof(secret));
@@
-702,7
+705,8
@@
int tls13_update_key(SSL *s, int sending)
int tls13_alert_code(int code)
{
int tls13_alert_code(int code)
{
- if (code == SSL_AD_MISSING_EXTENSION)
+ /* There are 2 additional alerts in TLSv1.3 compared to TLSv1.2 */
+ if (code == SSL_AD_MISSING_EXTENSION || code == SSL_AD_CERTIFICATE_REQUIRED)
return code;
return tls1_alert_code(code);
return code;
return tls1_alert_code(code);