From: Matt Caswell Date: Tue, 18 Jul 2017 10:18:31 +0000 (+0100) Subject: Fix SSL_clear() in TLSv1.3 X-Git-Tag: OpenSSL_1_1_1-pre1~1019 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=59ff3f07dc88bca5cec1b28c651c4d398ffd7126;p=oweals%2Fopenssl.git Fix SSL_clear() in TLSv1.3 SSL_clear() does not reset the SSL_METHOD if a session already exists in the SSL object. However, TLSv1.3 does not have an externally visible version fixed method (only an internal one). The state machine assumes that we are always starting from a version flexible method for TLSv1.3. The simplest solution is to just fix SSL_clear() to always reset the method if it is using the internal TLSv1.3 version fixed method. Reviewed-by: Ben Kaduk Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/3954) --- diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index cef8e41c6f..d02e2816b4 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -566,10 +566,12 @@ int SSL_clear(SSL *s) /* * Check to see if we were changed into a different method, if so, revert - * back if we are not doing session-id reuse. + * back. We always do this in TLSv1.3. Below that we only do it if we are + * not doing session-id reuse. */ - if (!ossl_statem_get_in_handshake(s) && (s->session == NULL) - && (s->method != s->ctx->method)) { + if (s->method != s->ctx->method + && (SSL_IS_TLS13(s) + || (!ossl_statem_get_in_handshake(s) && s->session == NULL))) { s->method->ssl_free(s); s->method = s->ctx->method; if (!s->method->ssl_new(s))