diff options
| author | jsing <> | 2018-09-05 16:48:11 +0000 | 
|---|---|---|
| committer | jsing <> | 2018-09-05 16:48:11 +0000 | 
| commit | c67d138a999b0555285f0993584d8124abc2b926 (patch) | |
| tree | 7285548c994d450785c9af93c1936fef8e5ee489 /src/lib/libcrypto/man/RSA_get_ex_new_index.3 | |
| parent | cbd19c03dd185d497c1db407d6c4f002cb4abc92 (diff) | |
| download | openbsd-c67d138a999b0555285f0993584d8124abc2b926.tar.gz openbsd-c67d138a999b0555285f0993584d8124abc2b926.tar.bz2 openbsd-c67d138a999b0555285f0993584d8124abc2b926.zip | |
Correctly clear the current cipher state, when changing cipher state.
When a renegotiation results in a change of cipher suite, the renegotation
would fail if it switched from AEAD to non-AEAD or vice versa. This is due
to the fact that the previous EVP_AEAD or EVP_CIPHER state remained,
resulting in incorrect logic that caused MAC failures.
Rename ssl_clear_cipher_ctx() to ssl_clear_cipher_state() and split it
into separate read/write components, then call these functions from the
appropriate places when a ChangeCipherSpec message is being processed.
Also, remove the separate ssl_clear_hash_ctx() calls and fold these into
the ssl_clear_cipher_{read,write}_state() functions.
Issue reported by Bernard Spil, who also tested this diff.
ok tb@
Diffstat (limited to 'src/lib/libcrypto/man/RSA_get_ex_new_index.3')
0 files changed, 0 insertions, 0 deletions
