diff options
| author | tb <> | 2021-03-27 17:56:28 +0000 |
|---|---|---|
| committer | tb <> | 2021-03-27 17:56:28 +0000 |
| commit | c181c81fb01592ad1d49ebf7afa9676c41a32aaf (patch) | |
| tree | ac68380783b8a8e28d9f271506951e261e2e33a4 /src/lib/libssl/ssl_both.c | |
| parent | 5d4b8b6f9a8de0dda3e5c12178bbb427e7f32037 (diff) | |
| download | openbsd-c181c81fb01592ad1d49ebf7afa9676c41a32aaf.tar.gz openbsd-c181c81fb01592ad1d49ebf7afa9676c41a32aaf.tar.bz2 openbsd-c181c81fb01592ad1d49ebf7afa9676c41a32aaf.zip | |
Garbage collect s->internal->type
This variable is used in the legacy stack to decide whether we are
a server or a client. That's what s->server is for...
The new TLSv1.3 stack failed to set s->internal->type, which resulted
in hilarious mishandling of previous_{client,server}_finished. Indeed,
both client and server would first store the client's verify_data in
previous_server_finished and later overwrite it with the server's
verify_data. Consequently, renegotiation has been completely broken
for more than a year. In fact, server side renegotiation was broken
during the 6.5 release cycle. Clearly, no-one uses this.
This commit fixes client side renegotiation and restores the previous
behavior of SSL_get_client_CA_list(). Server side renegotiation will
be fixed in a later commit.
ok jsing
Diffstat (limited to 'src/lib/libssl/ssl_both.c')
| -rw-r--r-- | src/lib/libssl/ssl_both.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c index 6625286daf..789ab01213 100644 --- a/src/lib/libssl/ssl_both.c +++ b/src/lib/libssl/ssl_both.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_both.c,v 1.25 2021/03/24 18:44:00 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_both.c,v 1.26 2021/03/27 17:56:28 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -181,7 +181,7 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) | |||
| 181 | S3I(s)->tmp.finish_md_len = md_len; | 181 | S3I(s)->tmp.finish_md_len = md_len; |
| 182 | 182 | ||
| 183 | /* Copy finished so we can use it for renegotiation checks. */ | 183 | /* Copy finished so we can use it for renegotiation checks. */ |
| 184 | if (s->internal->type == SSL_ST_CONNECT) { | 184 | if (!s->server) { |
| 185 | memcpy(S3I(s)->previous_client_finished, | 185 | memcpy(S3I(s)->previous_client_finished, |
| 186 | S3I(s)->tmp.finish_md, md_len); | 186 | S3I(s)->tmp.finish_md, md_len); |
| 187 | S3I(s)->previous_client_finished_len = md_len; | 187 | S3I(s)->previous_client_finished_len = md_len; |
| @@ -285,7 +285,7 @@ ssl3_get_finished(SSL *s, int a, int b) | |||
| 285 | 285 | ||
| 286 | /* Copy finished so we can use it for renegotiation checks. */ | 286 | /* Copy finished so we can use it for renegotiation checks. */ |
| 287 | OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); | 287 | OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); |
| 288 | if (s->internal->type == SSL_ST_ACCEPT) { | 288 | if (s->server) { |
| 289 | memcpy(S3I(s)->previous_client_finished, | 289 | memcpy(S3I(s)->previous_client_finished, |
| 290 | S3I(s)->tmp.peer_finish_md, md_len); | 290 | S3I(s)->tmp.peer_finish_md, md_len); |
| 291 | S3I(s)->previous_client_finished_len = md_len; | 291 | S3I(s)->previous_client_finished_len = md_len; |