Correctly clear the current cipher state, when changing cipher state. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2018-09-05 16:48:11 +0000
committer	jsing <>	2018-09-05 16:48:11 +0000
commit	3dd336e6ff4073ca34d5f248d90afd65c6e3f27f (patch)
tree	7285548c994d450785c9af93c1936fef8e5ee489 /src/lib/libssl/t1_hash.c
parent	500c35c4f020d87efbd1b5f638d51d78cce1b5ea (diff)
download	openbsd-3dd336e6ff4073ca34d5f248d90afd65c6e3f27f.tar.gz openbsd-3dd336e6ff4073ca34d5f248d90afd65c6e3f27f.tar.bz2 openbsd-3dd336e6ff4073ca34d5f248d90afd65c6e3f27f.zip

Correctly clear the current cipher state, when changing cipher state.

When a renegotiation results in a change of cipher suite, the renegotation would fail if it switched from AEAD to non-AEAD or vice versa. This is due to the fact that the previous EVP_AEAD or EVP_CIPHER state remained, resulting in incorrect logic that caused MAC failures. Rename ssl_clear_cipher_ctx() to ssl_clear_cipher_state() and split it into separate read/write components, then call these functions from the appropriate places when a ChangeCipherSpec message is being processed. Also, remove the separate ssl_clear_hash_ctx() calls and fold these into the ssl_clear_cipher_{read,write}_state() functions. Issue reported by Bernard Spil, who also tested this diff. ok tb@

Diffstat (limited to 'src/lib/libssl/t1_hash.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: