mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-18 13:44:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Remove some redundant code

Browse Source 
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
This commit is contained in:
Matt Caswell 2022-07-26 12:44:09 +01:00
parent a16f9d3366
commit 19d0044448
10 changed files with 80 additions and 270 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ssl/record/rec_layer_d1.c
View File

@ -184,9 +184,6 @@ static void dtls_unbuffer_record(SSL_CONNECTION *s)
}
#endif
/* Set proper sequence number for mac calculation */
memcpy(&(s->rlayer.read_sequence[2]), &(rdata->seq_num[2]), 6);
OPENSSL_free(item->data);
pitem_free(item);
}
@ -854,10 +851,8 @@ int do_dtls1_write(SSL_CONNECTION *sc, int type, const unsigned char *buf,
void dtls1_reset_seq_numbers(SSL_CONNECTION *s, int rw)
{
unsigned char *seq;
unsigned int seq_bytes = sizeof(s->rlayer.read_sequence);
if (rw & SSL3_CC_READ) {
seq = s->rlayer.read_sequence;
s->rlayer.d->r_epoch++;
/*
@ -870,7 +865,6 @@ void dtls1_reset_seq_numbers(SSL_CONNECTION *s, int rw)
memcpy(s->rlayer.d->last_write_sequence, seq,
sizeof(s->rlayer.write_sequence));
s->rlayer.d->w_epoch++;
memset(seq, 0, sizeof(s->rlayer.write_sequence));
}
memset(seq, 0, seq_bytes);
}

6
ssl/record/rec_layer_s3.c
View File

@ -44,7 +44,6 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl)
ssl3_release_write_buffer(rl->s);
RECORD_LAYER_reset_read_sequence(rl);
RECORD_LAYER_reset_write_sequence(rl);
if (rl->rrlmethod != NULL)
@ -82,11 +81,6 @@ int RECORD_LAYER_write_pending(const RECORD_LAYER *rl)
&& SSL3_BUFFER_get_left(&rl->wbuf[rl->numwpipes - 1]) != 0;
}
void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl)
{
memset(rl->read_sequence, 0, sizeof(rl->read_sequence));
}
void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl)
{
memset(rl->write_sequence, 0, sizeof(rl->write_sequence));

4
ssl/record/record.h
View File

@ -178,8 +178,7 @@ typedef struct record_layer_st {
/* number of bytes submitted */
size_t wpend_ret;
const unsigned char *wpend_buf;
/* TODO(RECLAYER): Why do we need this */
unsigned char read_sequence[SEQ_NUM_SIZE];
unsigned char write_sequence[SEQ_NUM_SIZE];
/* Count of the number of consecutive warning alerts received */
unsigned int alert_count;
@ -223,7 +222,6 @@ void RECORD_LAYER_release(RECORD_LAYER *rl);
int RECORD_LAYER_read_pending(const RECORD_LAYER *rl);
int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl);
int RECORD_LAYER_write_pending(const RECORD_LAYER *rl);
void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl);
void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl);
int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl);
__owur size_t ssl3_pending(const SSL *s);

1
ssl/record/record_local.h
View File

@ -18,7 +18,6 @@
/* Functions/macros provided by the RECORD_LAYER component */
#define RECORD_LAYER_get_read_sequence(rl) ((rl)->read_sequence)
#define RECORD_LAYER_get_write_sequence(rl) ((rl)->write_sequence)
#define RECORD_LAYER_inc_empty_record_count(rl) ((rl)->empty_record_count++)
#define RECORD_LAYER_reset_empty_record_count(rl) \

258
ssl/record/ssl3_record.c
View File

@ -179,25 +179,19 @@ int ssl3_enc(SSL_CONNECTION *s, SSL3_RECORD *inrecs, size_t n_recs, int sending,
size_t bs;
const EVP_CIPHER *enc;
assert(sending);
rec = inrecs;
/*
* We shouldn't ever be called with more than one record in the SSLv3 case
*/
if (n_recs != 1)
return 0;
if (sending) {
ds = s->enc_write_ctx;
if (s->enc_write_ctx == NULL)
enc = NULL;
else
enc = EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx);
} else {
ds = s->enc_read_ctx;
if (s->enc_read_ctx == NULL)
enc = NULL;
else
enc = EVP_CIPHER_CTX_get0_cipher(s->enc_read_ctx);
}
ds = s->enc_write_ctx;
if (s->enc_write_ctx == NULL)
enc = NULL;
else
enc = EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx);
if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
memmove(rec->data, rec->input, rec->length);
@ -210,7 +204,7 @@ int ssl3_enc(SSL_CONNECTION *s, SSL3_RECORD *inrecs, size_t n_recs, int sending,
/* COMPRESS */
if ((bs != 1) && sending && !provided) {
if ((bs != 1) && !provided) {
/*
* We only do this for legacy ciphers. Provided ciphers add the
* padding on the provider side.
@ -228,14 +222,6 @@ int ssl3_enc(SSL_CONNECTION *s, SSL3_RECORD *inrecs, size_t n_recs, int sending,
rec->input[l - 1] = (unsigned char)(i - 1);
}
if (!sending) {
if (l == 0 || l % bs != 0) {
/* Publicly invalid */
return 0;
}
/* otherwise, rec->length >= bs */
}
if (EVP_CIPHER_get0_provider(enc) != NULL) {
int outlen;
@ -243,41 +229,12 @@ int ssl3_enc(SSL_CONNECTION *s, SSL3_RECORD *inrecs, size_t n_recs, int sending,
(unsigned int)l))
return 0;
rec->length = outlen;
if (!sending && mac != NULL) {
/* Now get a pointer to the MAC */
OSSL_PARAM params[2], *p = params;
/* Get the MAC */
mac->alloced = 0;
*p++ = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_TLS_MAC,
(void **)&mac->mac,
macsize);
*p = OSSL_PARAM_construct_end();
if (!EVP_CIPHER_CTX_get_params(ds, params)) {
/* Shouldn't normally happen */
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
}
} else {
if (EVP_Cipher(ds, rec->data, rec->input, (unsigned int)l) < 1) {
/* Shouldn't happen */
SSLfatal(s, SSL_AD_BAD_RECORD_MAC, ERR_R_INTERNAL_ERROR);
return 0;
}
if (!sending)
return ssl3_cbc_remove_padding_and_mac(&rec->length,
rec->orig_len,
rec->data,
(mac != NULL) ? &mac->mac : NULL,
(mac != NULL) ? &mac->alloced : NULL,
bs,
macsize,
SSL_CONNECTION_GET_CTX(s)->libctx);
}
}
return 1;
@ -304,66 +261,52 @@ int tls1_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending,
size_t bs, ctr, padnum, loop;
unsigned char padval;
const EVP_CIPHER *enc;
int tlstree_enc = sending ? (s->mac_flags & SSL_MAC_FLAG_WRITE_MAC_TLSTREE)
: (s->mac_flags & SSL_MAC_FLAG_READ_MAC_TLSTREE);
int tlstree_enc = (s->mac_flags & SSL_MAC_FLAG_WRITE_MAC_TLSTREE);
if (n_recs == 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
if (sending) {
if (EVP_MD_CTX_get0_md(s->write_hash)) {
int n = EVP_MD_CTX_get_size(s->write_hash);
if (!ossl_assert(n >= 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
}
ds = s->enc_write_ctx;
if (s->enc_write_ctx == NULL)
enc = NULL;
else {
int ivlen;
assert(sending);
if (EVP_MD_CTX_get0_md(s->write_hash)) {
int n = EVP_MD_CTX_get_size(s->write_hash);
enc = EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx);
/* For TLSv1.1 and later explicit IV */
if (SSL_USE_EXPLICIT_IV(s)
&& EVP_CIPHER_get_mode(enc) == EVP_CIPH_CBC_MODE)
ivlen = EVP_CIPHER_get_iv_length(enc);
else
ivlen = 0;
if (ivlen > 1) {
for (ctr = 0; ctr < n_recs; ctr++) {
if (recs[ctr].data != recs[ctr].input) {
/*
* we can't write into the input stream: Can this ever
* happen?? (steve)
*/
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
} else if (RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx,
recs[ctr].input,
ivlen, 0) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
if (!ossl_assert(n >= 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
}
ds = s->enc_write_ctx;
if (s->enc_write_ctx == NULL)
enc = NULL;
else {
int ivlen;
enc = EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx);
/* For TLSv1.1 and later explicit IV */
if (SSL_USE_EXPLICIT_IV(s)
&& EVP_CIPHER_get_mode(enc) == EVP_CIPH_CBC_MODE)
ivlen = EVP_CIPHER_get_iv_length(enc);
else
ivlen = 0;
if (ivlen > 1) {
for (ctr = 0; ctr < n_recs; ctr++) {
if (recs[ctr].data != recs[ctr].input) {
/*
* we can't write into the input stream: Can this ever
* happen?? (steve)
*/
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
} else if (RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx,
recs[ctr].input,
ivlen, 0) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
}
}
} else {
if (EVP_MD_CTX_get0_md(s->read_hash)) {
int n = EVP_MD_CTX_get_size(s->read_hash);
if (!ossl_assert(n >= 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
}
ds = s->enc_read_ctx;
if (s->enc_read_ctx == NULL)
enc = NULL;
else
enc = EVP_CIPHER_CTX_get0_cipher(s->enc_read_ctx);
}
if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
@ -394,15 +337,13 @@ int tls1_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending,
& EVP_CIPH_FLAG_AEAD_CIPHER) != 0) {
unsigned char *seq;
seq = sending ? RECORD_LAYER_get_write_sequence(&s->rlayer)
: RECORD_LAYER_get_read_sequence(&s->rlayer);
seq = RECORD_LAYER_get_write_sequence(&s->rlayer);
if (SSL_CONNECTION_IS_DTLS(s)) {
/* DTLS does not support pipelining */
unsigned char dtlsseq[8], *p = dtlsseq;
s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer) :
DTLS_RECORD_LAYER_get_r_epoch(&s->rlayer), p);
s2n(DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer), p);
memcpy(p, &seq[2], 6);
memcpy(buf[ctr], dtlsseq, 8);
} else {
@ -426,12 +367,10 @@ int tls1_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending,
return 0;
}
if (sending) {
reclen[ctr] += pad;
recs[ctr].length += pad;
}
reclen[ctr] += pad;
recs[ctr].length += pad;
} else if ((bs != 1) && sending && !provided) {
} else if ((bs != 1) && !provided) {
/*
* We only do this for legacy ciphers. Provided ciphers add the
* padding on the provider side.
@ -451,13 +390,6 @@ int tls1_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending,
reclen[ctr] += padnum;
recs[ctr].length += padnum;
}
if (!sending) {
if (reclen[ctr] == 0 || reclen[ctr] % bs != 0) {
/* Publicly invalid */
return 0;
}
}
}
if (n_recs > 1) {
unsigned char *data[SSL_MAX_PIPELINES];
@ -493,11 +425,10 @@ int tls1_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending,
* So if we are in ETM mode, we use seq 'as is' in the ctrl-function.
* Otherwise we have to decrease it in the implementation
*/
if (sending && !SSL_WRITE_ETM(s))
if (!SSL_WRITE_ETM(s))
decrement_seq = 1;
seq = sending ? RECORD_LAYER_get_write_sequence(&s->rlayer)
: RECORD_LAYER_get_read_sequence(&s->rlayer);
seq = RECORD_LAYER_get_write_sequence(&s->rlayer);
if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_TLSTREE, decrement_seq, seq) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
@ -517,45 +448,6 @@ int tls1_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending,
(unsigned int)reclen[0]))
return 0;
recs[0].length = outlen;
/*
* The length returned from EVP_CipherUpdate above is the actual
* payload length. We need to adjust the data/input ptr to skip over
* any explicit IV
*/
if (!sending) {
if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_GCM_MODE) {
recs[0].data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
recs[0].input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
} else if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_CCM_MODE) {
recs[0].data += EVP_CCM_TLS_EXPLICIT_IV_LEN;
recs[0].input += EVP_CCM_TLS_EXPLICIT_IV_LEN;
} else if (bs != 1 && SSL_USE_EXPLICIT_IV(s)) {
recs[0].data += bs;
recs[0].input += bs;
recs[0].orig_len -= bs;
}
/* Now get a pointer to the MAC (if applicable) */
if (macs != NULL) {
OSSL_PARAM params[2], *p = params;
/* Get the MAC */
macs[0].alloced = 0;
*p++ = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_TLS_MAC,
(void **)&macs[0].mac,
macsize);
*p = OSSL_PARAM_construct_end();
if (!EVP_CIPHER_CTX_get_params(ds, params)) {
/* Shouldn't normally happen */
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
ERR_R_INTERNAL_ERROR);
return 0;
}
}
}
} else {
/* Legacy cipher */
@ -568,45 +460,6 @@ int tls1_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending,
/* AEAD can fail to verify MAC */
return 0;
}
if (!sending) {
for (ctr = 0; ctr < n_recs; ctr++) {
/* Adjust the record to remove the explicit IV/MAC/Tag */
if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_GCM_MODE) {
recs[ctr].data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
recs[ctr].input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
recs[ctr].length -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
} else if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_CCM_MODE) {
recs[ctr].data += EVP_CCM_TLS_EXPLICIT_IV_LEN;
recs[ctr].input += EVP_CCM_TLS_EXPLICIT_IV_LEN;
recs[ctr].length -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
} else if (bs != 1 && SSL_USE_EXPLICIT_IV(s)) {
if (recs[ctr].length < bs)
return 0;
recs[ctr].data += bs;
recs[ctr].input += bs;
recs[ctr].length -= bs;
recs[ctr].orig_len -= bs;
}
/*
* If using Mac-then-encrypt, then this will succeed but
* with a random MAC if padding is invalid
*/
if (!tls1_cbc_remove_padding_and_mac(&recs[ctr].length,
recs[ctr].orig_len,
recs[ctr].data,
(macs != NULL) ? &macs[ctr].mac : NULL,
(macs != NULL) ? &macs[ctr].alloced
: NULL,
bs,
pad ? (size_t)pad : macsize,
(EVP_CIPHER_get_flags(enc)
& EVP_CIPH_FLAG_AEAD_CIPHER) != 0,
SSL_CONNECTION_GET_CTX(s)->libctx))
return 0;
}
}
}
}
return 1;
@ -681,10 +534,8 @@ int tls1_mac_old(SSL_CONNECTION *sc, SSL3_RECORD *rec, unsigned char *md,
int i;
EVP_MD_CTX *hmac = NULL, *mac_ctx;
unsigned char header[13];
int stream_mac = sending ? (sc->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM)
: (sc->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM);
int tlstree_mac = sending ? (sc->mac_flags & SSL_MAC_FLAG_WRITE_MAC_TLSTREE)
: (sc->mac_flags & SSL_MAC_FLAG_READ_MAC_TLSTREE);
int stream_mac = (sc->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM);
int tlstree_mac = (sc->mac_flags & SSL_MAC_FLAG_WRITE_MAC_TLSTREE);
int t;
int ret = 0;
@ -721,8 +572,7 @@ int tls1_mac_old(SSL_CONNECTION *sc, SSL3_RECORD *rec, unsigned char *md,
if (SSL_CONNECTION_IS_DTLS(sc)) {
unsigned char dtlsseq[8], *p = dtlsseq;
s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&sc->rlayer) :
DTLS_RECORD_LAYER_get_r_epoch(&sc->rlayer), p);
s2n(DTLS_RECORD_LAYER_get_w_epoch(&sc->rlayer), p);
memcpy(p, &seq[2], 6);
memcpy(header, dtlsseq, 8);

47
ssl/record/ssl3_record_tls13.c
View File

@ -7,6 +7,7 @@
* https://www.openssl.org/source/license.html
*/
#include <assert.h>
#include "../ssl_local.h"
#include "record_local.h"
#include "internal/cryptlib.h"
@ -40,15 +41,10 @@ int tls13_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending,
return 0;
}
if (sending) {
ctx = s->enc_write_ctx;
staticiv = s->write_iv;
seq = RECORD_LAYER_get_write_sequence(&s->rlayer);
} else {
ctx = s->enc_read_ctx;
staticiv = s->read_iv;
seq = RECORD_LAYER_get_read_sequence(&s->rlayer);
}
assert(sending);
ctx = s->enc_write_ctx;
staticiv = s->write_iv;
seq = RECORD_LAYER_get_write_sequence(&s->rlayer);
/*
* If we're sending an alert and ctx != NULL then we must be forcing
@ -97,8 +93,7 @@ int tls13_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending,
taglen = EVP_CCM8_TLS_TAG_LEN;
else
taglen = EVP_CCM_TLS_TAG_LEN;
if (sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen,
NULL) <= 0) {
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, NULL) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -111,16 +106,6 @@ int tls13_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending,
return 0;
}
if (!sending) {
/*
* Take off tag. There must be at least one byte of content type as
* well as the tag
*/
if (rec->length < taglen + 1)
return 0;
rec->length -= taglen;
}
/* Set up IV */
if (ivlen < SEQ_NUM_SIZE) {
/* Should not happen */
@ -143,10 +128,7 @@ int tls13_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending,
return 0;
}
if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, sending) <= 0
|| (!sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
taglen,
rec->data + rec->length) <= 0)) {
if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, sending) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -179,15 +161,14 @@ int tls13_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending,
|| (size_t)(lenu + lenf) != rec->length) {
return 0;
}
if (sending) {
/* Add the tag */
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen,
rec->data + rec->length) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
rec->length += taglen;
/* Add the tag */
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen,
rec->data + rec->length) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
rec->length += taglen;
return 1;
}

1
ssl/statem/statem_dtls.c
View File

@ -922,7 +922,6 @@ static int dtls_get_reassembled_message(SSL_CONNECTION *s, int *errtype,
/*-
* for these 2 messages, we need to
* ssl->enc_read_ctx re-init
* ssl->rlayer.read_sequence zero
* ssl->s3.read_mac_secret re-init
* ssl->session->read_sym_enc assign
* ssl->session->read_compression assign

9
ssl/t1_enc.c
View File

@ -414,10 +414,11 @@ int tls1_change_cipher_state(SSL_CONNECTION *s, int which)
goto err;
}
if (which & SSL3_CC_WRITE)
rl_sequence = RECORD_LAYER_get_write_sequence(&s->rlayer);
else
rl_sequence = RECORD_LAYER_get_read_sequence(&s->rlayer);
/*
* If we get here we are only doing the write side. The read side goes
* through the new record layer code.
*/
rl_sequence = RECORD_LAYER_get_write_sequence(&s->rlayer);
if (!ktls_configure_crypto(sctx->libctx, s->version, c, m, rl_sequence,
&crypto_info, which & SSL3_CC_WRITE, iv,

12
ssl/tls13_enc.c
View File

@ -472,8 +472,6 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
if (which & SSL3_CC_READ) {
iv = s->read_iv;
RECORD_LAYER_reset_read_sequence(&s->rlayer);
} else {
s->statem.enc_write_state = ENC_WRITE_STATE_INVALID;
if (s->enc_write_ctx != NULL) {
@ -763,10 +761,11 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
}
/* configure kernel crypto structure */
if (which & SSL3_CC_WRITE)
rl_sequence = RECORD_LAYER_get_write_sequence(&s->rlayer);
else
rl_sequence = RECORD_LAYER_get_read_sequence(&s->rlayer);
/*
* If we get here we are only doing the write side. The read side goes
* through the new record layer code.
*/
rl_sequence = RECORD_LAYER_get_write_sequence(&s->rlayer);
if (!ktls_configure_crypto(sctx->libctx, s->version, cipher, NULL,
rl_sequence, &crypto_info, which & SSL3_CC_WRITE,
@ -821,7 +820,6 @@ int tls13_update_key(SSL_CONNECTION *s, int sending)
} else {
iv = s->read_iv;
ciph_ctx = s->enc_read_ctx;
RECORD_LAYER_reset_read_sequence(&s->rlayer);
}
if (!derive_secret_key_and_iv(s, sending, md,

4
test/tls13secretstest.c
View File

@ -157,10 +157,6 @@ const EVP_MD *ssl_handshake_md(SSL_CONNECTION *s)
return EVP_sha256();
}
void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl)
{
}
void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl)
{
}