mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-23 14:42:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix SSL_clear() in TLSv1.3

Browse Source 
SSL_clear() does not reset the SSL_METHOD if a session already exists in
the SSL object. However, TLSv1.3 does not have an externally visible
version fixed method (only an internal one). The state machine assumes
that we are always starting from a version flexible method for TLSv1.3.
The simplest solution is to just fix SSL_clear() to always reset the method
if it is using the internal TLSv1.3 version fixed method.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3954)
This commit is contained in:
Matt Caswell 2017-07-18 11:18:31 +01:00
parent 00848ea842
commit 59ff3f07dc
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ssl/ssl_lib.c
View File

@ -566,10 +566,12 @@ int SSL_clear(SSL *s)
/*
* Check to see if we were changed into a different method, if so, revert
* back if we are not doing session-id reuse.
* back. We always do this in TLSv1.3. Below that we only do it if we are
* not doing session-id reuse.
*/
if (!ossl_statem_get_in_handshake(s) && (s->session == NULL)
&& (s->method != s->ctx->method)) {
if (s->method != s->ctx->method
&& (SSL_IS_TLS13(s)
|| (!ossl_statem_get_in_handshake(s) && s->session == NULL))) {
s->method->ssl_free(s);
s->method = s->ctx->method;
if (!s->method->ssl_new(s))