mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-17 14:32:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Remove the read_iv/write_iv fields from SSL_CONNECTION

Browse Source 
These fields are instead held in the new record layer code and are
therefore no longer needed.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19586)
This commit is contained in:
Matt Caswell 2022-10-31 16:31:28 +00:00 committed by Hugo Landau
parent 6d814fd607
commit b83eac48ed
2 changed files with 3 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ssl/ssl_local.h
View File

@ -1500,9 +1500,6 @@ struct ssl_connection_st {
unsigned char exporter_master_secret[EVP_MAX_MD_SIZE];
unsigned char early_exporter_master_secret[EVP_MAX_MD_SIZE];
unsigned char read_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static read IV */
unsigned char write_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static write IV */
/* session info */
/* client cert? */
/* This is used to hold the server certificate used */

15
ssl/tls13_enc.c
View File

@ -429,7 +429,7 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
static const unsigned char resumption_master_secret[] = "\x72\x65\x73\x20\x6D\x61\x73\x74\x65\x72";
/* ASCII: "e exp master", in hex for EBCDIC compatibility */
static const unsigned char early_exporter_master_secret[] = "\x65\x20\x65\x78\x70\x20\x6D\x61\x73\x74\x65\x72";
unsigned char *iv;
unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char key[EVP_MAX_KEY_LENGTH];
unsigned char secret[EVP_MAX_MD_SIZE];
unsigned char hashval[EVP_MAX_MD_SIZE];
@ -449,11 +449,6 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
int direction = (which & SSL3_CC_READ) != 0 ? OSSL_RECORD_DIRECTION_READ
: OSSL_RECORD_DIRECTION_WRITE;
if (which & SSL3_CC_READ)
iv = s->read_iv;
else
iv = s->write_iv;
if (((which & SSL3_CC_CLIENT) && (which & SSL3_CC_WRITE))
|| ((which & SSL3_CC_SERVER) && (which & SSL3_CC_READ))) {
if (which & SSL3_CC_EARLY) {
@ -707,13 +702,14 @@ int tls13_update_key(SSL_CONNECTION *s, int sending)
const EVP_MD *md = ssl_handshake_md(s);
size_t hashlen;
unsigned char key[EVP_MAX_KEY_LENGTH];
unsigned char *insecret, *iv;
unsigned char *insecret;
unsigned char secret[EVP_MAX_MD_SIZE];
char *log_label;
size_t keylen, ivlen, taglen;
int ret = 0, l;
int direction = sending ? OSSL_RECORD_DIRECTION_WRITE
: OSSL_RECORD_DIRECTION_READ;
unsigned char iv[EVP_MAX_IV_LENGTH];
if ((l = EVP_MD_get_size(md)) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@ -726,11 +722,6 @@ int tls13_update_key(SSL_CONNECTION *s, int sending)
else
insecret = s->client_app_traffic_secret;
if (sending)
iv = s->write_iv;
else
iv = s->read_iv;
if (!derive_secret_key_and_iv(s, sending, md,
s->s3.tmp.new_sym_enc, insecret, NULL,
application_traffic,