projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add some fixes for Travis failures
[openssl.git]
/
ssl
/
statem
/
statem_clnt.c
diff --git
a/ssl/statem/statem_clnt.c
b/ssl/statem/statem_clnt.c
index 55ac4dd03ef29229b4afd039fb9fdaa9b82407b9..5f2855bcf4b027cebe7567298b759ed34ef364f9 100644
(file)
--- a/
ssl/statem/statem_clnt.c
+++ b/
ssl/statem/statem_clnt.c
@@
-1571,6
+1571,13
@@
static MSG_PROCESS_RETURN tls_process_hello_retry_request(SSL *s, PACKET *pkt)
s->hello_retry_request = 1;
s->hello_retry_request = 1;
+ /*
+ * If we were sending early_data then the enc_write_ctx is now invalid and
+ * should not be used.
+ */
+ EVP_CIPHER_CTX_free(s->enc_write_ctx);
+ s->enc_write_ctx = NULL;
+
/* This will fail if it doesn't choose TLSv1.3+ */
errorcode = ssl_choose_client_version(s, sversion, 0, &al);
if (errorcode != 0) {
/* This will fail if it doesn't choose TLSv1.3+ */
errorcode = ssl_choose_client_version(s, sversion, 0, &al);
if (errorcode != 0) {
@@
-2422,7
+2429,6
@@
MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
|| (SSL_IS_TLS13(s)
&& (!PACKET_get_net_4(pkt, &age_add)
|| !PACKET_get_length_prefixed_1(pkt, &nonce)
|| (SSL_IS_TLS13(s)
&& (!PACKET_get_net_4(pkt, &age_add)
|| !PACKET_get_length_prefixed_1(pkt, &nonce)
- || PACKET_remaining(&nonce) == 0
|| !PACKET_memdup(&nonce, &s->session->ext.tick_nonce,
&s->session->ext.tick_nonce_len)))
|| !PACKET_get_net_2(pkt, &ticklen)
|| !PACKET_memdup(&nonce, &s->session->ext.tick_nonce,
&s->session->ext.tick_nonce_len)))
|| !PACKET_get_net_2(pkt, &ticklen)
@@
-2456,6
+2462,12
@@
MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
* We reused an existing session, so we need to replace it with a new
* one
*/
* We reused an existing session, so we need to replace it with a new
* one
*/
+ if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
+ goto f_err;
+ }
+
if (i & SSL_SESS_CACHE_CLIENT) {
/*
* Remove the old session from the cache. We carry on if this fails
if (i & SSL_SESS_CACHE_CLIENT) {
/*
* Remove the old session from the cache. We carry on if this fails
@@
-2463,12
+2475,6
@@
MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
SSL_CTX_remove_session(s->session_ctx, s->session);
}
SSL_CTX_remove_session(s->session_ctx, s->session);
}
- if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
- goto f_err;
- }
-
SSL_SESSION_free(s->session);
s->session = new_sess;
}
SSL_SESSION_free(s->session);
s->session = new_sess;
}
@@
-2810,7
+2816,7
@@
static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt, int *al)
pms[0] = s->client_version >> 8;
pms[1] = s->client_version & 0xff;
/* TODO(size_t): Convert this function */
pms[0] = s->client_version >> 8;
pms[1] = s->client_version & 0xff;
/* TODO(size_t): Convert this function */
- if (
RAND_bytes(
pms + 2, (int)(pmslen - 2)) <= 0) {
+ if (
ssl_randbytes(s,
pms + 2, (int)(pmslen - 2)) <= 0) {
goto err;
}
goto err;
}
@@
-3000,7
+3006,7
@@
static int tls_construct_cke_gost(SSL *s, WPACKET *pkt, int *al)
/* Generate session key
* TODO(size_t): Convert this function
*/
/* Generate session key
* TODO(size_t): Convert this function
*/
- ||
RAND_bytes(
pms, (int)pmslen) <= 0) {
+ ||
ssl_randbytes(s,
pms, (int)pmslen) <= 0) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR);
goto err;
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR);
goto err;
@@
-3562,7
+3568,7
@@
int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt)
if (totlen != 0) {
if (empty_reneg_info_scsv) {
static SSL_CIPHER scsv = {
if (totlen != 0) {
if (empty_reneg_info_scsv) {
static SSL_CIPHER scsv = {
- 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
+ 0, NULL,
NULL,
SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) {
SSLerr(SSL_F_SSL_CIPHER_LIST_TO_BYTES, ERR_R_INTERNAL_ERROR);
};
if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) {
SSLerr(SSL_F_SSL_CIPHER_LIST_TO_BYTES, ERR_R_INTERNAL_ERROR);
@@
-3571,7
+3577,7
@@
int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt)
}
if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) {
static SSL_CIPHER scsv = {
}
if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) {
static SSL_CIPHER scsv = {
- 0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
+ 0, NULL,
NULL,
SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) {
SSLerr(SSL_F_SSL_CIPHER_LIST_TO_BYTES, ERR_R_INTERNAL_ERROR);
};
if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) {
SSLerr(SSL_F_SSL_CIPHER_LIST_TO_BYTES, ERR_R_INTERNAL_ERROR);