Make sure we reset the read sequence when skipping records
[openssl.git] / ssl / record / ssl3_record_tls13.c
index 9dc7075cc2da0e663a88dc8e306d10cd4ffc6d27..87041df2c75a76ed90483a158bea27919a6a18f0 100644 (file)
@@ -7,6 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include <assert.h>
 #include "../ssl_locl.h"
 #include "record_locl.h"
 
@@ -29,7 +30,7 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send)
     unsigned char *seq;
     int lenu, lenf;
     SSL3_RECORD *rec = &recs[0];
-    uint32_t alg_enc = s->s3->tmp.new_cipher->algorithm_enc;
+    uint32_t alg_enc;
 
     if (n_recs != 1) {
         /* Should not happen */
@@ -52,8 +53,22 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send)
         rec->input = rec->data;
         return 1;
     }
+
     ivlen = EVP_CIPHER_CTX_iv_length(ctx);
 
+    if (s->early_data_state == SSL_EARLY_DATA_WRITING) {
+        alg_enc = s->session->cipher->algorithm_enc;
+    } else {
+        /*
+         * To get here we must have selected a ciphersuite - otherwise ctx would
+         * be NULL
+         */
+        assert(s->s3->tmp.new_cipher != NULL);
+        if (s->s3->tmp.new_cipher == NULL)
+            return -1;
+        alg_enc = s->s3->tmp.new_cipher->algorithm_enc;
+    }
+
     if (alg_enc & SSL_AESCCM) {
         if (alg_enc & (SSL_AES128CCM8 | SSL_AES256CCM8))
             taglen = EVP_CCM8_TLS_TAG_LEN;