X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Ftls13_enc.c;h=e7cc8afe87907e2c77a3af43a3a27ebb87b8d724;hp=08fbee59fa9eb1c124fe02e9ae5f781d2328d7c2;hb=6329ce8fd8af653fb8fdde6d3fc09bdb0ec94031;hpb=f929439f61e7e4cf40e06de56880758b5344f198 diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 08fbee59fa..e7cc8afe87 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -397,6 +397,7 @@ int tls13_change_cipher_state(SSL *s, int which) RECORD_LAYER_reset_read_sequence(&s->rlayer); } else { + s->statem.invalid_enc_write_ctx = 1; if (s->enc_write_ctx != NULL) { EVP_CIPHER_CTX_reset(s->enc_write_ctx); } else { @@ -406,7 +407,6 @@ int tls13_change_cipher_state(SSL *s, int which) SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE); goto err; } - EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, EVP_CTRL_SET_DRBG, 0, s->drbg); } ciph_ctx = s->enc_write_ctx; iv = s->write_iv; @@ -594,6 +594,12 @@ int tls13_change_cipher_state(SSL *s, int which) /* SSLfatal() already called */ goto err; } + + if (!ssl_log_secret(s, EXPORTER_SECRET_LABEL, s->exporter_master_secret, + hashlen)) { + /* SSLfatal() already called */ + goto err; + } } else if (label == client_application_traffic) memcpy(s->client_app_traffic_secret, secret, hashlen); @@ -609,6 +615,7 @@ int tls13_change_cipher_state(SSL *s, int which) goto err; } + s->statem.invalid_enc_write_ctx = 0; ret = 1; err: OPENSSL_cleanse(secret, sizeof(secret)); @@ -631,6 +638,7 @@ int tls13_update_key(SSL *s, int sending) insecret = s->client_app_traffic_secret; if (sending) { + s->statem.invalid_enc_write_ctx = 1; iv = s->write_iv; ciph_ctx = s->enc_write_ctx; RECORD_LAYER_reset_write_sequence(&s->rlayer); @@ -651,6 +659,7 @@ int tls13_update_key(SSL *s, int sending) memcpy(insecret, secret, hashlen); + s->statem.invalid_enc_write_ctx = 0; ret = 1; err: OPENSSL_cleanse(secret, sizeof(secret));