s->ext.early_data_ok = 0;
if (!s->hit) {
- /* If a new session update it with the new ALPN value */
+ /*
+ * This is a new session and so alpn_selected should have
+ * been initialised to NULL. We should update it with the
+ * selected ALPN.
+ */
+ if (!ossl_assert(s->session->ext.alpn_selected == NULL)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_HANDLE_ALPN,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
s->session->ext.alpn_selected = OPENSSL_memdup(selected,
selected_len);
if (s->session->ext.alpn_selected == NULL) {
OPENSSL_free(s->pha_context);
s->pha_context_len = 32;
if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL
- || ssl_randbytes(s, s->pha_context, s->pha_context_len) <= 0
+ || RAND_bytes(s->pha_context, s->pha_context_len) <= 0
|| !WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
* fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1
*/
- if (ssl_randbytes(s, rand_premaster_secret,
+ if (RAND_bytes(rand_premaster_secret,
sizeof(rand_premaster_secret)) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
ERR_R_INTERNAL_ERROR);
EVP_PKEY *pkey;
i = ssl_verify_cert_chain(s, sk);
if (i <= 0) {
- SSLfatal(s, ssl_verify_alarm_type(s->verify_result),
+ SSLfatal(s, ssl_x509err2alert(s->verify_result),
SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
SSL_R_CERTIFICATE_VERIFY_FAILED);
goto err;
sk_X509_pop_free(s->session->peer_chain, X509_free);
s->session->peer_chain = sk;
- if (new_sess != NULL)
- ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
-
/*
* Freeze the handshake buffer. For <TLS1.3 we do this after the CKE
* message
} age_add_u;
if (SSL_IS_TLS13(s)) {
- if (ssl_randbytes(s, age_add_u.age_add_c, sizeof(age_add_u)) <= 0) {
+ if (!ssl_generate_session_id(s, s->session)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+ if (RAND_bytes(age_add_u.age_add_c, sizeof(age_add_u)) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
ERR_R_INTERNAL_ERROR);
SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
goto err;
}
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_DRBG, 0, s->drbg);
p = senc;
if (!i2d_SSL_SESSION(s->session, &p)) {
SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_INTERNAL_ERROR);
goto err;
}
- sess->session_id_length = 0; /* ID is irrelevant for the ticket */
slen = i2d_SSL_SESSION(sess, NULL);
if (slen == 0 || slen > slen_full) {
const EVP_CIPHER *cipher = EVP_aes_256_cbc();
iv_len = EVP_CIPHER_iv_length(cipher);
- if (ssl_randbytes(s, iv, iv_len) <= 0
+ if (RAND_bytes(iv, iv_len) <= 0
|| !EVP_EncryptInit_ex(ctx, cipher, NULL,
- tctx->ext.tick_aes_key, iv)
- || !HMAC_Init_ex(hctx, tctx->ext.tick_hmac_key,
- sizeof(tctx->ext.tick_hmac_key),
+ tctx->ext.secure->tick_aes_key, iv)
+ || !HMAC_Init_ex(hctx, tctx->ext.secure->tick_hmac_key,
+ sizeof(tctx->ext.secure->tick_hmac_key),
EVP_sha256(), NULL)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,