projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b4f001e) | patch
Ensure that we write out alerts correctly after early_data
authorMatt Caswell <matt@openssl.org>
Tue, 7 Aug 2018 09:25:54 +0000 (10:25 +0100)
committerMatt Caswell <matt@openssl.org>
Wed, 8 Aug 2018 09:16:58 +0000 (10:16 +0100)
commit7426cd343d99d3d82e3fb06c8df18e5cc6bcec75
treea0dac1b700927151c1a81d04d1f8cb037fd8be10tree | snapshot
parentb4f001eb1a9e0bd0fda8f3c7dfbccb6422ad8c47commit | diff
Ensure that we write out alerts correctly after early_data

If we sent early_data and then received back an HRR, the enc_write_ctx
was stale resulting in errors if an alert needed to be sent.

Thanks to Quarkslab for reporting this.

In any case it makes little sense to encrypt alerts using the
client_early_traffic_secret, so we add special handling for alerts sent
after early_data. All such alerts are sent in plaintext.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6887)
ssl/record/rec_layer_s3.c diff | blob | history
ssl/record/ssl3_record_tls13.c diff | blob | history
ssl/s3_enc.c diff | blob | history
ssl/statem/statem.c diff | blob | history
ssl/statem/statem.h diff | blob | history
ssl/t1_enc.c diff | blob | history
ssl/tls13_enc.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.