summaryrefslogtreecommitdiff
path: root/lib/libarch
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2018-09-05 16:48:12 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2018-09-05 16:48:12 +0000
commit13b376383228f743cb9a31f51e0c75152947e4e7 (patch)
treefc115adac88770aa844bbe6e23f6bce97ffd555f /lib/libarch
parent8ca9db63973f1218d0af0f2c1c536ae3e885d008 (diff)
Correctly clear the current cipher state, when changing cipher state.
When a renegotiation results in a change of cipher suite, the renegotation would fail if it switched from AEAD to non-AEAD or vice versa. This is due to the fact that the previous EVP_AEAD or EVP_CIPHER state remained, resulting in incorrect logic that caused MAC failures. Rename ssl_clear_cipher_ctx() to ssl_clear_cipher_state() and split it into separate read/write components, then call these functions from the appropriate places when a ChangeCipherSpec message is being processed. Also, remove the separate ssl_clear_hash_ctx() calls and fold these into the ssl_clear_cipher_{read,write}_state() functions. Issue reported by Bernard Spil, who also tested this diff. ok tb@
Diffstat (limited to 'lib/libarch')
0 files changed, 0 insertions, 0 deletions