Move handling of cipher/hash based cipher suites into the new record layer.

ok tb@

1 files changed, 7 insertions, 10 deletions

diff --git a/lib/libssl/d1_both.c b/lib/libssl/d1_both.c
index 06a8585e10f..f4c1cb95b09 100644
--- a/lib/libssl/d1_both.c
+++ b/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_both.c,v 1.67 2021/02/20 14:14:16 tb Exp $ */
+/* $OpenBSD: d1_both.c,v 1.68 2021/02/27 14:20:50 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -201,12 +201,6 @@ dtls1_hm_fragment_free(hm_fragment *frag)
 	if (frag == NULL)
 		return;
 
-	if (frag->msg_header.is_ccs) {
-		EVP_CIPHER_CTX_free(
-		    frag->msg_header.saved_retransmit_state.enc_write_ctx);
-		EVP_MD_CTX_free(
-		    frag->msg_header.saved_retransmit_state.write_hash);
-	}
 	free(frag->fragment);
 	free(frag->reassembly);
 	free(frag);
@@ -977,8 +971,6 @@ dtls1_buffer_message(SSL *s, int is_ccs)
 	frag->msg_header.is_ccs = is_ccs;
 
 	/* save current state*/
-	frag->msg_header.saved_retransmit_state.enc_write_ctx = s->internal->enc_write_ctx;
-	frag->msg_header.saved_retransmit_state.write_hash = s->internal->write_hash;
 	frag->msg_header.saved_retransmit_state.session = s->session;
 	frag->msg_header.saved_retransmit_state.epoch = D1I(s)->w_epoch;
 
@@ -1078,11 +1070,16 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
 void
 dtls1_clear_record_buffer(SSL *s)
 {
+	hm_fragment *frag;
 	pitem *item;
 
 	for(item = pqueue_pop(s->d1->sent_messages); item != NULL;
 	    item = pqueue_pop(s->d1->sent_messages)) {
-		dtls1_hm_fragment_free((hm_fragment *)item->data);
+		frag = item->data;
+		if (frag->msg_header.is_ccs)
+			tls12_record_layer_write_epoch_done(s->internal->rl,
+			    frag->msg_header.saved_retransmit_state.epoch);
+		dtls1_hm_fragment_free(frag);
 		pitem_free(item);
 	}
 }