2
0
mirror of https://github.com/openssl/openssl.git synced 2025-02-23 14:42:15 +08:00

Fix a crash in SSLfatal due to invalid enc_write_ctx

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5645)
This commit is contained in:
Bernd Edlinger 2018-03-16 13:29:51 +01:00
parent df6d51e2e4
commit d4ef4fbf46
5 changed files with 10 additions and 1 deletions

View File

@ -155,6 +155,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
RECORD_LAYER_reset_read_sequence(&s->rlayer); RECORD_LAYER_reset_read_sequence(&s->rlayer);
mac_secret = &(s->s3->read_mac_secret[0]); mac_secret = &(s->s3->read_mac_secret[0]);
} else { } else {
s->statem.invalid_enc_write_ctx = 1;
if (s->enc_write_ctx != NULL) { if (s->enc_write_ctx != NULL) {
reuse_dd = 1; reuse_dd = 1;
} else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) { } else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) {
@ -238,6 +239,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
goto err; goto err;
} }
s->statem.invalid_enc_write_ctx = 0;
OPENSSL_cleanse(exp_key, sizeof(exp_key)); OPENSSL_cleanse(exp_key, sizeof(exp_key));
OPENSSL_cleanse(exp_iv, sizeof(exp_iv)); OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
return 1; return 1;

View File

@ -123,7 +123,7 @@ void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file,
s->statem.in_init = 1; s->statem.in_init = 1;
s->statem.state = MSG_FLOW_ERROR; s->statem.state = MSG_FLOW_ERROR;
ERR_put_error(ERR_LIB_SSL, func, reason, file, line); ERR_put_error(ERR_LIB_SSL, func, reason, file, line);
if (al != SSL_AD_NO_ALERT) if (al != SSL_AD_NO_ALERT && !s->statem.invalid_enc_write_ctx)
ssl3_send_alert(s, SSL3_AL_FATAL, al); ssl3_send_alert(s, SSL3_AL_FATAL, al);
} }

View File

@ -100,6 +100,7 @@ struct ossl_statem_st {
/* Should we skip the CertificateVerify message? */ /* Should we skip the CertificateVerify message? */
unsigned int no_cert_verify; unsigned int no_cert_verify;
int use_timer; int use_timer;
int invalid_enc_write_ctx;
}; };
typedef struct ossl_statem_st OSSL_STATEM; typedef struct ossl_statem_st OSSL_STATEM;

View File

@ -154,6 +154,7 @@ int tls1_change_cipher_state(SSL *s, int which)
mac_secret = &(s->s3->read_mac_secret[0]); mac_secret = &(s->s3->read_mac_secret[0]);
mac_secret_size = &(s->s3->read_mac_secret_size); mac_secret_size = &(s->s3->read_mac_secret_size);
} else { } else {
s->statem.invalid_enc_write_ctx = 1;
if (s->ext.use_etm) if (s->ext.use_etm)
s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE; s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE;
else else
@ -316,6 +317,7 @@ int tls1_change_cipher_state(SSL *s, int which)
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
goto err; goto err;
} }
s->statem.invalid_enc_write_ctx = 0;
#ifdef SSL_DEBUG #ifdef SSL_DEBUG
printf("which = %04X\nkey=", which); printf("which = %04X\nkey=", which);

View File

@ -397,6 +397,7 @@ int tls13_change_cipher_state(SSL *s, int which)
RECORD_LAYER_reset_read_sequence(&s->rlayer); RECORD_LAYER_reset_read_sequence(&s->rlayer);
} else { } else {
s->statem.invalid_enc_write_ctx = 1;
if (s->enc_write_ctx != NULL) { if (s->enc_write_ctx != NULL) {
EVP_CIPHER_CTX_reset(s->enc_write_ctx); EVP_CIPHER_CTX_reset(s->enc_write_ctx);
} else { } else {
@ -609,6 +610,7 @@ int tls13_change_cipher_state(SSL *s, int which)
goto err; goto err;
} }
s->statem.invalid_enc_write_ctx = 0;
ret = 1; ret = 1;
err: err:
OPENSSL_cleanse(secret, sizeof(secret)); OPENSSL_cleanse(secret, sizeof(secret));
@ -631,6 +633,7 @@ int tls13_update_key(SSL *s, int sending)
insecret = s->client_app_traffic_secret; insecret = s->client_app_traffic_secret;
if (sending) { if (sending) {
s->statem.invalid_enc_write_ctx = 1;
iv = s->write_iv; iv = s->write_iv;
ciph_ctx = s->enc_write_ctx; ciph_ctx = s->enc_write_ctx;
RECORD_LAYER_reset_write_sequence(&s->rlayer); RECORD_LAYER_reset_write_sequence(&s->rlayer);
@ -651,6 +654,7 @@ int tls13_update_key(SSL *s, int sending)
memcpy(insecret, secret, hashlen); memcpy(insecret, secret, hashlen);
s->statem.invalid_enc_write_ctx = 0;
ret = 1; ret = 1;
err: err:
OPENSSL_cleanse(secret, sizeof(secret)); OPENSSL_cleanse(secret, sizeof(secret));