Commit d4ef4fbf authored by Bernd Edlinger's avatar Bernd Edlinger
Browse files

Fix a crash in SSLfatal due to invalid enc_write_ctx 



Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5645)
parent df6d51e2

ssl/s3_enc.c

+2 −0
Original line number Diff line number Diff line
@@ -155,6 +155,7 @@ int ssl3_change_cipher_state(SSL *s, int which) 
        RECORD_LAYER_reset_read_sequence(&s->rlayer);

        mac_secret = &(s->s3->read_mac_secret[0]);

    } else {

        s->statem.invalid_enc_write_ctx = 1;

        if (s->enc_write_ctx != NULL) {

            reuse_dd = 1;

        } else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) {
@@ -238,6 +239,7 @@ int ssl3_change_cipher_state(SSL *s, int which) 
        goto err;

    }



    s->statem.invalid_enc_write_ctx = 0;

    OPENSSL_cleanse(exp_key, sizeof(exp_key));

    OPENSSL_cleanse(exp_iv, sizeof(exp_iv));

    return 1;

ssl/statem/statem.c

+1 −1
Original line number Diff line number Diff line
@@ -123,7 +123,7 @@ void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file, 
    s->statem.in_init = 1;

    s->statem.state = MSG_FLOW_ERROR;

    ERR_put_error(ERR_LIB_SSL, func, reason, file, line);

    if (al != SSL_AD_NO_ALERT)

    if (al != SSL_AD_NO_ALERT && !s->statem.invalid_enc_write_ctx)

        ssl3_send_alert(s, SSL3_AL_FATAL, al);

}

ssl/statem/statem.h

+1 −0
Original line number Diff line number Diff line
@@ -100,6 +100,7 @@ struct ossl_statem_st { 
    /* Should we skip the CertificateVerify message? */

    unsigned int no_cert_verify;

    int use_timer;

    int invalid_enc_write_ctx;

};

typedef struct ossl_statem_st OSSL_STATEM;

ssl/t1_enc.c

+2 −0
Original line number Diff line number Diff line
@@ -154,6 +154,7 @@ int tls1_change_cipher_state(SSL *s, int which) 
        mac_secret = &(s->s3->read_mac_secret[0]);

        mac_secret_size = &(s->s3->read_mac_secret_size);

    } else {

        s->statem.invalid_enc_write_ctx = 1;

        if (s->ext.use_etm)

            s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE;

        else
@@ -316,6 +317,7 @@ int tls1_change_cipher_state(SSL *s, int which) 
                 ERR_R_INTERNAL_ERROR);

        goto err;

    }

    s->statem.invalid_enc_write_ctx = 0;



#ifdef SSL_DEBUG

    printf("which = %04X\nkey=", which);

ssl/tls13_enc.c

+4 −0
Original line number Diff line number Diff line
@@ -397,6 +397,7 @@ int tls13_change_cipher_state(SSL *s, int which) 


        RECORD_LAYER_reset_read_sequence(&s->rlayer);

    } else {

        s->statem.invalid_enc_write_ctx = 1;

        if (s->enc_write_ctx != NULL) {

            EVP_CIPHER_CTX_reset(s->enc_write_ctx);

        } else {
@@ -609,6 +610,7 @@ int tls13_change_cipher_state(SSL *s, int which) 
        goto err;

    }



    s->statem.invalid_enc_write_ctx = 0;

    ret = 1;

 err:

    OPENSSL_cleanse(secret, sizeof(secret));
@@ -631,6 +633,7 @@ int tls13_update_key(SSL *s, int sending) 
        insecret = s->client_app_traffic_secret;



    if (sending) {

        s->statem.invalid_enc_write_ctx = 1;

        iv = s->write_iv;

        ciph_ctx = s->enc_write_ctx;

        RECORD_LAYER_reset_write_sequence(&s->rlayer);
@@ -651,6 +654,7 @@ int tls13_update_key(SSL *s, int sending) 


    memcpy(insecret, secret, hashlen);



    s->statem.invalid_enc_write_ctx = 0;

    ret = 1;

 err:

    OPENSSL_cleanse(secret, sizeof(secret));