Commit 80b6d975 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Fix DTLS retransmission from previous session. 

For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
(cherry picked from commit 34628967)
parent ff64ab32

ssl/d1_both.c

+6 −0
Original line number Diff line number Diff line
@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly) 
static void

dtls1_hm_fragment_free(hm_fragment *frag)

	{



	if (frag->msg_header.is_ccs)

		{

		EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);

		EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);

		}

	if (frag->fragment) OPENSSL_free(frag->fragment);

	if (frag->reassembly) OPENSSL_free(frag->reassembly);

	OPENSSL_free(frag);

ssl/t1_enc.c

+11 −6
Original line number Diff line number Diff line
@@ -414,14 +414,19 @@ int tls1_change_cipher_state(SSL *s, int which) 
			s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;

			else

			s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;

		if (s->enc_write_ctx != NULL)

		if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))

			reuse_dd = 1;

		else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)

		else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL)

			goto err;

		else

			/* make sure it's intialized in case we exit later with an error */

			EVP_CIPHER_CTX_init(s->enc_write_ctx);

		dd= s->enc_write_ctx;

		if (SSL_IS_DTLS(s))

			{

			mac_ctx = EVP_MD_CTX_create();

			if (!mac_ctx)

				goto err;

			s->write_hash = mac_ctx;

			}

		else

			mac_ctx = ssl_replace_hash(&s->write_hash,NULL);

#ifndef OPENSSL_NO_COMP

		if (s->compress != NULL)