提交 93cab6b3 编写于 作者: B Ben Laurie 提交者: Dr. Stephen Henson

Don't crash when processing a zero-length, TLS >= 1.1 record.

The previous CBC patch was bugged in that there was a path through enc()
in s3_pkt.c/d1_pkt.c which didn't set orig_len. orig_len would be left
at the previous value which could suggest that the packet was a
sufficient length when it wasn't.
(cherry picked from commit 6cb19b7681f600b2f165e4adc57547b097b475fd)
上级 2acc020b
......@@ -245,7 +245,6 @@ int dtls1_enc(SSL *s, int send)
}
#endif /* KSSL_DEBUG */
rec->orig_len = rec->length;
if ((bs != 1) && !send)
return tls1_cbc_remove_padding(s, rec, bs, mac_size);
}
......
......@@ -414,6 +414,7 @@ dtls1_process_record(SSL *s)
/* decrypt in place in 'rr->input' */
rr->data=rr->input;
rr->orig_len=rr->length;
enc_err = s->method->ssl3_enc->enc(s,0);
if (enc_err <= 0)
......
......@@ -487,6 +487,15 @@ void ssl3_cleanup_key_block(SSL *s)
s->s3->tmp.key_block_length=0;
}
/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
*
* Returns:
* 0: (in non-constant time) if the record is publically invalid (i.e. too
* short etc).
* 1: if the record's padding is valid / the encryption was successful.
* -1: if the record's padding is invalid or, if sending, an internal error
* occured.
*/
int ssl3_enc(SSL *s, int send)
{
SSL3_RECORD *rec;
......@@ -553,8 +562,6 @@ int ssl3_enc(SSL *s, int send)
EVP_Cipher(ds,rec->data,rec->input,l);
rec->orig_len = rec->length;
if (EVP_MD_CTX_md(s->read_hash) != NULL)
mac_size = EVP_MD_CTX_size(s->read_hash);
if ((bs != 1) && !send)
......
......@@ -401,8 +401,13 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
/* decrypt in place in 'rr->input' */
rr->data=rr->input;
rr->orig_len=rr->length;
enc_err = s->method->ssl3_enc->enc(s,0);
/* enc_err is:
* 0: (in non-constant time) if the record is publically invalid.
* 1: if the padding is valid
* -1: if the padding is invalid */
if (enc_err == 0)
{
/* SSLerr() and ssl3_send_alert() have been called */
......
......@@ -691,6 +691,15 @@ err:
return(ret);
}
/* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
*
* Returns:
* 0: (in non-constant time) if the record is publically invalid (i.e. too
* short etc).
* 1: if the record's padding is valid / the encryption was successful.
* -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
* an internal error occured.
*/
int tls1_enc(SSL *s, int send)
{
SSL3_RECORD *rec;
......@@ -841,8 +850,6 @@ int tls1_enc(SSL *s, int send)
{
if (l == 0 || l%bs != 0)
{
if (s->version >= TLS1_1_VERSION)
return -1;
SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
return 0;
......@@ -870,8 +877,6 @@ int tls1_enc(SSL *s, int send)
}
#endif /* KSSL_DEBUG */
rec->orig_len = rec->length;
ret = 1;
if (EVP_MD_CTX_md(s->read_hash) != NULL)
mac_size = EVP_MD_CTX_size(s->read_hash);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册