From d4ef4fbf46a51837a54e4a7cd0140eb9f08fdf30 Mon Sep 17 00:00:00 2001 From: Bernd Edlinger Date: Fri, 16 Mar 2018 13:29:51 +0100 Subject: [PATCH] Fix a crash in SSLfatal due to invalid enc_write_ctx Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/5645) --- ssl/s3_enc.c | 2 ++ ssl/statem/statem.c | 2 +- ssl/statem/statem.h | 1 + ssl/t1_enc.c | 2 ++ ssl/tls13_enc.c | 4 ++++ 5 files changed, 10 insertions(+), 1 deletion(-) diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index f775f26b3d..966d498e61 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -155,6 +155,7 @@ int ssl3_change_cipher_state(SSL *s, int which) RECORD_LAYER_reset_read_sequence(&s->rlayer); mac_secret = &(s->s3->read_mac_secret[0]); } else { + s->statem.invalid_enc_write_ctx = 1; if (s->enc_write_ctx != NULL) { reuse_dd = 1; } else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) { @@ -238,6 +239,7 @@ int ssl3_change_cipher_state(SSL *s, int which) goto err; } + s->statem.invalid_enc_write_ctx = 0; OPENSSL_cleanse(exp_key, sizeof(exp_key)); OPENSSL_cleanse(exp_iv, sizeof(exp_iv)); return 1; diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index a574853487..1f221e7542 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -123,7 +123,7 @@ void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file, s->statem.in_init = 1; s->statem.state = MSG_FLOW_ERROR; ERR_put_error(ERR_LIB_SSL, func, reason, file, line); - if (al != SSL_AD_NO_ALERT) + if (al != SSL_AD_NO_ALERT && !s->statem.invalid_enc_write_ctx) ssl3_send_alert(s, SSL3_AL_FATAL, al); } diff --git a/ssl/statem/statem.h b/ssl/statem/statem.h index 193571878a..95dd881208 100644 --- a/ssl/statem/statem.h +++ b/ssl/statem/statem.h @@ -100,6 +100,7 @@ struct ossl_statem_st { /* Should we skip the CertificateVerify message? */ unsigned int no_cert_verify; int use_timer; + int invalid_enc_write_ctx; }; typedef struct ossl_statem_st OSSL_STATEM; diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index bd7ff50c21..a138b60633 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -154,6 +154,7 @@ int tls1_change_cipher_state(SSL *s, int which) mac_secret = &(s->s3->read_mac_secret[0]); mac_secret_size = &(s->s3->read_mac_secret_size); } else { + s->statem.invalid_enc_write_ctx = 1; if (s->ext.use_etm) s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE; else @@ -316,6 +317,7 @@ int tls1_change_cipher_state(SSL *s, int which) ERR_R_INTERNAL_ERROR); goto err; } + s->statem.invalid_enc_write_ctx = 0; #ifdef SSL_DEBUG printf("which = %04X\nkey=", which); diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 08fbee59fa..7f4395843a 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -397,6 +397,7 @@ int tls13_change_cipher_state(SSL *s, int which) RECORD_LAYER_reset_read_sequence(&s->rlayer); } else { + s->statem.invalid_enc_write_ctx = 1; if (s->enc_write_ctx != NULL) { EVP_CIPHER_CTX_reset(s->enc_write_ctx); } else { @@ -609,6 +610,7 @@ int tls13_change_cipher_state(SSL *s, int which) goto err; } + s->statem.invalid_enc_write_ctx = 0; ret = 1; err: OPENSSL_cleanse(secret, sizeof(secret)); @@ -631,6 +633,7 @@ int tls13_update_key(SSL *s, int sending) insecret = s->client_app_traffic_secret; if (sending) { + s->statem.invalid_enc_write_ctx = 1; iv = s->write_iv; ciph_ctx = s->enc_write_ctx; RECORD_LAYER_reset_write_sequence(&s->rlayer); @@ -651,6 +654,7 @@ int tls13_update_key(SSL *s, int sending) memcpy(insecret, secret, hashlen); + s->statem.invalid_enc_write_ctx = 0; ret = 1; err: OPENSSL_cleanse(secret, sizeof(secret)); -- GitLab