generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Don't crash when processing a zero-length, TLS >= 1.1 record.

Browse Source 
The previous CBC patch was bugged in that there was a path through enc()
in s3_pkt.c/d1_pkt.c which didn't set orig_len. orig_len would be left
at the previous value which could suggest that the packet was a
sufficient length when it wasn't.
(cherry picked from commit 6cb19b7681f600b2f165e4adc57547b097b475fd)
(cherry picked from commit 2c948c1bb218f4ae126e14fd3453d42c62b93235)

Conflicts:
	ssl/s3_enc.c
This commit is contained in:
Ben Laurie 2013-01-28 17:33:18 +00:00 committed by Dr. Stephen Henson
parent 2928cb4c82
commit b3a959a337
5 changed files with 25 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ssl/d1_enc.c
View File

@ -246,7 +246,6 @@ int dtls1_enc(SSL *s, int send)
} }
#endif /* KSSL_DEBUG */ #endif /* KSSL_DEBUG */
rec->orig_len = rec->length;
if ((bs != 1) && !send) if ((bs != 1) && !send)
return tls1_cbc_remove_padding(s, rec, bs, mac_size); return tls1_cbc_remove_padding(s, rec, bs, mac_size);
} }

1
ssl/d1_pkt.c
View File

@ -367,6 +367,7 @@ dtls1_process_record(SSL *s)
/* decrypt in place in 'rr->input' */ /* decrypt in place in 'rr->input' */
rr->data=rr->input; rr->data=rr->input;
rr->orig_len=rr->length;
enc_err = s->method->ssl3_enc->enc(s,0); enc_err = s->method->ssl3_enc->enc(s,0);
if (enc_err <= 0) if (enc_err <= 0)

10
ssl/s3_enc.c
View File

@ -433,6 +433,15 @@ void ssl3_cleanup_key_block(SSL *s)
s->s3->tmp.key_block_length=0; s->s3->tmp.key_block_length=0;
} }
/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
*
* Returns:
* 0: (in non-constant time) if the record is publically invalid (i.e. too
* short etc).
* 1: if the record's padding is valid / the encryption was successful.
* -1: if the record's padding is invalid or, if sending, an internal error
* occured.
*/
int ssl3_enc(SSL *s, int send) int ssl3_enc(SSL *s, int send)
{ {
SSL3_RECORD *rec; SSL3_RECORD *rec;
@ -503,6 +512,7 @@ int ssl3_enc(SSL *s, int send)
if (s->read_hash != NULL) if (s->read_hash != NULL)
mac_size = EVP_MD_size(s->read_hash); mac_size = EVP_MD_size(s->read_hash);
if ((bs != 1) && !send) if ((bs != 1) && !send)
return ssl3_cbc_remove_padding(s, rec, bs, mac_size); return ssl3_cbc_remove_padding(s, rec, bs, mac_size);
} }

5
ssl/s3_pkt.c
View File

@ -352,8 +352,13 @@ again:
/* decrypt in place in 'rr->input' */ /* decrypt in place in 'rr->input' */
rr->data=rr->input; rr->data=rr->input;
rr->orig_len=rr->length;
enc_err = s->method->ssl3_enc->enc(s,0); enc_err = s->method->ssl3_enc->enc(s,0);
/* enc_err is:
* 0: (in non-constant time) if the record is publically invalid.
* 1: if the padding is valid
* -1: if the padding is invalid */
if (enc_err == 0) if (enc_err == 0)
{ {
/* SSLerr() and ssl3_send_alert() have been called */ /* SSLerr() and ssl3_send_alert() have been called */

11
ssl/t1_enc.c
View File

@ -528,6 +528,15 @@ err:
return(0); return(0);
} }
/* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
*
* Returns:
* 0: (in non-constant time) if the record is publically invalid (i.e. too
* short etc).
* 1: if the record's padding is valid / the encryption was successful.
* -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
* an internal error occured.
*/
int tls1_enc(SSL *s, int send) int tls1_enc(SSL *s, int send)
{ {
SSL3_RECORD *rec; SSL3_RECORD *rec;
@ -628,8 +637,6 @@ int tls1_enc(SSL *s, int send)
} }
#endif /* KSSL_DEBUG */ #endif /* KSSL_DEBUG */
rec->orig_len = rec->length;
ret = 1; ret = 1;
if (s->read_hash != NULL) if (s->read_hash != NULL)
mac_size = EVP_MD_size(s->read_hash); mac_size = EVP_MD_size(s->read_hash);