Google Git
Sign in
flutter/third_party/openssl/93cab6b319e354517841ae202fb884f7e45bb48e^!/.
commit
93cab6b319e354517841ae202fb884f7e45bb48e
[log]
author
Ben Laurie <ben@links.org>
Mon Jan 28 17:33:18 2013 +0000
committer
Dr. Stephen Henson <steve@openssl.org>
Wed Feb 06 14:19:07 2013 +0000
tree
c2a3e6bf4e09aab8adc8b9af4a16e055bb7463a0
parent
2acc020b770920657a169bf6be4ff12b254255e6 [diff]
Don't crash when processing a zero-length, TLS >= 1.1 record.

The previous CBC patch was bugged in that there was a path through enc()
in s3_pkt.c/d1_pkt.c which didn't set orig_len. orig_len would be left
at the previous value which could suggest that the packet was a
sufficient length when it wasn't.
(cherry picked from commit 6cb19b7681f600b2f165e4adc57547b097b475fd)

diff --git a/ssl/d1_enc.c b/ssl/d1_enc.c
index c13b495..da42348 100644
--- a/ssl/d1_enc.c
+++ b/ssl/d1_enc.c

@@ -245,7 +245,6 @@
                 }
 #endif	/* KSSL_DEBUG */
 
-		rec->orig_len = rec->length;
 		if ((bs != 1) && !send)
 			return tls1_cbc_remove_padding(s, rec, bs, mac_size);
 		}

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 5e2c56c..4763d5c 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c

@@ -414,6 +414,7 @@
 
 	/* decrypt in place in 'rr->input' */
 	rr->data=rr->input;
+	rr->orig_len=rr->length;
 
 	enc_err = s->method->ssl3_enc->enc(s,0);
 	if (enc_err <= 0)

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 13ebfc6..98f3894 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c

@@ -487,6 +487,15 @@
 	s->s3->tmp.key_block_length=0;
 	}
 
+/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
+ *
+ * Returns:
+ *   0: (in non-constant time) if the record is publically invalid (i.e. too
+ *       short etc).
+ *   1: if the record's padding is valid / the encryption was successful.
+ *   -1: if the record's padding is invalid or, if sending, an internal error
+ *       occured.
+ */
 int ssl3_enc(SSL *s, int send)
 	{
 	SSL3_RECORD *rec;
@@ -553,8 +562,6 @@
 		
 		EVP_Cipher(ds,rec->data,rec->input,l);
 
-		rec->orig_len = rec->length;
-
 		if (EVP_MD_CTX_md(s->read_hash) != NULL)
 			mac_size = EVP_MD_CTX_size(s->read_hash);
 		if ((bs != 1) && !send)

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index b2e5dc1..3e60f50 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c

@@ -401,8 +401,13 @@
 
 	/* decrypt in place in 'rr->input' */
 	rr->data=rr->input;
+	rr->orig_len=rr->length;
 
 	enc_err = s->method->ssl3_enc->enc(s,0);
+	/* enc_err is:
+	 *    0: (in non-constant time) if the record is publically invalid.
+	 *    1: if the padding is valid
+	 *    -1: if the padding is invalid */
 	if (enc_err == 0)
 		{
 		/* SSLerr() and ssl3_send_alert() have been called */

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 8153b2c..4b31742 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c

@@ -691,6 +691,15 @@
 	return(ret);
 	}
 
+/* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
+ *
+ * Returns:
+ *   0: (in non-constant time) if the record is publically invalid (i.e. too
+ *       short etc).
+ *   1: if the record's padding is valid / the encryption was successful.
+ *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
+ *       an internal error occured.
+ */
 int tls1_enc(SSL *s, int send)
 	{
 	SSL3_RECORD *rec;
@@ -841,8 +850,6 @@
 			{
 			if (l == 0 || l%bs != 0)
 				{
-				if (s->version >= TLS1_1_VERSION)
-					return -1;
 				SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
 				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
 				return 0;
@@ -870,8 +877,6 @@
 		}
 #endif	/* KSSL_DEBUG */
 
-		rec->orig_len = rec->length;
-
 		ret = 1;
 		if (EVP_MD_CTX_md(s->read_hash) != NULL)
 			mac_size = EVP_MD_CTX_size(s->read_hash);