Skip to content

Commit

Permalink
Fix DTLS retransmission from previous session.
Browse files Browse the repository at this point in the history
For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
  • Loading branch information
snhenson committed Dec 20, 2013
1 parent a6c62f0 commit 3462896
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 6 deletions.
5 changes: 5 additions & 0 deletions CHANGES
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,11 @@

Changes between 1.0.1e and 1.0.1f [xx XXX xxxx]

*) Keep original DTLS digest and encryption contexts in retransmission
structures so we can use the previous session parameters if they need
to be resent. (CVE-2013-6450)
[Steve Henson]

*) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
avoids preferring ECDHE-ECDSA ciphers when the client appears to be
Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for
Expand Down
6 changes: 6 additions & 0 deletions ssl/d1_both.c
Original file line number Diff line number Diff line change
Expand Up @@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
static void
dtls1_hm_fragment_free(hm_fragment *frag)
{

if (frag->msg_header.is_ccs)
{
EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
}
if (frag->fragment) OPENSSL_free(frag->fragment);
if (frag->reassembly) OPENSSL_free(frag->reassembly);
OPENSSL_free(frag);
Expand Down
2 changes: 2 additions & 0 deletions ssl/ssl_locl.h
Original file line number Diff line number Diff line change
Expand Up @@ -621,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data;
extern SSL3_ENC_METHOD SSLv3_enc_data;
extern SSL3_ENC_METHOD DTLSv1_enc_data;

#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)

#define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
s_get_meth) \
const SSL_METHOD *func_name(void) \
Expand Down
17 changes: 11 additions & 6 deletions ssl/t1_enc.c
Original file line number Diff line number Diff line change
Expand Up @@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int which)
s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
else
s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
if (s->enc_write_ctx != NULL)
if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
reuse_dd = 1;
else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL)
goto err;
else
/* make sure it's intialized in case we exit later with an error */
EVP_CIPHER_CTX_init(s->enc_write_ctx);
dd= s->enc_write_ctx;
mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
if (SSL_IS_DTLS(s))
{
mac_ctx = EVP_MD_CTX_create();
if (!mac_ctx)
goto err;
s->write_hash = mac_ctx;
}
else
mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
#ifndef OPENSSL_NO_COMP
if (s->compress != NULL)
{
Expand Down

0 comments on commit 3462896

Please sign in to comment.