42 lines
1.6 KiB
Diff
42 lines
1.6 KiB
Diff
From dea4e33a92a8c6a49bfabda4e78afa3d0e2e0d61 Mon Sep 17 00:00:00 2001
|
|
From: raja-ashok <rashok.svks@gmail.com>
|
|
Date: Fri, 8 May 2020 19:17:21 +0530
|
|
Subject: [PATCH 052/217] Fix crash in early data send with out-of-band PSK
|
|
using AES CCM
|
|
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
|
|
(Merged from https://github.com/openssl/openssl/pull/11809)
|
|
---
|
|
ssl/tls13_enc.c | 11 +++++++++--
|
|
1 file changed, 9 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
|
|
index 86754dc..b8fb07f 100644
|
|
--- a/ssl/tls13_enc.c
|
|
+++ b/ssl/tls13_enc.c
|
|
@@ -390,11 +390,18 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md,
|
|
uint32_t algenc;
|
|
|
|
ivlen = EVP_CCM_TLS_IV_LEN;
|
|
- if (s->s3->tmp.new_cipher == NULL) {
|
|
+ if (s->s3->tmp.new_cipher != NULL) {
|
|
+ algenc = s->s3->tmp.new_cipher->algorithm_enc;
|
|
+ } else if (s->session->cipher != NULL) {
|
|
/* We've not selected a cipher yet - we must be doing early data */
|
|
algenc = s->session->cipher->algorithm_enc;
|
|
+ } else if (s->psksession != NULL && s->psksession->cipher != NULL) {
|
|
+ /* We must be doing early data with out-of-band PSK */
|
|
+ algenc = s->psksession->cipher->algorithm_enc;
|
|
} else {
|
|
- algenc = s->s3->tmp.new_cipher->algorithm_enc;
|
|
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV,
|
|
+ ERR_R_EVP_LIB);
|
|
+ goto err;
|
|
}
|
|
if (algenc & (SSL_AES128CCM8 | SSL_AES256CCM8))
|
|
taglen = EVP_CCM8_TLS_TAG_LEN;
|
|
--
|
|
1.8.3.1
|
|
|