[openssl-dev] [openssl.org #607]: Openssl v1.0.2e: t1_lib.c: Check for incorrect return value leading to SSL negotiation failure

Mon, 01 Feb 2016 17:23:49 -0800 

Hello,

I upgraded from OpenSSL version v1.0.2 to v1.0.2e and started observing issues 
in SSL negotiations randomly.
I observed that as part of v1.0.2e, while processing CLIENT_HELLO message in 
t1_lib.c, extra checks for checking return value of HMAC_Update() have been 
added while decrypting the  ticket IE.
Following is the code flow:
ssl3_get_client_hello()
    |-ssl_get_prev_session
      |-tls1_process_ticket
        |-tls_decrypt_ticket
          |-HMAC_Update   --------> Check for this function to return a value 
has been added as part of OpenSSL v1.0.2e.
            |-EVP_DigestUpdate
              |-ctx->update(ctx, data, count)

The update function in EVP_MD_CTX has a return type void.

Thus, HMAC_Update function end up checking for random values. When the value is 
greater than 0, SSL negotiations are successful but for other values, the 
failure is percolated to the calling functions which typically lead to 
ssl3_accept() failures in my case.

Following is the reference  to the issue in GitHub: 
https://github.com/openssl/openssl/issues/607

As part of the fix, I suggest removing the check for checking the return type 
of HMAC_Update function in tls_decrypt_ticket().

Please find attached patch for the same.

Thanks and regards
Neha Chatrath


DISCLAIMER:
Privileged and/or Confidential information may be contained in this
message. If you are not the addressee of this message, you may not
copy, use or deliver this message to anyone. In such event, you
should destroy the message and kindly notify the sender by reply
e-mail. It is understood that opinions or conclusions that do not
relate to the official business of the company are neither given
nor endorsed by the company.
Thank You.


diff -ur openssl-1.0.2f/ssl/t1_lib.c openssl-1.0.2f_work/ssl/t1_lib.c
--- openssl-1.0.2f/ssl/t1_lib.c 2016-01-28 08:56:08.000000000 -0500
+++ openssl-1.0.2f_work/ssl/t1_lib.c    2016-02-01 19:58:57.000000000 -0500
@@ -3401,8 +3401,8 @@
     }
     eticklen -= mlen;
     /* Check HMAC of encrypted ticket */
-    if (HMAC_Update(&hctx, etick, eticklen) <= 0
-            || HMAC_Final(&hctx, tick_hmac, NULL) <= 0) {
+    HMAC_Update(&hctx, etick, eticklen);
+    if (HMAC_Final(&hctx, tick_hmac, NULL) <= 0) {
         goto err;
     }
     HMAC_CTX_cleanup(&hctx);

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to