[openssl-dev] [openssl.org #4329] OpenSSL 1.1.0 pre3: internal error in tls_post_process_client_key_exchange during reneg
Rainer Jung via RT
rt at openssl.org
Sun Feb 21 13:55:35 UTC 2016
Running the Apache test suite for Apache 2.4 with OpenSSL 1.1.0
adjustments, I get
error:14180044:SSL
routines:tls_post_process_client_key_exchange:internal error
The error is triggered in tls_post_process_client_key_exchange() file
ssl/statem/statem_srvr.c which checks s->s3->handshake_buffer against NULL:
2631 if (!s->s3->handshake_buffer) {
2632 SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE,
2633 ERR_R_INTERNAL_ERROR);
2634 ossl_statem_set_error(s);
2635 return WORK_ERROR;
2636 }
Running the test, the handshake_buffer gets set in
ssl3_init_finished_mac(), then cleared in
tls_post_process_client_hello() which calls ssl3_digest_cached_records()
with "keep" equals 0. This resets the handshake_buffer to NULL.
Then later tls1_generate_master_secret() again calls
ssl3_digest_cached_records() with keep set to 1 (but the
handshake_buffer is already NULL and stays like that) and finally
tls_post_process_client_key_exchange() throws the error because the
handshake_buffer is NULL.
The message sequence was:
server Loop: SSLv3/TLS write hello request
client Loop: SSLv3/TLS write client hello
server Loop: SSLv3/TLS read client hello
server Loop: SSLv3/TLS write server hello
server Loop: SSLv3/TLS write certificate
server Loop: SSLv3/TLS write key exchange
server Loop: SSLv3/TLS write server done
client Loop: SSLv3/TLS write client hello
client Loop: SSLv3/TLS read server hello
client Loop: SSLv3/TLS read server certificate
client Loop: SSLv3/TLS read server key exchange
client Loop: SSLv3/TLS read server done
client Loop: SSLv3/TLS write client certificate
client Loop: SSLv3/TLS write client key exchange
client Loop: SSLv3/TLS write certificate verify
client Loop: SSLv3/TLS write change cipher spec
client Loop: SSLv3/TLS write finished
server Loop: SSLv3/TLS write server done
server Loop: SSLv3/TLS read client certificate
server error:14180044:SSL
routines:tls_post_process_client_key_exchange:internal error
Regards,
Rainer
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4329
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list