[openssl-dev] [openssl.org #4329] OpenSSL 1.1.0 pre3: internal error in tls_post_process_client_key_exchange during reneg

Rainer Jung via RT rt at openssl.org
Sun Feb 21 13:55:35 UTC 2016 

Running the Apache test suite for Apache 2.4 with OpenSSL 1.1.0 
adjustments, I get

error:14180044:SSL 
routines:tls_post_process_client_key_exchange:internal error

The error is triggered in tls_post_process_client_key_exchange() file 
ssl/statem/statem_srvr.c which checks s->s3->handshake_buffer against NULL:

    2631         if (!s->s3->handshake_buffer) {
    2632             SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE,
    2633                    ERR_R_INTERNAL_ERROR);
    2634             ossl_statem_set_error(s);
    2635             return WORK_ERROR;
    2636         }

Running the test, the handshake_buffer gets set in 
ssl3_init_finished_mac(), then cleared in 
tls_post_process_client_hello() which calls ssl3_digest_cached_records() 
with "keep" equals 0. This resets the handshake_buffer to NULL.

Then later tls1_generate_master_secret() again calls 
ssl3_digest_cached_records() with keep set to 1 (but the 
handshake_buffer is already NULL and stays like that) and finally 
tls_post_process_client_key_exchange() throws the error because the 
handshake_buffer is NULL.

The message sequence was:

server Loop: SSLv3/TLS write hello request
client Loop: SSLv3/TLS write client hello
server Loop: SSLv3/TLS read client hello
server Loop: SSLv3/TLS write server hello
server Loop: SSLv3/TLS write certificate
server Loop: SSLv3/TLS write key exchange
server Loop: SSLv3/TLS write server done
client Loop: SSLv3/TLS write client hello
client Loop: SSLv3/TLS read server hello
client Loop: SSLv3/TLS read server certificate
client Loop: SSLv3/TLS read server key exchange
client Loop: SSLv3/TLS read server done
client Loop: SSLv3/TLS write client certificate
client Loop: SSLv3/TLS write client key exchange
client Loop: SSLv3/TLS write certificate verify
client Loop: SSLv3/TLS write change cipher spec
client Loop: SSLv3/TLS write finished
server Loop: SSLv3/TLS write server done
server Loop: SSLv3/TLS read client certificate
server error:14180044:SSL 
routines:tls_post_process_client_key_exchange:internal error

Regards,

Rainer


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4329
Please log in as guest with password guest if prompted

More information about the openssl-dev mailing list