Fix DTLS retransmission from previous session.

For DTLS we might need to retransmit messages from the previous session so keep a copy of write context in DTLS retransmission buffers instead of replacing it after sending CCS. CVE-2013-6450.
author: Dr. Stephen Henson <steve@openssl.org> 2013-12-20 15:26:50 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2013-12-20 23:12:18 +0000
commit: 34628967f1e65dc8f34e000f0f5518e21afbfc7b (patch)
tree: c7a2fa589782c89a05845733b12df9d437140689 /ssl/d1_both.c
parent: a6c62f0c25a756c263a80ce52afbae888028e986 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 65ec0018ae..7a5596a6b3 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
 static void
 dtls1_hm_fragment_free(hm_fragment *frag)
 	{
+
+	if (frag->msg_header.is_ccs)
+		{
+		EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
+		EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
+		}
 	if (frag->fragment) OPENSSL_free(frag->fragment);
 	if (frag->reassembly) OPENSSL_free(frag->reassembly);
 	OPENSSL_free(frag);
author	Dr. Stephen Henson <steve@openssl.org>	2013-12-20 15:26:50 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2013-12-20 23:12:18 +0000
commit	34628967f1e65dc8f34e000f0f5518e21afbfc7b (patch)
tree	c7a2fa589782c89a05845733b12df9d437140689 /ssl/d1_both.c
parent	a6c62f0c25a756c263a80ce52afbae888028e986 (diff)