From 5a5a7de256385ee0fc587b8576ed7c35eb9ad584 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Thu, 5 Jun 2014 15:51:06 +0000
Subject: Ensure that we do not process a ChangeCipherSpec with an empty master
 secret. This is an additional safeguard against early ChangeCipherSpec
 handling.

From OpenSSL.

ok deraadt@
---
 src/lib/libssl/s3_pkt.c         | 2 +-
 src/lib/libssl/src/ssl/s3_pkt.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index 58d8221fe4..942ab37b95 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -1337,7 +1337,7 @@ ssl3_do_change_cipher_spec(SSL *s)
 		i = SSL3_CHANGE_CIPHER_CLIENT_READ;
 
 	if (s->s3->tmp.key_block == NULL) {
-		if (s->session == NULL) {
+		if (s->session == NULL || s->session->master_key_length == 0) {
 			/* might happen if dtls1_read_bytes() calls this */
 			SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,
 			    SSL_R_CCS_RECEIVED_EARLY);
diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c
index 58d8221fe4..942ab37b95 100644
--- a/src/lib/libssl/src/ssl/s3_pkt.c
+++ b/src/lib/libssl/src/ssl/s3_pkt.c
@@ -1337,7 +1337,7 @@ ssl3_do_change_cipher_spec(SSL *s)
 		i = SSL3_CHANGE_CIPHER_CLIENT_READ;
 
 	if (s->s3->tmp.key_block == NULL) {
-		if (s->session == NULL) {
+		if (s->session == NULL || s->session->master_key_length == 0) {
 			/* might happen if dtls1_read_bytes() calls this */
 			SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,
 			    SSL_R_CCS_RECEIVED_EARLY);
-- 
cgit v1.2.3-55-g6feb