From 1ee54c646b3d09a8d3d5e2b7ccaf54ec22be811a Mon Sep 17 00:00:00 2001
From: Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
Date: Mon, 13 Jan 2025 09:53:07 +0100
Subject: [PATCH] Sequence number cipher context is NULL for TLS connections

Fix memory sanitizer report of use of uninitialized variable: be explicit
that sequence number cipher context is NULL for TLS connections when
calling ssl_set_new_record_layer().

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26401)
---
 ssl/tls13_enc.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index c10472370db0b..c497988f459e7 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -696,10 +696,13 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
     if ((which & SSL3_CC_EARLY) == 0) {
         md = ssl_handshake_md(s);
         cipher = s->s3.tmp.new_sym_enc;
-        sncipher = s->s3.tmp.new_sym_enc_sn;
-        sn_input_offs = s->s3.tmp.new_sym_enc_sn_offs;
         mac_md = s->s3.tmp.new_hash;
         mac_pkey_type = s->s3.tmp.new_mac_pkey_type;
+
+        if (SSL_CONNECTION_IS_DTLS(s)) {
+            sncipher = s->s3.tmp.new_sym_enc_sn;
+            sn_input_offs = s->s3.tmp.new_sym_enc_sn_offs;
+        }
         if (!ssl3_digest_cached_records(s, 1)
                 || !ssl_handshake_hash(s, hashval, sizeof(hashval), &hashlen)) {
             /* SSLfatal() already called */;
@@ -840,6 +843,8 @@ int tls13_update_key(SSL_CONNECTION *s, int sending)
     size_t hashlen;
     unsigned char key[EVP_MAX_KEY_LENGTH];
     unsigned char snkey[EVP_MAX_KEY_LENGTH];
+    const EVP_CIPHER *snenc = NULL;
+    size_t snoffs = 0;
     unsigned char *insecret;
     unsigned char secret[EVP_MAX_MD_SIZE];
     char *log_label;
@@ -875,14 +880,17 @@ int tls13_update_key(SSL_CONNECTION *s, int sending)
 
     memcpy(insecret, secret, hashlen);
 
-    if (SSL_CONNECTION_IS_DTLS(s))
+    if (SSL_CONNECTION_IS_DTLS(s)) {
         dtls1_increment_epoch(s, which);
+        snenc = s->s3.tmp.new_sym_enc_sn;
+        snoffs = s->s3.tmp.new_sym_enc_sn_offs;
+    }
 
     if (!ssl_set_new_record_layer(s, s->version, direction,
                                   OSSL_RECORD_PROTECTION_LEVEL_APPLICATION,
                                   insecret, hashlen, snkey, key, keylen,
                                   iv, ivlen, NULL, 0,
-                                  s->s3.tmp.new_sym_enc_sn, s->s3.tmp.new_sym_enc_sn_offs,
+                                  snenc, snoffs,
                                   s->s3.tmp.new_sym_enc,
                                   taglen, NID_undef, NULL, NULL, md)) {
         /* SSLfatal already called */