[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Matt Caswell matt at openssl.org
Tue Apr 25 13:07:08 UTC 2017


The branch OpenSSL_1_1_0-stable has been updated
       via  bb22c4057f31346b3d8f43929c759f692a7e7ef9 (commit)
       via  b651a05d261530923c4d1f8f464a91c50602d3ea (commit)
       via  22ae579bea93c0a426bacb764783e0e2cf35c14c (commit)
       via  c9a6b9f7ed482025d684ef3a04505004f85a97a1 (commit)
      from  d746e49bcd9cc84cce13b1cd2d3ea35b909880a7 (commit)


- Log -----------------------------------------------------------------
commit bb22c4057f31346b3d8f43929c759f692a7e7ef9
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Apr 24 11:45:42 2017 +0100

    Fix some variable references in init_client
    
    We were incorrectly using "res" when we meant "ai"
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3287)

commit b651a05d261530923c4d1f8f464a91c50602d3ea
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Apr 21 16:56:06 2017 +0100

    Fix problem with SCTP close_notify alerts
    
    In SCTP the code was only allowing a send of a close_notify alert if the
    socket is dry. If the socket isn't dry then it was attempting to save away
    the close_notify alert to resend later when it is dry and then it returned
    success. However because the application then thinks that the close_notify
    alert has been successfully sent it never re-enters the DTLS code to
    actually resend the alert. A much simpler solution is to just fail with a
    retryable error in the event that the socket isn't dry. That way the
    application knows to retry sending the close_notify alert.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3287)

commit 22ae579bea93c0a426bacb764783e0e2cf35c14c
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Apr 21 14:00:20 2017 +0100

    Don't attempt to send fragments > max_send_fragment in DTLS
    
    We were allocating the write buffer based on the size of max_send_fragment,
    but ignoring it when writing data. We should fragment handshake messages
    if they exceed max_send_fragment and reject application data writes that
    are too large.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3287)

commit c9a6b9f7ed482025d684ef3a04505004f85a97a1
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Apr 20 15:13:28 2017 +0100

    Remove special case code for SCTP reneg handling
    
    There was code existing which attempted to handle the case where application
    data is received after a reneg handshake has started in SCTP. In normal DTLS
    we just fail the connection if this occurs, so there doesn't seem any reason
    to try and work around it for SCTP. In practice it didn't work properly
    anyway and is probably a bad idea to start with.
    
    Fixes #3251
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3287)

-----------------------------------------------------------------------

Summary of changes:
 apps/s_socket.c           |  7 ++++---
 crypto/bio/bss_dgram.c    | 43 ++++++-------------------------------------
 include/openssl/ssl.h     |  1 +
 ssl/d1_msg.c              | 13 +------------
 ssl/record/rec_layer_d1.c | 28 +++++-----------------------
 ssl/ssl_err.c             |  2 ++
 ssl/statem/statem.c       | 23 -----------------------
 ssl/statem/statem.h       |  7 -------
 ssl/statem/statem_clnt.c  | 24 +-----------------------
 ssl/statem/statem_dtls.c  |  5 ++---
 ssl/statem/statem_srvr.c  | 39 +--------------------------------------
 11 files changed, 23 insertions(+), 169 deletions(-)

diff --git a/apps/s_socket.c b/apps/s_socket.c
index d16f5ad..0cbe885 100644
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -75,11 +75,12 @@ int init_client(int *sock, const char *host, const char *port,
         /* Admittedly, these checks are quite paranoid, we should not get
          * anything in the BIO_ADDRINFO chain that we haven't
          * asked for. */
-        OPENSSL_assert((family == AF_UNSPEC || family == BIO_ADDRINFO_family(res))
-                       && (type == 0 || type == BIO_ADDRINFO_socktype(res)));
+        OPENSSL_assert((family == AF_UNSPEC
+                        || family == BIO_ADDRINFO_family(ai))
+                       && (type == 0 || type == BIO_ADDRINFO_socktype(ai)));
 
         *sock = BIO_socket(BIO_ADDRINFO_family(ai), BIO_ADDRINFO_socktype(ai),
-                           BIO_ADDRINFO_protocol(res), 0);
+                           BIO_ADDRINFO_protocol(ai), 0);
         if (*sock == INVALID_SOCKET) {
             /* Maybe the kernel doesn't support the socket family, even if
              * BIO_lookup() added it in the returned result...
diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c
index 6dfcc9b..81730ab 100644
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
@@ -130,7 +130,6 @@ typedef struct bio_dgram_sctp_data_st {
     int ccs_sent;
     int save_shutdown;
     int peer_auth_tested;
-    bio_dgram_sctp_save_message saved_message;
 } bio_dgram_sctp_data;
 # endif
 
@@ -962,10 +961,8 @@ static int dgram_sctp_free(BIO *a)
         return 0;
 
     data = (bio_dgram_sctp_data *) a->ptr;
-    if (data != NULL) {
-        OPENSSL_free(data->saved_message.data);
+    if (data != NULL)
         OPENSSL_free(data);
-    }
 
     return (1);
 }
@@ -1067,22 +1064,6 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
                     struct sctp_event_subscribe event;
                     socklen_t eventsize;
 #  endif
-                    /*
-                     * If a message has been delayed until the socket is dry,
-                     * it can be sent now.
-                     */
-                    if (data->saved_message.length > 0) {
-                        i = dgram_sctp_write(data->saved_message.bio,
-                                         data->saved_message.data,
-                                         data->saved_message.length);
-                        if (i < 0) {
-                            ret = i;
-                            break;
-                        }
-                        OPENSSL_free(data->saved_message.data);
-                        data->saved_message.data = NULL;
-                        data->saved_message.length = 0;
-                    }
 
                     /* disable sender dry event */
 #  ifdef SCTP_EVENT
@@ -1265,27 +1246,15 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl)
         sinfo = &handshake_sinfo;
     }
 
-    /*
-     * If we have to send a shutdown alert message and the socket is not dry
-     * yet, we have to save it and send it as soon as the socket gets dry.
-     */
+    /* We can only send a shutdown alert if the socket is dry */
     if (data->save_shutdown) {
         ret = BIO_dgram_sctp_wait_for_dry(b);
-        if (ret < 0) {
+        if (ret < 0)
             return -1;
-        }
         if (ret == 0) {
-            char *tmp;
-            data->saved_message.bio = b;
-            if ((tmp = OPENSSL_malloc(inl)) == NULL) {
-                BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_FAILURE);
-                return -1;
-            }
-            OPENSSL_free(data->saved_message.data);
-            data->saved_message.data = tmp;
-            memcpy(data->saved_message.data, in, inl);
-            data->saved_message.length = inl;
-            return inl;
+            BIO_clear_retry_flags(b);
+            BIO_set_retry_write(b);
+            return -1;
         }
     }
 
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 8d75d53..f7ea736 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2346,6 +2346,7 @@ int ERR_load_SSL_strings(void);
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
 # define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN             204
+# define SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE                  194
 # define SSL_R_EXCESSIVE_MESSAGE_SIZE                     152
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
diff --git a/ssl/d1_msg.c b/ssl/d1_msg.c
index ae7aff6..7471fd3 100644
--- a/ssl/d1_msg.c
+++ b/ssl/d1_msg.c
@@ -14,18 +14,7 @@ int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
 {
     int i;
 
-#ifndef OPENSSL_NO_SCTP
-    /*
-     * Check if we have to continue an interrupted handshake for reading
-     * belated app data with SCTP.
-     */
-    if ((SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) ||
-        (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
-         ossl_statem_in_sctp_read_sock(s)))
-#else
-    if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s))
-#endif
-    {
+    if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) {
         i = s->handshake_func(s);
         if (i < 0)
             return (i);
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index 1d16319..1686edd 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -369,18 +369,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
      * type == SSL3_RT_HANDSHAKE.
      */
 
-#ifndef OPENSSL_NO_SCTP
-    /*
-     * Continue handshake if it had to be interrupted to read app data with
-     * SCTP.
-     */
-    if ((!ossl_statem_get_in_handshake(s) && SSL_in_init(s)) ||
-        (BIO_dgram_is_sctp(SSL_get_rbio(s))
-         && ossl_statem_in_sctp_read_sock(s)
-         && s->s3->in_read_app_data != 2))
-#else
     if (!ossl_statem_get_in_handshake(s) && SSL_in_init(s))
-#endif
     {
         /* type == SSL3_RT_APPLICATION_DATA */
         i = s->handshake_func(s);
@@ -523,18 +512,6 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
         }
 #ifndef OPENSSL_NO_SCTP
         /*
-         * We were about to renegotiate but had to read belated application
-         * data first, so retry.
-         */
-        if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
-            SSL3_RECORD_get_type(rr) == SSL3_RT_APPLICATION_DATA &&
-            ossl_statem_in_sctp_read_sock(s)) {
-            s->rwstate = SSL_READING;
-            BIO_clear_retry_flags(SSL_get_rbio(s));
-            BIO_set_retry_read(SSL_get_rbio(s));
-        }
-
-        /*
          * We might had to delay a close_notify alert because of reordered
          * app data. If there was an alert and there is no message to read
          * anymore, finally set shutdown.
@@ -1011,6 +988,11 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
     if (len == 0 && !create_empty_fragment)
         return 0;
 
+    if (len > s->max_send_fragment) {
+        SSLerr(SSL_F_DO_DTLS1_WRITE, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE);
+        return 0;
+    }
+
     sess = s->session;
 
     if ((sess == NULL) ||
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 73e0ae1..be4c0c0 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -415,6 +415,8 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
      "error in received cipher list"},
     {ERR_REASON(SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN),
      "error setting tlsa base domain"},
+    {ERR_REASON(SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE),
+     "exceeds max fragment size"},
     {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE), "excessive message size"},
     {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE), "extra data in message"},
     {ERR_REASON(SSL_R_FAILED_TO_INIT_ASYNC), "failed to init async"},
diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
index 512f1e0..691bfbb 100644
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -850,26 +850,3 @@ int ossl_statem_app_data_allowed(SSL *s)
 
     return 0;
 }
-
-#ifndef OPENSSL_NO_SCTP
-/*
- * Set flag used by SCTP to determine whether we are in the read sock state
- */
-void ossl_statem_set_sctp_read_sock(SSL *s, int read_sock)
-{
-    s->statem.in_sctp_read_sock = read_sock;
-}
-
-/*
- * Called by the record layer to determine whether we are in the read sock
- * state or not.
- *
- * Return values are:
- *   1: Yes (we are in the read sock state)
- *   0: No (we are not in the read sock state)
- */
-int ossl_statem_in_sctp_read_sock(SSL *s)
-{
-    return s->statem.in_sctp_read_sock;
-}
-#endif
diff --git a/ssl/statem/statem.h b/ssl/statem/statem.h
index 2fca39b..c669ee9 100644
--- a/ssl/statem/statem.h
+++ b/ssl/statem/statem.h
@@ -93,9 +93,6 @@ struct ossl_statem_st {
     /* Should we skip the CertificateVerify message? */
     unsigned int no_cert_verify;
     int use_timer;
-#ifndef OPENSSL_NO_SCTP
-    int in_sctp_read_sock;
-#endif
 };
 typedef struct ossl_statem_st OSSL_STATEM;
 
@@ -117,7 +114,3 @@ int ossl_statem_get_in_handshake(SSL *s);
 void ossl_statem_set_in_handshake(SSL *s, int inhand);
 void ossl_statem_set_hello_verify_done(SSL *s);
 __owur int ossl_statem_app_data_allowed(SSL *s);
-#ifndef OPENSSL_NO_SCTP
-void ossl_statem_set_sctp_read_sock(SSL *s, int read_sock);
-__owur int ossl_statem_in_sctp_read_sock(SSL *s);
-#endif
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 6eb6e42..a2a6684 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -664,21 +664,6 @@ WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst)
     case TLS_ST_CR_CERT_REQ:
         return tls_prepare_client_certificate(s, wst);
 
-#ifndef OPENSSL_NO_SCTP
-    case TLS_ST_CR_SRVR_DONE:
-        /* We only get here if we are using SCTP and we are renegotiating */
-        if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
-            s->s3->in_read_app_data = 2;
-            s->rwstate = SSL_READING;
-            BIO_clear_retry_flags(SSL_get_rbio(s));
-            BIO_set_retry_read(SSL_get_rbio(s));
-            ossl_statem_set_sctp_read_sock(s, 1);
-            return WORK_MORE_A;
-        }
-        ossl_statem_set_sctp_read_sock(s, 0);
-        return WORK_FINISHED_STOP;
-#endif
-
     default:
         break;
     }
@@ -2078,14 +2063,7 @@ MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt)
     }
 #endif
 
-#ifndef OPENSSL_NO_SCTP
-    /* Only applies to renegotiation */
-    if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))
-        && s->renegotiate != 0)
-        return MSG_PROCESS_CONTINUE_PROCESSING;
-    else
-#endif
-        return MSG_PROCESS_FINISHED_READING;
+    return MSG_PROCESS_FINISHED_READING;
 }
 
 static int tls_construct_cke_psk_preamble(SSL *s, unsigned char **p,
diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c
index 043f41b..37e7fea 100644
--- a/ssl/statem/statem_dtls.c
+++ b/ssl/statem/statem_dtls.c
@@ -214,9 +214,8 @@ int dtls1_do_write(SSL *s, int type)
         else
             len = s->init_num;
 
-        /* Shouldn't ever happen */
-        if (len > INT_MAX)
-            len = INT_MAX;
+        if (len > s->max_send_fragment)
+            len = s->max_send_fragment;
 
         /*
          * XDTLS: this function is too long.  split out the CCS part
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 2bd1b8e..ce7bb33 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -786,24 +786,6 @@ WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst)
     case TLS_ST_SR_KEY_EXCH:
         return tls_post_process_client_key_exchange(s, wst);
 
-    case TLS_ST_SR_CERT_VRFY:
-#ifndef OPENSSL_NO_SCTP
-        if (                    /* Is this SCTP? */
-               BIO_dgram_is_sctp(SSL_get_wbio(s))
-               /* Are we renegotiating? */
-               && s->renegotiate && BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
-            s->s3->in_read_app_data = 2;
-            s->rwstate = SSL_READING;
-            BIO_clear_retry_flags(SSL_get_rbio(s));
-            BIO_set_retry_read(SSL_get_rbio(s));
-            ossl_statem_set_sctp_read_sock(s, 1);
-            return WORK_MORE_A;
-        } else {
-            ossl_statem_set_sctp_read_sock(s, 0);
-        }
-#endif
-        return WORK_FINISHED_CONTINUE;
-
     default:
         break;
     }
@@ -2638,25 +2620,6 @@ WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst)
             BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
                      sizeof(sctpauthkey), sctpauthkey);
         }
-        wst = WORK_MORE_B;
-    }
-
-    if ((wst == WORK_MORE_B)
-        /* Is this SCTP? */
-        && BIO_dgram_is_sctp(SSL_get_wbio(s))
-        /* Are we renegotiating? */
-        && s->renegotiate
-        /* Are we going to skip the CertificateVerify? */
-        && (s->session->peer == NULL || s->statem.no_cert_verify)
-        && BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
-        s->s3->in_read_app_data = 2;
-        s->rwstate = SSL_READING;
-        BIO_clear_retry_flags(SSL_get_rbio(s));
-        BIO_set_retry_read(SSL_get_rbio(s));
-        ossl_statem_set_sctp_read_sock(s, 1);
-        return WORK_MORE_B;
-    } else {
-        ossl_statem_set_sctp_read_sock(s, 0);
     }
 #endif
 
@@ -2836,7 +2799,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
         goto f_err;
     }
 
-    ret = MSG_PROCESS_CONTINUE_PROCESSING;
+    ret = MSG_PROCESS_CONTINUE_READING;
     if (0) {
  f_err:
         ssl3_send_alert(s, SSL3_AL_FATAL, al);


More information about the openssl-commits mailing list