[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Matt Caswell
matt at openssl.org
Wed Jun 21 14:05:48 UTC 2017
The branch OpenSSL_1_1_0-stable has been updated
via 21815512063d00325fd8e25f3f39ced047cb968b (commit)
from d717edf80ed3494a5a25c0b82ce61e5885de68ac (commit)
- Log -----------------------------------------------------------------
commit 21815512063d00325fd8e25f3f39ced047cb968b
Author: Matt Caswell <matt at openssl.org>
Date: Tue Jun 20 16:36:30 2017 +0100
Fix DTLS failure when used in a build which has SCTP enabled
The value of BIO_CTRL_DGRAM_SET_PEEK_MODE was clashing with the value for
BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. In an SCTP enabled build
BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE was used unconditionally with
the reasoning that it would be ignored if SCTP wasn't in use. Unfortunately
due to this clash, this wasn't the case. The BIO ended up going into peek
mode and was continually reading the same data over and over - throwing it
away as a replay.
Fixes #3723
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3724)
(cherry picked from commit 9924087573cfbc8d2bc97088f36d1a81ca00cda3)
-----------------------------------------------------------------------
Summary of changes:
crypto/bio/bss_dgram.c | 9 +++++++++
include/openssl/bio.h | 7 ++++---
ssl/statem/statem.c | 8 ++++----
3 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c
index 81730ab..2358289 100644
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
@@ -782,6 +782,15 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
ret = dgram_get_mtu_overhead(data);
break;
+
+ /*
+ * BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE is used here for compatibility
+ * reasons. When BIO_CTRL_DGRAM_SET_PEEK_MODE was first defined its value
+ * was incorrectly clashing with BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. The
+ * value has been updated to a non-clashing value. However to preserve
+ * binary compatiblity we now respond to both the old value and the new one
+ */
+ case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
case BIO_CTRL_DGRAM_SET_PEEK_MODE:
data->peekmode = (unsigned int)num;
break;
diff --git a/include/openssl/bio.h b/include/openssl/bio.h
index 7812851..31fd91c 100644
--- a/include/openssl/bio.h
+++ b/include/openssl/bio.h
@@ -125,11 +125,10 @@ extern "C" {
# define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49
-# define BIO_CTRL_DGRAM_SET_PEEK_MODE 50
-
+/* Deliberately outside of OPENSSL_NO_SCTP - used in bss_dgram.c */
+# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50
# ifndef OPENSSL_NO_SCTP
/* SCTP stuff */
-# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50
# define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY 51
# define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY 52
# define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD 53
@@ -142,6 +141,8 @@ extern "C" {
# define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN 70
# endif
+# define BIO_CTRL_DGRAM_SET_PEEK_MODE 71
+
/* modifiers */
# define BIO_FP_READ 0x02
# define BIO_FP_WRITE 0x04
diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
index 691bfbb..e6dc3b1 100644
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -241,10 +241,10 @@ static int state_machine(SSL *s, int server)
return -1;
}
#ifndef OPENSSL_NO_SCTP
- if (SSL_IS_DTLS(s)) {
+ if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
/*
* Notify SCTP BIO socket to enter handshake mode and prevent stream
- * identifier other than 0. Will be ignored if no SCTP is used.
+ * identifier other than 0.
*/
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
st->in_handshake, NULL);
@@ -417,10 +417,10 @@ static int state_machine(SSL *s, int server)
st->in_handshake--;
#ifndef OPENSSL_NO_SCTP
- if (SSL_IS_DTLS(s)) {
+ if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
/*
* Notify SCTP BIO socket to leave handshake mode and allow stream
- * identifier other than 0. Will be ignored if no SCTP is used.
+ * identifier other than 0.
*/
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
st->in_handshake, NULL);
More information about the openssl-commits
mailing list