[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Wed Mar 21 10:31:33 UTC 2018
The branch master has been updated
via 424afe931e7d813f75c7d1eacad7a5cd946c6456 (commit)
via 2e92af5ea5987354fd7fe582a07440ff7aca01f4 (commit)
from 696de86f8edefdf885a665ed9166ee2432f2ee30 (commit)
- Log -----------------------------------------------------------------
commit 424afe931e7d813f75c7d1eacad7a5cd946c6456
Author: Matt Caswell <matt at openssl.org>
Date: Tue Jan 16 11:26:50 2018 +0000
Don't wait for dry at the end of a handshake
For DTLS/SCTP we were waiting for a dry event during the call to
tls_finish_handshake(). This function just tidies up various internal
things, and after it completes the handshake is over. I can find no good
reason for waiting for a dry event here, and nothing in RFC6083 suggests
to me that we should need to. More importantly though it seems to be
wrong. It is perfectly possible for a peer to send app data/alerts/new
handshake while we are still cleaning up our handshake. If this happens
then we will never get the dry event and so we cannot continue.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5084)
commit 2e92af5ea5987354fd7fe582a07440ff7aca01f4
Author: Matt Caswell <matt at openssl.org>
Date: Tue Jan 16 10:48:01 2018 +0000
Check for alerts while waiting for a dry event
At a couple of points in a DTLS/SCTP handshake we need to wait for a dry
event before continuing. However if an alert has been sent by the peer
then we will never receive that dry event and an infinite loop results.
This commit changes things so that we attempt to read a message if we
are waiting for a dry event but haven't got one yet. This should never
succeed, but any alerts will be processed.
Fixes #4763
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5084)
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/statem_dtls.c | 20 +++++++++++++++++++-
ssl/statem/statem_lib.c | 9 ---------
2 files changed, 19 insertions(+), 10 deletions(-)
diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c
index 9bda18b..b5e62a2 100644
--- a/ssl/statem/statem_dtls.c
+++ b/ssl/statem/statem_dtls.c
@@ -922,9 +922,14 @@ int dtls_construct_change_cipher_spec(SSL *s, WPACKET *pkt)
}
#ifndef OPENSSL_NO_SCTP
+/*
+ * Wait for a dry event. Should only be called at a point in the handshake
+ * where we are not expecting any data from the peer except an alert.
+ */
WORK_STATE dtls_wait_for_dry(SSL *s)
{
- int ret;
+ int ret, errtype;
+ size_t len;
/* read app data until dry event */
ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
@@ -935,6 +940,19 @@ WORK_STATE dtls_wait_for_dry(SSL *s)
}
if (ret == 0) {
+ /*
+ * We're not expecting any more messages from the peer at this point -
+ * but we could get an alert. If an alert is waiting then we will never
+ * return successfully. Therefore we attempt to read a message. This
+ * should never succeed but will process any waiting alerts.
+ */
+ if (dtls_get_reassembled_message(s, &errtype, &len)) {
+ /* The call succeeded! This should never happen */
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS_WAIT_FOR_DRY,
+ SSL_R_UNEXPECTED_MESSAGE);
+ return WORK_ERROR;
+ }
+
s->s3->in_read_app_data = 2;
s->rwstate = SSL_READING;
BIO_clear_retry_flags(SSL_get_rbio(s));
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index a82079c..190050c 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1004,15 +1004,6 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop)
int discard;
void (*cb) (const SSL *ssl, int type, int val) = NULL;
-#ifndef OPENSSL_NO_SCTP
- if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
- WORK_STATE ret;
- ret = dtls_wait_for_dry(s);
- if (ret != WORK_FINISHED_CONTINUE)
- return ret;
- }
-#endif
-
if (clearbufs) {
if (!SSL_IS_DTLS(s)) {
/*
More information about the openssl-commits
mailing list