[openssl] master update
matthias.st.pierre at ncp-e.com
matthias.st.pierre at ncp-e.com
Thu Oct 3 13:18:15 UTC 2019
The branch master has been updated
via e7c27a6c3716843f8412fd96311b70ac84b785f9 (commit)
from f1d1903dd3dd1d68a5eae190b8c2a88bfe0a68ac (commit)
- Log -----------------------------------------------------------------
commit e7c27a6c3716843f8412fd96311b70ac84b785f9
Author: NaveenShivanna86 <navin.shivanna at gmail.com>
Date: Wed Aug 21 11:58:29 2019 +0530
'init_buf' memory can be freed when DTLS is used over SCTP (not over UDP).
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9653)
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/statem_lib.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 898c608170..d2f7aab2ad 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1039,14 +1039,25 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop)
int cleanuphand = s->statem.cleanuphand;
if (clearbufs) {
- if (!SSL_IS_DTLS(s)) {
+ if (!SSL_IS_DTLS(s)
+#ifndef OPENSSL_NO_SCTP
/*
- * We don't do this in DTLS because we may still need the init_buf
+ * RFC6083: SCTP provides a reliable and in-sequence transport service for DTLS
+ * messages that require it. Therefore, DTLS procedures for retransmissions
+ * MUST NOT be used.
+ * Hence the init_buf can be cleared when DTLS over SCTP as transport is used.
+ */
+ || BIO_dgram_is_sctp(SSL_get_wbio(s))
+#endif
+ ) {
+ /*
+ * We don't do this in DTLS over UDP because we may still need the init_buf
* in case there are any unexpected retransmits
*/
BUF_MEM_free(s->init_buf);
s->init_buf = NULL;
}
+
if (!ssl_free_wbio_buffer(s)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_FINISH_HANDSHAKE,
ERR_R_INTERNAL_ERROR);
More information about the openssl-commits
mailing list