generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix DTLSv1_listen following state machine changes

Browse Source 
Adding the new state machine broke the DTLSv1_listen code because
calling SSL_in_before() was erroneously returning true after DTLSv1_listen
had successfully completed. This change ensures that SSL_in_before returns
false.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Matt Caswell 2015-10-22 12:18:45 +01:00
parent 91eac8d567
commit 31fd10e60d
3 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ssl/d1_lib.c
View File

@ -872,8 +872,11 @@ int dtls1_listen(SSL *s, struct sockaddr *client)
*/ */
SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
/* Put us into the "init" state so that we don't get our state cleared */ /*
ossl_statem_set_in_init(s, 1); * Tell the state machine that we've done the initial hello verify
* exchange
*/
ossl_statem_set_hello_verify_done(s);
if(BIO_dgram_get_peer(rbio, client) <= 0) { if(BIO_dgram_get_peer(rbio, client) <= 0) {
SSLerr(SSL_F_DTLS1_LISTEN, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_DTLS1_LISTEN, ERR_R_INTERNAL_ERROR);

14
ssl/statem/statem.c
View File

@ -187,6 +187,20 @@ void ossl_statem_set_in_init(SSL *s, int init)
s->statem.in_init = init; s->statem.in_init = init;
} }
void ossl_statem_set_hello_verify_done(SSL *s)
{
s->statem.state = MSG_FLOW_UNINITED;
s->statem.in_init = 1;
/*
* This will get reset (briefly) back to TLS_ST_BEFORE when we enter
* state_machine() because |state| is MSG_FLOW_UNINITED, but until then any
* calls to SSL_in_before() will return false. Also calls to
* SSL_state_string() and SSL_state_string_long() will return something
* sensible.
*/
s->statem.hand_state = TLS_ST_SR_CLNT_HELLO;
}
int ossl_statem_connect(SSL *s) { int ossl_statem_connect(SSL *s) {
return state_machine(s, 0); return state_machine(s, 0);
} }

1
ssl/statem/statem.h
View File

@ -161,6 +161,7 @@ void ossl_statem_set_renegotiate(SSL *s);
void ossl_statem_set_error(SSL *s); void ossl_statem_set_error(SSL *s);
int ossl_statem_in_error(const SSL *s); int ossl_statem_in_error(const SSL *s);
void ossl_statem_set_in_init(SSL *s, int init); void ossl_statem_set_in_init(SSL *s, int init);
void ossl_statem_set_hello_verify_done(SSL *s);
__owur int ossl_statem_app_data_allowed(SSL *s); __owur int ossl_statem_app_data_allowed(SSL *s);
#ifndef OPENSSL_NO_SCTP #ifndef OPENSSL_NO_SCTP
void ossl_statem_set_sctp_read_sock(SSL *s, int read_sock); void ossl_statem_set_sctp_read_sock(SSL *s, int read_sock);