diff options
| author | Matt Caswell <matt@openssl.org> | 2017-04-20 15:13:28 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-04-25 14:04:13 +0100 |
| commit | c9a6b9f7ed482025d684ef3a04505004f85a97a1 (patch) | |
| tree | 43a2c63a0db3e7bda9577d049222c5347b268407 /ssl | |
| parent | d746e49bcd9cc84cce13b1cd2d3ea35b909880a7 (diff) | |
Remove special case code for SCTP reneg handling
There was code existing which attempted to handle the case where application
data is received after a reneg handshake has started in SCTP. In normal DTLS
we just fail the connection if this occurs, so there doesn't seem any reason
to try and work around it for SCTP. In practice it didn't work properly
anyway and is probably a bad idea to start with.
Fixes #3251
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3287)
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/d1_msg.c | 13 | ||||
| -rw-r--r-- | ssl/record/rec_layer_d1.c | 23 | ||||
| -rw-r--r-- | ssl/statem/statem.c | 23 | ||||
| -rw-r--r-- | ssl/statem/statem.h | 7 | ||||
| -rw-r--r-- | ssl/statem/statem_clnt.c | 24 | ||||
| -rw-r--r-- | ssl/statem/statem_srvr.c | 39 |
6 files changed, 3 insertions, 126 deletions
diff --git a/ssl/d1_msg.c b/ssl/d1_msg.c index ae7aff6959..7471fd3e98 100644 --- a/ssl/d1_msg.c +++ b/ssl/d1_msg.c @@ -14,18 +14,7 @@ int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len) { int i; -#ifndef OPENSSL_NO_SCTP - /* - * Check if we have to continue an interrupted handshake for reading - * belated app data with SCTP. - */ - if ((SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) || - (BIO_dgram_is_sctp(SSL_get_wbio(s)) && - ossl_statem_in_sctp_read_sock(s))) -#else - if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) -#endif - { + if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) { i = s->handshake_func(s); if (i < 0) return (i); diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 1d16319f14..5c9a18082a 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -369,18 +369,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * type == SSL3_RT_HANDSHAKE. */ -#ifndef OPENSSL_NO_SCTP - /* - * Continue handshake if it had to be interrupted to read app data with - * SCTP. - */ - if ((!ossl_statem_get_in_handshake(s) && SSL_in_init(s)) || - (BIO_dgram_is_sctp(SSL_get_rbio(s)) - && ossl_statem_in_sctp_read_sock(s) - && s->s3->in_read_app_data != 2)) -#else if (!ossl_statem_get_in_handshake(s) && SSL_in_init(s)) -#endif { /* type == SSL3_RT_APPLICATION_DATA */ i = s->handshake_func(s); @@ -523,18 +512,6 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } #ifndef OPENSSL_NO_SCTP /* - * We were about to renegotiate but had to read belated application - * data first, so retry. - */ - if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && - SSL3_RECORD_get_type(rr) == SSL3_RT_APPLICATION_DATA && - ossl_statem_in_sctp_read_sock(s)) { - s->rwstate = SSL_READING; - BIO_clear_retry_flags(SSL_get_rbio(s)); - BIO_set_retry_read(SSL_get_rbio(s)); - } - - /* * We might had to delay a close_notify alert because of reordered * app data. If there was an alert and there is no message to read * anymore, finally set shutdown. diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index 512f1e0941..691bfbbb2a 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -850,26 +850,3 @@ int ossl_statem_app_data_allowed(SSL *s) return 0; } - -#ifndef OPENSSL_NO_SCTP -/* - * Set flag used by SCTP to determine whether we are in the read sock state - */ -void ossl_statem_set_sctp_read_sock(SSL *s, int read_sock) -{ - s->statem.in_sctp_read_sock = read_sock; -} - -/* - * Called by the record layer to determine whether we are in the read sock - * state or not. - * - * Return values are: - * 1: Yes (we are in the read sock state) - * 0: No (we are not in the read sock state) - */ -int ossl_statem_in_sctp_read_sock(SSL *s) -{ - return s->statem.in_sctp_read_sock; -} -#endif diff --git a/ssl/statem/statem.h b/ssl/statem/statem.h index 2fca39b0db..c669ee9e78 100644 --- a/ssl/statem/statem.h +++ b/ssl/statem/statem.h @@ -93,9 +93,6 @@ struct ossl_statem_st { /* Should we skip the CertificateVerify message? */ unsigned int no_cert_verify; int use_timer; -#ifndef OPENSSL_NO_SCTP - int in_sctp_read_sock; -#endif }; typedef struct ossl_statem_st OSSL_STATEM; @@ -117,7 +114,3 @@ int ossl_statem_get_in_handshake(SSL *s); void ossl_statem_set_in_handshake(SSL *s, int inhand); void ossl_statem_set_hello_verify_done(SSL *s); __owur int ossl_statem_app_data_allowed(SSL *s); -#ifndef OPENSSL_NO_SCTP -void ossl_statem_set_sctp_read_sock(SSL *s, int read_sock); -__owur int ossl_statem_in_sctp_read_sock(SSL *s); -#endif diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 6eb6e424df..a2a6684fa9 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -664,21 +664,6 @@ WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst) case TLS_ST_CR_CERT_REQ: return tls_prepare_client_certificate(s, wst); -#ifndef OPENSSL_NO_SCTP - case TLS_ST_CR_SRVR_DONE: - /* We only get here if we are using SCTP and we are renegotiating */ - if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) { - s->s3->in_read_app_data = 2; - s->rwstate = SSL_READING; - BIO_clear_retry_flags(SSL_get_rbio(s)); - BIO_set_retry_read(SSL_get_rbio(s)); - ossl_statem_set_sctp_read_sock(s, 1); - return WORK_MORE_A; - } - ossl_statem_set_sctp_read_sock(s, 0); - return WORK_FINISHED_STOP; -#endif - default: break; } @@ -2078,14 +2063,7 @@ MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt) } #endif -#ifndef OPENSSL_NO_SCTP - /* Only applies to renegotiation */ - if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s)) - && s->renegotiate != 0) - return MSG_PROCESS_CONTINUE_PROCESSING; - else -#endif - return MSG_PROCESS_FINISHED_READING; + return MSG_PROCESS_FINISHED_READING; } static int tls_construct_cke_psk_preamble(SSL *s, unsigned char **p, diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 2bd1b8e75d..ce7bb3306b 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -786,24 +786,6 @@ WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst) case TLS_ST_SR_KEY_EXCH: return tls_post_process_client_key_exchange(s, wst); - case TLS_ST_SR_CERT_VRFY: -#ifndef OPENSSL_NO_SCTP - if ( /* Is this SCTP? */ - BIO_dgram_is_sctp(SSL_get_wbio(s)) - /* Are we renegotiating? */ - && s->renegotiate && BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) { - s->s3->in_read_app_data = 2; - s->rwstate = SSL_READING; - BIO_clear_retry_flags(SSL_get_rbio(s)); - BIO_set_retry_read(SSL_get_rbio(s)); - ossl_statem_set_sctp_read_sock(s, 1); - return WORK_MORE_A; - } else { - ossl_statem_set_sctp_read_sock(s, 0); - } -#endif - return WORK_FINISHED_CONTINUE; - default: break; } @@ -2638,25 +2620,6 @@ WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst) BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, sizeof(sctpauthkey), sctpauthkey); } - wst = WORK_MORE_B; - } - - if ((wst == WORK_MORE_B) - /* Is this SCTP? */ - && BIO_dgram_is_sctp(SSL_get_wbio(s)) - /* Are we renegotiating? */ - && s->renegotiate - /* Are we going to skip the CertificateVerify? */ - && (s->session->peer == NULL || s->statem.no_cert_verify) - && BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) { - s->s3->in_read_app_data = 2; - s->rwstate = SSL_READING; - BIO_clear_retry_flags(SSL_get_rbio(s)); - BIO_set_retry_read(SSL_get_rbio(s)); - ossl_statem_set_sctp_read_sock(s, 1); - return WORK_MORE_B; - } else { - ossl_statem_set_sctp_read_sock(s, 0); } #endif @@ -2836,7 +2799,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) goto f_err; } - ret = MSG_PROCESS_CONTINUE_PROCESSING; + ret = MSG_PROCESS_CONTINUE_READING; if (0) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); |