diff options
| author | Benjamin Kaduk <bkaduk@akamai.com> | 2020-10-26 12:30:16 -0700 |
|---|---|---|
| committer | Benjamin Kaduk <bkaduk@akamai.com> | 2020-11-02 11:28:24 -0800 |
| commit | a92c9648cd96d293cf198652cda8f29cc84a9828 (patch) | |
| tree | 51bba1567f456c38cf5e8cb6258f9dc0a932a6d8 | |
| parent | 3d7e7e7c48210b515ef5e05f4acf6dc58377331c (diff) | |
| download | openssl-new-a92c9648cd96d293cf198652cda8f29cc84a9828.tar.gz | |
Clear error queue entries from bad DLTS records
DTLS by design ignores records/packets with bad MAC or failed AEAD tag
validation. However, recent changes to have provided cipher
implementations caused tls1_enc() to leave an entry on the error queue
for invalid GCM tags, e.g.:
800BEAEF487F0000:error::Provider routines:gcm_stream_update:cipher operation failed:providers/implementations/ciphers/ciphercommon_gcm.c:306
The BoringSSL tests check for entries on the error queue with
SSL_get_error() and so we were seeing spurious test failures
due to the additional item on the error queue. To avoid leaving
such spurious entries on the error queue, set a mark before calling
the ssl3_enc 'enc' method, and pop to that mark before ignoring
invalid packets.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13251)
| -rw-r--r-- | ssl/record/ssl3_record.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 046d6f2054..52a8986aca 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -1615,6 +1615,12 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) mac_size = 0; } + /* + * Set a mark around the packet decryption attempt. This is DTLS, so + * bad packets are just ignored, and we don't want to leave stray + * errors in the queue from processing bogus junk that we ignored. + */ + ERR_set_mark(); enc_err = s->method->ssl3_enc->enc(s, rr, 1, 0, &macbuf, mac_size); /*- @@ -1624,6 +1630,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) * 1: Success or MTE decryption failed (MAC will be randomised) */ if (enc_err == 0) { + ERR_pop_to_mark(); if (ossl_statem_in_error(s)) { /* SSLfatal() got called */ goto end; @@ -1633,6 +1640,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) RECORD_LAYER_reset_packet_length(&s->rlayer); goto end; } + ERR_clear_last_mark(); OSSL_TRACE_BEGIN(TLS) { BIO_printf(trc_out, "dec %zd\n", rr->length); BIO_dump_indent(trc_out, rr->data, rr->length, 4); |