diff options
| author | Matt Caswell <matt@openssl.org> | 2021-04-19 15:21:54 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2021-04-28 16:23:08 +0100 |
| commit | f42e68dc473081393835b0ae7dad19d393ee589d (patch) | |
| tree | 1042d31d7f64c5a06c8a2cbff56a5bef7f68433c /test/dtlstest.c | |
| parent | 460d2fbcd75bef492638b54c17aa5f5bca7eec2a (diff) | |
| download | openssl-new-f42e68dc473081393835b0ae7dad19d393ee589d.tar.gz | |
Defer Finished MAC handling until after state transition
In TLS we process received messages like this:
1) Read Message Header
2) Validate and transition state based on received message type
3) Read Message Body
4) Process Message
In DTLS we read messages like this:
1) Read Message Header and Body
2) Validate and transition state based on received message type
3) Process Message
The difference is because of the stream vs datagram semantics of the
underlying transport.
In both TLS and DTLS we were doing finished MAC processing as part of
reading the message body. This means that in DTLS this was occurring
*before* the state transition has been validated. A crash was occurring
in DTLS if a Finished message was sent in an invalid state due to
assumptions in the code that certain variables would have been setup by
the time a Finished message arrives.
To avoid this problem we shift the finished MAC processing to be after
the state transition in DTLS.
Thanks to github user @bathooman for reporting this issue.
Fixes #14906
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14930)
Diffstat (limited to 'test/dtlstest.c')
0 files changed, 0 insertions, 0 deletions