git.openssl.org Git - openssl.git/commit

author	Matt Caswell <matt@openssl.org>
	Mon, 19 Apr 2021 14:21:54 +0000 (15:21 +0100)
committer	Matt Caswell <matt@openssl.org>
	Wed, 28 Apr 2021 15:23:08 +0000 (16:23 +0100)
commit	f42e68dc473081393835b0ae7dad19d393ee589d
tree	1042d31d7f64c5a06c8a2cbff56a5bef7f68433c	tree \| snapshot
parent	460d2fbcd75bef492638b54c17aa5f5bca7eec2a	commit \| diff

Defer Finished MAC handling until after state transition

In TLS we process received messages like this:

1) Read Message Header
2) Validate and transition state based on received message type
3) Read Message Body
4) Process Message

In DTLS we read messages like this:

1) Read Message Header and Body
2) Validate and transition state based on received message type
3) Process Message

The difference is because of the stream vs datagram semantics of the
underlying transport.

In both TLS and DTLS we were doing finished MAC processing as part of
reading the message body. This means that in DTLS this was occurring
*before* the state transition has been validated. A crash was occurring
in DTLS if a Finished message was sent in an invalid state due to
assumptions in the code that certain variables would have been setup by
the time a Finished message arrives.

To avoid this problem we shift the finished MAC processing to be after
the state transition in DTLS.

Thanks to github user @bathooman for reporting this issue.

Fixes #14906

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14930)

ssl/statem/statem.c		diff \| blob \| history
ssl/statem/statem_dtls.c		diff \| blob \| history
ssl/statem/statem_local.h		diff \| blob \| history