diff options
| author | jsing <> | 2021-08-31 13:34:55 +0000 |
|---|---|---|
| committer | jsing <> | 2021-08-31 13:34:55 +0000 |
| commit | f55a628b1a5faa0be72079bd24a247266121aa8b (patch) | |
| tree | bc775bda4a2e85eae7ab9c598739564c29bfa447 /src/lib/libssl/dtls_locl.h | |
| parent | e6a921b7782b387c57ef5fd5205ee66276665998 (diff) | |
| download | openbsd-f55a628b1a5faa0be72079bd24a247266121aa8b.tar.gz openbsd-f55a628b1a5faa0be72079bd24a247266121aa8b.tar.bz2 openbsd-f55a628b1a5faa0be72079bd24a247266121aa8b.zip | |
Defragment DTLS.
In normal TLS, it is possible for record fragments to be sent that contain
one byte of alert or handshake message payload. In this case we have to
read and collate multiple message fragments before we can decide what to
do with the record.
However, in the case of DTLS, one record is effectively one packet and
while it is possible to send handshake messages across multiple
records/packets, the minimum payload is the DTLS handshake message header
(plus one byte of data if the handshake message has a payload) - without
this, there is insufficient information available to be able to reassemble
the handshake message. Likewise, splitting an alert across multiple DTLS
records simply does not work, as we have no way of knowing if we're
collating the same alert or two different alerts that we lost half of each
from (unfortunately, these details are not really specified in the DTLS
RFC).
This means that for DTLS we can expect to receive a full alert message
(a whole two bytes) or a handshake record with at least the handshake
message header (12 bytes). If we receive messages with less than these
lengths we discard them and carry on (which is what the DTLS code already
does).
Remove all of the pointless fragment handling code from DTLS, while also
fixing an issue where one case used rr->data instead of the handshake
fragment.
ok inoguchi@ tb@
Diffstat (limited to 'src/lib/libssl/dtls_locl.h')
| -rw-r--r-- | src/lib/libssl/dtls_locl.h | 9 |
1 files changed, 1 insertions, 8 deletions
diff --git a/src/lib/libssl/dtls_locl.h b/src/lib/libssl/dtls_locl.h index 83fb9e0e10..502b42dcdd 100644 --- a/src/lib/libssl/dtls_locl.h +++ b/src/lib/libssl/dtls_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dtls_locl.h,v 1.5 2021/08/30 19:12:25 jsing Exp $ */ | 1 | /* $OpenBSD: dtls_locl.h,v 1.6 2021/08/31 13:34:55 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -167,13 +167,6 @@ typedef struct dtls1_state_internal_st { | |||
| 167 | 167 | ||
| 168 | struct dtls1_timeout_st timeout; | 168 | struct dtls1_timeout_st timeout; |
| 169 | 169 | ||
| 170 | /* storage for Alert/Handshake protocol data received but not | ||
| 171 | * yet processed by ssl3_read_bytes: */ | ||
| 172 | unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; | ||
| 173 | unsigned int alert_fragment_len; | ||
| 174 | unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; | ||
| 175 | unsigned int handshake_fragment_len; | ||
| 176 | |||
| 177 | unsigned int retransmitting; | 170 | unsigned int retransmitting; |
| 178 | unsigned int change_cipher_spec_ok; | 171 | unsigned int change_cipher_spec_ok; |
| 179 | } DTLS1_STATE_INTERNAL; | 172 | } DTLS1_STATE_INTERNAL; |