Warmcat homepage andy@warmcat.com
libwebsockets
{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1752659511, "reponame":"openssl", "desc":"OpenSSL", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://warmcat.com/repo/openssl", "f":3, "items": [ {"schema":"libjg2-1", "cid":"5ce8fb3f6d93c3b61f39e66ab00fe4e3", "commit": {"type":"commit", "time": 1488476656, "time_ofs": 0, "oid_tree": { "oid": "add97239b271f4ecc41c7f1c27e63a6470432aaa", "alias": []}, "oid":{ "oid": "f7e393be4725c33739d46a58de94a06ebdc6e49d", "alias": []}, "msg": "Various fixes required to allow SSL_write/SSL_read during early data", "sig_commit": { "git_time": { "time": 1488476656, "offset": 0 }, "name": "Matt Caswell", "email": "matt@openssl.org", "md5": "10f7b441a32d5790efad9fc68cae4af2" }, "sig_author": { "git_time": { "time": 1488194397, "offset": 0 }, "name": "Matt Caswell", "email": "matt@openssl.org", "md5": "10f7b441a32d5790efad9fc68cae4af2" }}, "body": "Various fixes required to allow SSL_write/SSL_read during early data\n\nReviewed-by: Rich Salz \u003crsalz@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/2737)" , "diff": "diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c\nindex c244c3c..baeb3bb 100644\n--- a/ssl/ssl_lib.c\n+++ b/ssl/ssl_lib.c\n@@ -1650,7 +1650,6 @@ int SSL_read_early(SSL *s, void *buf, size_t num, size_t *readbytes)\n s-\u003eearly_data_state \u003d SSL_EARLY_DATA_FINISHED_READING;\n }\n *readbytes \u003d 0;\n- ossl_statem_set_in_init(s, 1);\n return SSL_READ_EARLY_FINISH;\n \n default:\n@@ -1661,7 +1660,8 @@ int SSL_read_early(SSL *s, void *buf, size_t num, size_t *readbytes)\n \n int ssl_end_of_early_data_seen(SSL *s)\n {\n- if (s-\u003eearly_data_state \u003d\u003d SSL_EARLY_DATA_READING) {\n+ if (s-\u003eearly_data_state \u003d\u003d SSL_EARLY_DATA_READING\n+ || s-\u003eearly_data_state \u003d\u003d SSL_EARLY_DATA_READ_RETRY) {\n s-\u003eearly_data_state \u003d SSL_EARLY_DATA_FINISHED_READING;\n ossl_statem_finish_early_data(s);\n return 1;\n@@ -3242,15 +3242,21 @@ int SSL_do_handshake(SSL *s)\n return -1;\n }\n \n- if (s-\u003eearly_data_state !\u003d SSL_EARLY_DATA_NONE\n- \u0026\u0026 s-\u003eearly_data_state !\u003d SSL_EARLY_DATA_FINISHED_WRITING\n- \u0026\u0026 s-\u003eearly_data_state !\u003d SSL_EARLY_DATA_FINISHED_READING\n- \u0026\u0026 s-\u003eearly_data_state !\u003d SSL_EARLY_DATA_ACCEPTING\n- \u0026\u0026 s-\u003eearly_data_state !\u003d SSL_EARLY_DATA_CONNECTING) {\n- SSLerr(SSL_F_SSL_WRITE_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);\n- return 0;\n- }\n+ if (s-\u003eearly_data_state \u003d\u003d SSL_EARLY_DATA_WRITE_RETRY\n+ || s-\u003eearly_data_state \u003d\u003d SSL_EARLY_DATA_READ_RETRY) {\n+ /*\n+ * We skip this if we were called via SSL_read_early() or\n+ * SSL_write_early()\n+ */\n+ if (s-\u003eearly_data_state \u003d\u003d SSL_EARLY_DATA_WRITE_RETRY) {\n+ int edfin;\n \n+ edfin \u003d SSL_write_early_finish(s);\n+ if (edfin \u003c\u003d 0)\n+ return edfin;\n+ }\n+ ossl_statem_set_in_init(s, 1);\n+ }\n \n s-\u003emethod-\u003essl_renegotiate_check(s, 0);\n \ndiff --git a/ssl/statem/statem.c b/ssl/statem/statem.c\nindex 50c4345..8a251ea 100644\n--- a/ssl/statem/statem.c\n+++ b/ssl/statem/statem.c\n@@ -161,7 +161,7 @@ int ossl_statem_skip_early_data(SSL *s)\n if (s-\u003estatem.hand_state !\u003d TLS_ST_SW_HELLO_RETRY_REQUEST)\n return 0;\n } else {\n- if (s-\u003estatem.hand_state !\u003d TLS_ST_SW_FINISHED)\n+ if (!s-\u003eserver || s-\u003estatem.hand_state !\u003d TLS_ST_EARLY_DATA)\n return 0;\n }\n \n@@ -171,9 +171,14 @@ int ossl_statem_skip_early_data(SSL *s)\n void ossl_statem_check_finish_init(SSL *s, int send)\n {\n if (!s-\u003eserver) {\n- if ((send \u0026\u0026 s-\u003estatem.hand_state \u003d\u003d TLS_ST_PENDING_EARLY_DATA_END)\n+ if ((send \u0026\u0026 s-\u003estatem.hand_state \u003d\u003d TLS_ST_PENDING_EARLY_DATA_END\n+ \u0026\u0026 s-\u003eearly_data_state !\u003d SSL_EARLY_DATA_WRITING)\n || (!send \u0026\u0026 s-\u003estatem.hand_state \u003d\u003d TLS_ST_EARLY_DATA))\n ossl_statem_set_in_init(s, 1);\n+ } else {\n+ if (s-\u003eearly_data_state \u003d\u003d SSL_EARLY_DATA_FINISHED_READING\n+ \u0026\u0026 s-\u003estatem.hand_state \u003d\u003d TLS_ST_EARLY_DATA)\n+ ossl_statem_set_in_init(s, 1);\n }\n }\n \n@@ -339,9 +344,7 @@ static int state_machine(SSL *s, int server)\n goto end;\n }\n \n- if ((SSL_IS_FIRST_HANDSHAKE(s)\n- \u0026\u0026 s-\u003eearly_data_state !\u003d SSL_EARLY_DATA_FINISHED_WRITING\n- \u0026\u0026 s-\u003eearly_data_state !\u003d SSL_EARLY_DATA_FINISHED_READING)\n+ if ((SSL_in_before(s))\n || s-\u003erenegotiate) {\n if (!tls_setup_handshake(s)) {\n ossl_statem_set_error(s);\n@@ -746,8 +749,17 @@ static SUB_STATE_RETURN write_state_machine(SSL *s)\n case WORK_FINISHED_STOP:\n return SUB_STATE_END_HANDSHAKE;\n }\n+ if (!get_construct_message_f(s, \u0026pkt, \u0026confunc, \u0026mt)) {\n+ ossl_statem_set_error(s);\n+ return SUB_STATE_ERROR;\n+ }\n+ if (mt \u003d\u003d SSL3_MT_DUMMY) {\n+ /* Skip construction and sending. This isn't a \u0022real\u0022 state */\n+ st-\u003ewrite_state \u003d WRITE_STATE_POST_WORK;\n+ st-\u003ewrite_state_work \u003d WORK_MORE_A;\n+ break;\n+ }\n if (!WPACKET_init(\u0026pkt, s-\u003einit_buf)\n- || !get_construct_message_f(s, \u0026pkt, \u0026confunc, \u0026mt)\n || !ssl_set_handshake_header(s, \u0026pkt, mt)\n || (confunc !\u003d NULL \u0026\u0026 !confunc(s, \u0026pkt))\n || !ssl_close_construct_packet(s, \u0026pkt, mt)\ndiff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c\nindex 9a29ab5..b11cd19 100644\n--- a/ssl/statem/statem_clnt.c\n+++ b/ssl/statem/statem_clnt.c\n@@ -1514,8 +1514,6 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)\n if (SSL_IS_TLS13(s)\n \u0026\u0026 (!s-\u003emethod-\u003essl3_enc-\u003esetup_key_block(s)\n || !s-\u003emethod-\u003essl3_enc-\u003echange_cipher_state(s,\n- SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE)\n- || !s-\u003emethod-\u003essl3_enc-\u003echange_cipher_state(s,\n SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_READ))) {\n al \u003d SSL_AD_INTERNAL_ERROR;\n SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_CANNOT_CHANGE_CIPHER);\n@@ -3272,11 +3270,22 @@ int tls_construct_client_certificate(SSL *s, WPACKET *pkt)\n : s-\u003ecert-\u003ekey,\n \u0026al)) {\n SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);\n- ssl3_send_alert(s, SSL3_AL_FATAL, al);\n- return 0;\n+ goto err;\n+ }\n+\n+ if (SSL_IS_TLS13(s)\n+ \u0026\u0026 SSL_IS_FIRST_HANDSHAKE(s)\n+ \u0026\u0026 (!s-\u003emethod-\u003essl3_enc-\u003echange_cipher_state(s,\n+ SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {\n+ SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE,\n+ SSL_R_CANNOT_CHANGE_CIPHER);\n+ goto err;\n }\n \n return 1;\n+ err:\n+ ssl3_send_alert(s, SSL3_AL_FATAL, al);\n+ return 0;\n }\n \n #define has_bits(i,m) (((i)\u0026(m)) \u003d\u003d (m))\ndiff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c\nindex 595d7c1..32bcad4 100644\n--- a/ssl/statem/statem_lib.c\n+++ b/ssl/statem/statem_lib.c\n@@ -442,6 +442,23 @@ int tls_construct_finished(SSL *s, WPACKET *pkt)\n const char *sender;\n size_t slen;\n \n+ /* This is a real handshake so make sure we clean it up at the end */\n+ if (!s-\u003eserver)\n+ s-\u003estatem.cleanuphand \u003d 1;\n+\n+ /*\n+ * We only change the keys if we didn't already do this when we sent the\n+ * client certificate\n+ */\n+ if (SSL_IS_TLS13(s)\n+ \u0026\u0026 !s-\u003eserver\n+ \u0026\u0026 s-\u003es3-\u003etmp.cert_req \u003d\u003d 0\n+ \u0026\u0026 (!s-\u003emethod-\u003essl3_enc-\u003echange_cipher_state(s,\n+ SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {\n+ SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, SSL_R_CANNOT_CHANGE_CIPHER);\n+ goto err;\n+ }\n+\n if (s-\u003eserver) {\n sender \u003d s-\u003emethod-\u003essl3_enc-\u003eserver_finished_label;\n slen \u003d s-\u003emethod-\u003essl3_enc-\u003eserver_finished_label_len;\n@@ -656,7 +673,8 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)\n \n \n /* This is a real handshake so make sure we clean it up at the end */\n- s-\u003estatem.cleanuphand \u003d 1;\n+ if (s-\u003eserver)\n+ s-\u003estatem.cleanuphand \u003d 1;\n \n /* If this occurs, we have missed a message */\n if (!SSL_IS_TLS13(s) \u0026\u0026 !s-\u003es3-\u003echange_cipher_spec) {\ndiff --git a/ssl/statem/statem_locl.h b/ssl/statem/statem_locl.h\nindex eb80b71..c52ce2b 100644\n--- a/ssl/statem/statem_locl.h\n+++ b/ssl/statem/statem_locl.h\n@@ -53,6 +53,9 @@\n #define EXT_TLS1_3_CERTIFICATE 0x0800\n #define EXT_TLS1_3_NEW_SESSION_TICKET 0x1000\n \n+/* Dummy message type */\n+#define SSL3_MT_DUMMY -1\n+\n /* Message processing return codes */\n typedef enum {\n /* Something bad happened */\ndiff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c\nindex 9d15252..7414c19 100644\n--- a/ssl/statem/statem_srvr.c\n+++ b/ssl/statem/statem_srvr.c\n@@ -413,10 +413,6 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s)\n return WRITE_TRAN_ERROR;\n \n case TLS_ST_OK:\n- if (s-\u003eearly_data_state \u003d\u003d SSL_EARLY_DATA_FINISHED_READING) {\n- st-\u003ehand_state \u003d TLS_ST_SW_FINISHED;\n- return WRITE_TRAN_FINISHED;\n- }\n if (s-\u003ekey_update !\u003d SSL_KEY_UPDATE_NONE) {\n st-\u003ehand_state \u003d TLS_ST_SW_KEY_UPDATE;\n return WRITE_TRAN_CONTINUE;\n@@ -461,11 +457,8 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s)\n return WRITE_TRAN_CONTINUE;\n \n case TLS_ST_SW_FINISHED:\n- if (s-\u003eearly_data_state \u003d\u003d SSL_EARLY_DATA_ACCEPTING) {\n- st-\u003ehand_state \u003d TLS_ST_EARLY_DATA;\n- return WRITE_TRAN_CONTINUE;\n- }\n- return WRITE_TRAN_FINISHED;\n+ st-\u003ehand_state \u003d TLS_ST_EARLY_DATA;\n+ return WRITE_TRAN_CONTINUE;\n \n case TLS_ST_EARLY_DATA:\n return WRITE_TRAN_FINISHED;\n@@ -708,6 +701,10 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst)\n return WORK_FINISHED_CONTINUE;\n \n case TLS_ST_EARLY_DATA:\n+ if (s-\u003eearly_data_state !\u003d SSL_EARLY_DATA_ACCEPTING)\n+ return WORK_FINISHED_CONTINUE;\n+ /* Fall through */\n+\n case TLS_ST_OK:\n return tls_finish_handshake(s, wst, 1);\n }\n@@ -952,6 +949,11 @@ int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt,\n *mt \u003d SSL3_MT_FINISHED;\n break;\n \n+ case TLS_ST_EARLY_DATA:\n+ *confunc \u003d NULL;\n+ *mt \u003d SSL3_MT_DUMMY;\n+ break;\n+\n case TLS_ST_SW_ENCRYPTED_EXTENSIONS:\n *confunc \u003d tls_construct_encrypted_extensions;\n *mt \u003d SSL3_MT_ENCRYPTED_EXTENSIONS;\ndiff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c\nindex db8de1d..47d23bd 100644\n--- a/ssl/tls13_enc.c\n+++ b/ssl/tls13_enc.c\n@@ -430,15 +430,15 @@ int tls13_change_cipher_state(SSL *s, int which)\n labellen \u003d sizeof(client_handshake_traffic) - 1;\n log_label \u003d CLIENT_HANDSHAKE_LABEL;\n /*\n- * The hanshake hash used for the server read handshake traffic\n- * secret is the same as the hash for the server write handshake\n- * traffic secret. However, if we processed early data then we delay\n- * changing the server read cipher state until later, and the\n- * handshake hashes have moved on. Therefore we use the value saved\n- * earlier when we did the server write change cipher state.\n+ * The hanshake hash used for the server read/client write handshake\n+ * traffic secret is the same as the hash for the server\n+ * write/client read handshake traffic secret. However, if we\n+ * processed early data then we delay changing the server\n+ * read/client write cipher state until later, and the handshake\n+ * hashes have moved on. Therefore we use the value saved earlier\n+ * when we did the server write/client read change cipher state.\n */\n- if (s-\u003eserver)\n- hash \u003d s-\u003ehandshake_traffic_hash;\n+ hash \u003d s-\u003ehandshake_traffic_hash;\n } else {\n insecret \u003d s-\u003emaster_secret;\n label \u003d client_application_traffic;\n@@ -486,7 +486,7 @@ int tls13_change_cipher_state(SSL *s, int which)\n if (label \u003d\u003d server_application_traffic)\n memcpy(s-\u003eserver_finished_hash, hashval, hashlen);\n \n- if (s-\u003eserver \u0026\u0026 label \u003d\u003d server_handshake_traffic)\n+ if (label \u003d\u003d server_handshake_traffic)\n memcpy(s-\u003ehandshake_traffic_hash, hashval, hashlen);\n \n if (label \u003d\u003d client_application_traffic) {\n","s":{"c":1752659511,"u": 41564}} ],"g": 44154,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}