90 lines
3.3 KiB
Diff
90 lines
3.3 KiB
Diff
From 01fc812cb0aafc3cfc271303b6646d1c0a86b020 Mon Sep 17 00:00:00 2001
|
|
From: Matt Caswell <matt@openssl.org>
|
|
Date: Mon, 25 Jul 2022 15:59:38 +0100
|
|
Subject: [PATCH] Fix SSL_pending() and SSL_has_pending() with DTLS
|
|
|
|
If app data is received before a Finished message in DTLS then we buffer
|
|
it to return later. The function SSL_pending() is supposed to tell you
|
|
how much processed app data we have already buffered, and SSL_has_pending()
|
|
is supposed to tell you if we have any data buffered (whether processed or
|
|
not, and whether app data or not).
|
|
|
|
Neither SSL_pending() or SSL_has_pending() were taking account of this
|
|
DTLS specific app data buffer.
|
|
|
|
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
|
(Merged from https://github.com/openssl/openssl/pull/18976)
|
|
---
|
|
ssl/record/rec_layer_s3.c | 14 +++++++++++++-
|
|
ssl/ssl_lib.c | 24 +++++++++++++++++++-----
|
|
2 files changed, 32 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
|
|
index 8249b4ace9..23cd4219e9 100644
|
|
--- a/ssl/record/rec_layer_s3.c
|
|
+++ b/ssl/record/rec_layer_s3.c
|
|
@@ -115,10 +115,22 @@ size_t ssl3_pending(const SSL *s)
|
|
if (s->rlayer.rstate == SSL_ST_READ_BODY)
|
|
return 0;
|
|
|
|
+ /* Take into account DTLS buffered app data */
|
|
+ if (SSL_IS_DTLS(s)) {
|
|
+ DTLS1_RECORD_DATA *rdata;
|
|
+ pitem *item, *iter;
|
|
+
|
|
+ iter = pqueue_iterator(s->rlayer.d->buffered_app_data.q);
|
|
+ while ((item = pqueue_next(&iter)) != NULL) {
|
|
+ rdata = item->data;
|
|
+ num += rdata->rrec.length;
|
|
+ }
|
|
+ }
|
|
+
|
|
for (i = 0; i < RECORD_LAYER_get_numrpipes(&s->rlayer); i++) {
|
|
if (SSL3_RECORD_get_type(&s->rlayer.rrec[i])
|
|
!= SSL3_RT_APPLICATION_DATA)
|
|
- return 0;
|
|
+ return num;
|
|
num += SSL3_RECORD_get_length(&s->rlayer.rrec[i]);
|
|
}
|
|
|
|
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
|
|
index 25a1a44785..47adc3211c 100644
|
|
--- a/ssl/ssl_lib.c
|
|
+++ b/ssl/ssl_lib.c
|
|
@@ -1510,12 +1510,26 @@ int SSL_has_pending(const SSL *s)
|
|
{
|
|
/*
|
|
* Similar to SSL_pending() but returns a 1 to indicate that we have
|
|
- * unprocessed data available or 0 otherwise (as opposed to the number of
|
|
- * bytes available). Unlike SSL_pending() this will take into account
|
|
- * read_ahead data. A 1 return simply indicates that we have unprocessed
|
|
- * data. That data may not result in any application data, or we may fail
|
|
- * to parse the records for some reason.
|
|
+ * processed or unprocessed data available or 0 otherwise (as opposed to the
|
|
+ * number of bytes available). Unlike SSL_pending() this will take into
|
|
+ * account read_ahead data. A 1 return simply indicates that we have data.
|
|
+ * That data may not result in any application data, or we may fail to parse
|
|
+ * the records for some reason.
|
|
*/
|
|
+
|
|
+ /* Check buffered app data if any first */
|
|
+ if (SSL_IS_DTLS(s)) {
|
|
+ DTLS1_RECORD_DATA *rdata;
|
|
+ pitem *item, *iter;
|
|
+
|
|
+ iter = pqueue_iterator(s->rlayer.d->buffered_app_data.q);
|
|
+ while ((item = pqueue_next(&iter)) != NULL) {
|
|
+ rdata = item->data;
|
|
+ if (rdata->rrec.length > 0)
|
|
+ return 1;
|
|
+ }
|
|
+ }
|
|
+
|
|
if (RECORD_LAYER_processed_read_pending(&s->rlayer))
|
|
return 1;
|
|
|
|
--
|
|
2.17.1
|
|
|