New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix SSL_pending() and SSL_has_pending() with DTLS (1.1.1) #18976
Fix SSL_pending() and SSL_has_pending() with DTLS (1.1.1) #18976
Conversation
If app data is received before a Finished message in DTLS then we buffer it to return later. The function SSL_pending() is supposed to tell you how much processed app data we have already buffered, and SSL_has_pending() is supposed to tell you if we have any data buffered (whether processed or not, and whether app data or not). Neither SSL_pending() or SSL_has_pending() were taking account of this DTLS specific app data buffer.
If the first app data record arrives before the Finished message we should be able to buffer it and move on to the Finished message.
This pull request is ready to merge |
Merged to 1.1.1. Thank you. |
If app data is received before a Finished message in DTLS then we buffer it to return later. The function SSL_pending() is supposed to tell you how much processed app data we have already buffered, and SSL_has_pending() is supposed to tell you if we have any data buffered (whether processed or not, and whether app data or not). Neither SSL_pending() or SSL_has_pending() were taking account of this DTLS specific app data buffer. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #18976)
If the first app data record arrives before the Finished message we should be able to buffer it and move on to the Finished message. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #18976)
From the commit message it seems that this change is supposed to only have an effect on DTLS,
I mean if rrec[0] is APPLICATION_DATA and rrec[1] is not, |
Pipelined data must always be of the same type, so if the first record is APPLICATION_DATA then the second must be too. |
Ah, okay, then something like an |
Yes |
If app data is received before a Finished message in DTLS then we buffer it to return later. The function SSL_pending() is supposed to tell you how much processed app data we have already buffered, and SSL_has_pending() is supposed to tell you if we have any data buffered (whether processed or not, and whether app data or not). Neither SSL_pending() or SSL_has_pending() were taking account of this DTLS specific app data buffer. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18976) (cherry picked from commit 01fc812)
If the first app data record arrives before the Finished message we should be able to buffer it and move on to the Finished message. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18976) (cherry picked from commit d87e99d)
This is a backport of #18868 to the 1.1.1 branch.
If app data is received before a Finished message in DTLS then we buffer
it to return later. The function SSL_pending() is supposed to tell you
how much processed app data we have already buffered, and SSL_has_pending()
is supposed to tell you if we have any data buffered (whether processed or
not, and whether app data or not).
Neither SSL_pending() or SSL_has_pending() were taking account of this
DTLS specific app data buffer.