Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix HRR with early_data #3933

Closed
wants to merge 2 commits into from
Closed

Fix HRR with early_data #3933

wants to merge 2 commits into from

Conversation

mattcaswell
Copy link
Member

Early Data after an HRR is not allowed. We failed to handle that scenario correctly (s_client would hang). This fixes it and adds a test.

I swear this used to work!!

Checklist
  • tests are added or updated

@mattcaswell
Fix early_data with an HRR
779f891 
early_data is not allowed after an HRR. We failed to handle that
correctly.
@mattcaswell
Add a test for early_data when an HRR occurs
8148128
@mattcaswell mattcaswell mentioned this pull request Jul 14, 2017
Closed
2 tasks
kaduk
kaduk reviewed Jul 14, 2017
View reviewed changes
ssl/statem/statem.c
@@ -157,13 +157,8 @@ int ossl_statem_skip_early_data(SSL *s)
if (s->ext.early_data != SSL_EARLY_DATA_REJECTED)
return 0;

if (s->hello_retry_request) {
if (s->statem.hand_state != TLS_ST_SW_HELLO_RETRY_REQUEST)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider the case

ClientHello---------------->
stream EarlyData-------->
<-------------------HelloRetryRequest
still have some EarlyData in flight------->
ClientHello2--------------->
<-------------------ServerHello

Since the network is not instantaneous, we still need to be able to skip over early data records until we receive another handshake record. (See the list of three behaviors in section 4.2.9 of draft-21.)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, in fact, the server sends the HRR immediately after processing the ClientHello. So from a server's perspective all early data records arrive afterwards (as if they had still be in flight). This PR is all about skipping early data records after HRR. We now handle it in a manner consistent with how we handle early data if there is no HRR, i.e. we enter the special TLS_ST_EARLY_DATA state. This means that the ossl_statem_skip_early_data() function no longer needs to special case an HRR.

kaduk
kaduk reviewed Jul 14, 2017
View reviewed changes
test/sslapitest.c
*/
if (!TEST_true(SSL_SESSION_set_time(sess, time(NULL) - 20)))
goto end;
}

/* Write some early data */
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should probably add a test case that explicitly sends another early data record after receiving a HRR but before sending CH2, to simulate the "packets already in flight" behavior.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As noted above all early data packets are processed after HRR anyway, so I'm not sure if this would gain us much.

@mattcaswell
Copy link
Member Author

Ping @kaduk

kaduk
kaduk approved these changes Jul 18, 2017
View reviewed changes
ssl/statem/statem_srvr.c
@@ -397,7 +396,8 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s)
return WRITE_TRAN_CONTINUE;

case TLS_ST_SW_HELLO_RETRY_REQUEST:
return WRITE_TRAN_FINISHED;
st->hand_state = TLS_ST_EARLY_DATA;
return WRITE_TRAN_CONTINUE;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This becomes CONTINUE instead of FINISHED so that we hit the post-work that flushes the state machine? (Our write transition from TLS_ST_EARLY_DATA just returns WRITE_TRAN_FINISHED having done no work.)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is some pre-work for the early-data state which gets invoked.

@mattcaswell
Copy link
Member Author

Pushed. Thanks.

levitte pushed a commit that referenced this pull request Jul 18, 2017
@mattcaswell
Fix early_data with an HRR
d4504fe 
early_data is not allowed after an HRR. We failed to handle that
correctly.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from #3933)
levitte pushed a commit that referenced this pull request Jul 18, 2017
@mattcaswell
Add a test for early_data when an HRR occurs
6b84e6b 
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from #3933)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kaduk kaduk kaduk approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@mattcaswell @kaduk