Don't wait for dry at the end of a handshake

For DTLS/SCTP we were waiting for a dry event during the call to tls_finish_handshake(). This function just tidies up various internal things, and after it completes the handshake is over. I can find no good reason for waiting for a dry event here, and nothing in RFC6083 suggests to me that we should need to. More importantly though it seems to be wrong. It is perfectly possible for a peer to send app data/alerts/new handshake while we are still cleaning up our handshake. If this happens then we will never get the dry event and so we cannot continue. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5084)
2025-04-06 20:20:50 +08:00 · 2018-01-16 11:26:50 +00:00 · 2018-01-16 11:26:50 +00:00 · 424afe931e
commit 424afe931e
parent 2e92af5ea5
1 changed files with 0 additions and 9 deletions
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@ -1004,15 +1004,6 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop)
    int discard;
    void (*cb) (const SSL *ssl, int type, int val) = NULL;

-#ifndef OPENSSL_NO_SCTP
-    if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-        WORK_STATE ret;
-        ret = dtls_wait_for_dry(s);
-        if (ret != WORK_FINISHED_CONTINUE)
-            return ret;
-    }
-#endif
-
    if (clearbufs) {
        if (!SSL_IS_DTLS(s)) {
            /*