openssl/ssl
Matt Caswell f42e68dc47 Defer Finished MAC handling until after state transition
In TLS we process received messages like this:

1) Read Message Header
2) Validate and transition state based on received message type
3) Read Message Body
4) Process Message

In DTLS we read messages like this:

1) Read Message Header and Body
2) Validate and transition state based on received message type
3) Process Message

The difference is because of the stream vs datagram semantics of the
underlying transport.

In both TLS and DTLS we were doing finished MAC processing as part of
reading the message body. This means that in DTLS this was occurring
*before* the state transition has been validated. A crash was occurring
in DTLS if a Finished message was sent in an invalid state due to
assumptions in the code that certain variables would have been setup by
the time a Finished message arrives.

To avoid this problem we shift the finished MAC processing to be after
the state transition in DTLS.

Thanks to github user @bathooman for reporting this issue.

Fixes #14906

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14930)
2021-04-28 16:23:08 +01:00
..
record Update copyright year 2021-04-22 14:38:44 +01:00
statem Defer Finished MAC handling until after state transition 2021-04-28 16:23:08 +01:00
bio_ssl.c Update copyright year 2021-04-08 13:04:41 +01:00
build.info Modify the ERR init functions to use the internal ERR string loaders 2020-11-24 15:21:44 +01:00
d1_lib.c Update copyright year 2021-01-28 13:54:57 +01:00
d1_msg.c Update copyright year 2020-11-26 14:18:57 +00:00
d1_srtp.c Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call 2020-11-11 12:12:11 +01:00
ktls.c Only enable KTLS if it is explicitly configured 2021-04-12 11:32:05 +01:00
methods.c
pqueue.c Update copyright year 2020-11-26 14:18:57 +00:00
s3_cbc.c TLS fixes for CBC mode and no-deprecated 2020-09-09 17:59:08 +10:00
s3_enc.c Remove all OPENSSL_NO_XXX from libssl where XXX is a crypto alg 2021-02-05 15:22:43 +00:00
s3_lib.c OBJ_nid2sn(NID_sha256) is completely equivalent to OSSL_DIGEST_NAME_SHA2_256 2021-04-01 14:39:53 +02:00
s3_msg.c Update copyright year 2020-11-26 14:18:57 +00:00
ssl_asn1.c Update copyright year 2020-11-26 14:18:57 +00:00
ssl_cert_table.h
ssl_cert.c Fix NULL access in ssl_build_cert_chain() when ctx is NULL. 2021-03-03 16:16:19 +10:00
ssl_ciph.c ssl: fix problem where MAC IDs were globally cached. 2021-03-30 18:59:42 +02:00
ssl_conf.c Only enable KTLS if it is explicitly configured 2021-04-12 11:32:05 +01:00
ssl_err_legacy.c Modify the ERR init functions to use the internal ERR string loaders 2020-11-24 15:21:44 +01:00
ssl_err.c Remove OPENSSL_NO_EC guards from libssl 2021-02-05 15:22:43 +00:00
ssl_init.c Modify the ERR init functions to use the internal ERR string loaders 2020-11-24 15:21:44 +01:00
ssl_lib.c Handle set_alpn_protos inputs better. 2021-04-13 12:29:37 +02:00
ssl_local.h ssl: fix problem where MAC IDs were globally cached. 2021-03-30 18:59:42 +02:00
ssl_mcnf.c SSL: refactor all SSLfatal() calls 2020-11-11 12:12:23 +01:00
ssl_rsa_legacy.c Deprecate RSA harder 2020-11-18 23:38:34 +01:00
ssl_rsa.c ssl: coverity 1465527 - dereference after null check 2021-03-20 10:18:32 +10:00
ssl_sess.c Update copyright year 2021-04-08 13:04:41 +01:00
ssl_stat.c
ssl_txt.c Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call 2020-11-11 12:12:11 +01:00
ssl_utst.c
sslerr.h Make supported_groups code independent of EC and DH 2021-02-05 15:20:37 +00:00
t1_enc.c Only enable KTLS if it is explicitly configured 2021-04-12 11:32:05 +01:00
t1_lib.c Fix some TODO(3.0) occurrences in ssl/t1_lib.c 2021-04-19 10:39:12 +01:00
t1_trce.c Update copyright year 2021-02-18 15:05:17 +00:00
tls13_enc.c Only enable KTLS if it is explicitly configured 2021-04-12 11:32:05 +01:00
tls_depr.c Remove OPENSSL_NO_DH guards from libssl 2021-02-05 15:20:36 +00:00
tls_srp.c Update copyright year 2021-02-18 15:05:17 +00:00