Fix DTLSv1_listen() sequence numbers (7321d794) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Commit 7321d794 authored Mar 13, 2017 by

Matt Caswell

Fix DTLSv1_listen() sequence numbers



DTLSv1_listen() is stateless. We never increment the record read sequence
while listening, and we reflect the incoming record's sequence number in our
write sequence.

The logic for doing the write sequence reflection was *after* we had
finished processing the incoming ClientHello and before we write the
ServerHello. In the normal course of events this is fine. However if we
need to write an early alert during ClientHello processing (e.g. no shared
cipher), then we haven't done the write sequence reflection yet. This means
the alert gets written with the wrong sequence number (it will just be set
to whatever value we left it in the last time we wrote something). If the
sequence number is less than expected then the client will believe that the
incoming alert is a retransmit and will therefore drop it, causing the
client to hang waiting for a response from the server.

Fixes #2886

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openss...

parent c4bfccff

Hide whitespace changes

Inline Side-by-side

Please register or to comment