Skip to content
  1. Sep 23, 2015
    • Matt Caswell's avatar
      DTLSv1_listen rewrite · e3d0dae7
      Matt Caswell authored 
      

The existing implementation of DTLSv1_listen() is fundamentally flawed. This
function is used in DTLS solutions to listen for new incoming connections
from DTLS clients. A client will send an initial ClientHello. The server
will respond with a HelloVerifyRequest containing a unique cookie. The
client the responds with a second ClientHello - which this time contains the
cookie.

Once the cookie has been verified then DTLSv1_listen() returns to user code,
which is typically expected to continue the handshake with a call to (for
example) SSL_accept().

Whilst listening for incoming ClientHellos, the underlying BIO is usually in
an unconnected state. Therefore ClientHellos can come in from *any* peer.
The arrival of the first ClientHello without the cookie, and the second one
with it, could be interspersed with other intervening messages from
different clients.

The whole purpose of this mechanism is as a defence against DoS attacks. The
idea is to avoid allocating state on the server until the client has
verified that it is capable of receiving messages at the address it claims
to come from. However the existing DTLSv1_listen() implementation completely
fails to do this. It attempts to super-impose itself on the standard state
machine and reuses all of this code. However the standard state machine
expects to operate in a stateful manner with a single client, and this can
cause various problems.

A second more minor issue is that the return codes from this function are
quite confused, with no distinction made between fatal and non-fatal errors.
Most user code treats all errors as non-fatal, and simply retries the call
to DTLSv1_listen().

This commit completely rewrites the implementation of DTLSv1_listen() and
provides a stand alone implementation that does not rely on the existing
state machine. It also provides more consistent return codes.

Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      e3d0dae7
    • Matt Caswell's avatar
      Add BIO_CTRL_DGRAM_SET_PEEK_MODE · 01b7851a
      Matt Caswell authored 
      

Add the ability to peek at a message from the DTLS read BIO. This is needed
for the DTLSv1_listen rewrite.

Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      01b7851a
  3. Sep 22, 2015
  5. Sep 21, 2015
    • David Woodhouse's avatar
      RT3479: Add UTF8 support to BIO_read_filename() · ff03599a
      David Woodhouse authored 
      

If we use BIO_new_file(), on Windows it'll jump through hoops to work
around their unusual charset/Unicode handling. it'll convert a UTF-8
filename to UCS-16LE and attempt to use _wfopen().

If you use BIO_read_filename(), it doesn't do this. Shouldn't it be
consistent?

It would certainly be nice if SSL_use_certificate_chain_file() worked.

Also made BIO_C_SET_FILENAME work (rsalz)

Signed-off-by: default avatarRich Salz <rsalz@akamai.com>
Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      ff03599a
    • Gunnar Kudrjavets's avatar
      RT3823: Improve the robustness of event logging · 4cd94416
      Gunnar Kudrjavets authored 
      

There are a couple of minor fixes here:

1) Handle the case when RegisterEventSource() fails (which it may for
various reasons) and do the work of logging the event only if it succeeds.

2) Handle the case when ReportEvent() fails and do our best in debug builds
to at least attempt somehow indicate that something has gone wrong. The
typical situation would be someone running tools like DbMon, DBWin32,
DebugView or just having the debugger attached. The intent is to make sure
that at least some data will be captured so that we can save hours and days
of debugging time.

3) Minor fix to change the MessageBox() flag to MB_ICONERROR. Though the
value of MB_ICONERROR is the same value as MB_ICONSTOP, the intent is
better conveyed by using MB_ICONERROR.

Testing performed:

1) Clean compilation for debug-VC-WIN32 and VC-WIN32.

2) Good test results (nmake -f ms\ntdll.mak test) for debug-VC-WIN32 and
VC-WIN32.

3) Stepped through relevant changes using WinDBG and exercised the impacted
code paths.

Signed-off-by: default avatarRich Salz <rsalz@akamai.com>
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      4cd94416