Enable the cookie callbacks to work even in TLS in the apps

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4435)
This commit is contained in:
Matt Caswell 2017-09-12 16:19:09 +01:00
parent 43054d3d73
commit 10ee724612
3 changed files with 33 additions and 12 deletions

View file

@ -46,6 +46,8 @@ extern BIO *bio_out;
extern BIO *bio_err;
extern const unsigned char tls13_aes128gcmsha256_id[];
extern const unsigned char tls13_aes256gcmsha384_id[];
extern BIO_ADDR *ourpeer;
BIO *dup_bio_in(int format);
BIO *dup_bio_out(int format);
BIO *dup_bio_err(int format);

View file

@ -686,9 +686,9 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
unsigned int *cookie_len)
{
unsigned char *buffer;
size_t length;
size_t length = 0;
unsigned short port;
BIO_ADDR *peer = NULL;
BIO_ADDR *lpeer = NULL, *peer = NULL;
/* Initialize a random secret */
if (!cookie_initialized) {
@ -699,7 +699,8 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
cookie_initialized = 1;
}
peer = BIO_ADDR_new();
if (SSL_is_dtls(ssl)) {
lpeer = peer = BIO_ADDR_new();
if (peer == NULL) {
BIO_printf(bio_err, "memory full\n");
return 0;
@ -707,9 +708,15 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
/* Read peer information */
(void)BIO_dgram_get_peer(SSL_get_rbio(ssl), peer);
} else {
peer = ourpeer;
}
/* Create buffer with peer's address and port */
BIO_ADDR_rawaddress(peer, NULL, &length);
if (!BIO_ADDR_rawaddress(peer, NULL, &length)) {
BIO_printf(bio_err, "Failed getting peer address\n");
return 0;
}
OPENSSL_assert(length != 0);
port = BIO_ADDR_rawport(peer);
length += sizeof(port);
@ -723,7 +730,7 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
buffer, length, cookie, cookie_len);
OPENSSL_free(buffer);
BIO_ADDR_free(peer);
BIO_ADDR_free(lpeer);
return 1;
}

View file

@ -35,6 +35,9 @@ typedef unsigned int u_int;
# include <openssl/bio.h>
# include <openssl/err.h>
/* Keep track of our peer's address for the cookie callback */
BIO_ADDR *ourpeer = NULL;
/*
* init_client - helper routine to set up socket communication
* @sock: pointer to storage of resulting socket.
@ -212,8 +215,15 @@ int do_server(int *accept_sock, const char *host, const char *port,
*accept_sock = asock;
for (;;) {
if (type == SOCK_STREAM) {
BIO_ADDR_free(ourpeer);
ourpeer = BIO_ADDR_new();
if (ourpeer == NULL) {
BIO_closesocket(asock);
ERR_print_errors(bio_err);
goto end;
}
do {
sock = BIO_accept_ex(asock, NULL, 0);
sock = BIO_accept_ex(asock, ourpeer, 0);
} while (sock < 0 && BIO_sock_should_retry(sock));
if (sock < 0) {
ERR_print_errors(bio_err);
@ -264,6 +274,8 @@ int do_server(int *accept_sock, const char *host, const char *port,
if (family == AF_UNIX)
unlink(host);
# endif
BIO_ADDR_free(ourpeer);
ourpeer = NULL;
return ret;
}