openssl/ssl
Matt Caswell d1bfd8076e Buffer a ClientHello with a cookie received via DTLSv1_listen
Previously when a ClientHello arrives with a valid cookie using
DTLSv1_listen() we only "peeked" at the message and left it on the
underlying fd. This works fine for single threaded applications but for
multi-threaded apps this does not work since the fd is typically reused for
the server thread, while a new fd is created and connected for the client.
By "peeking" we leave the message on the server fd, and consequently we
think we've received another valid ClientHello and so we create yet another
fd for the client, and so on until we run out of fds.

In this new approach we remove the ClientHello and buffer it in the SSL
object.

Fixes #6934

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/7375)

(cherry picked from commit 079ef6bd53)
2018-10-19 14:29:52 +01:00
..
record Buffer a ClientHello with a cookie received via DTLSv1_listen 2018-10-19 14:29:52 +01:00
statem Fix a DTLS memory leak 2018-10-19 14:19:22 +01:00
bio_ssl.c Add comments to NULL func ptrs in bio_method_st 2017-12-18 07:04:48 +10:00
build.info Move ssl/t1_ext.c to ssl/statem/extensions_cust.c 2017-04-07 13:41:04 +01:00
d1_lib.c Buffer a ClientHello with a cookie received via DTLSv1_listen 2018-10-19 14:29:52 +01:00
d1_msg.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
d1_srtp.c Move client parsing of ServerHello extensions into new framework 2016-12-08 17:18:25 +00:00
methods.c Drop support for OPENSSL_NO_TLS1_3_METHOD 2017-06-30 09:41:46 +01:00
packet.c Update copyright year 2018-04-17 15:18:40 +02:00
packet_locl.h Update copyright year 2018-09-11 13:45:17 +01:00
pqueue.c Use void in all function definitions that do not take any arguments 2018-05-11 14:37:48 +02:00
s3_cbc.c Fix tls_cbc_digest_record is slow using SHA-384 and short messages 2018-10-19 08:32:44 +10:00
s3_enc.c ssl/s3_enc.c: fix logical errors in ssl3_final_finish_mac. 2018-10-12 21:04:49 +02:00
s3_lib.c Fix a mem leak on error in the PSK code 2018-08-30 09:50:29 +08:00
s3_msg.c Update copyright year 2018-02-13 13:59:25 +00:00
ssl_asn1.c Don't use OPENSSL_strdup() for copying alpn_selected 2018-06-21 11:07:45 +01:00
ssl_cert.c Rename SSL[_CTX]_add1_CA_list -> SSL[_CTX]_add1_to_CA_list 2018-09-03 13:10:17 +02:00
ssl_cert_table.h Update copyright year 2018-03-20 13:08:46 +00:00
ssl_ciph.c ssl/ssl_ciph.c: make set_ciphersuites static 2018-09-18 09:33:09 +02:00
ssl_conf.c Add the ability to configure anti-replay via SSL_CONF 2018-07-02 15:06:12 +01:00
ssl_err.c Fix some TLSv1.3 alert issues 2018-07-31 09:31:50 +01:00
ssl_init.c Fix setting of ssl_strings_inited. 2018-08-07 15:08:03 -04:00
ssl_lib.c Reset TLS 1.3 ciphers in SSL_CTX_set_ssl_version() 2018-09-19 17:02:36 -05:00
ssl_locl.h Fix no-psk 2018-10-15 15:23:52 +01:00
ssl_mcnf.c Move the loading of the ssl_conf module to libcrypto 2018-04-05 15:30:12 +01:00
ssl_rsa.c Update copyright year 2018-03-20 13:08:46 +00:00
ssl_sess.c ssl/*: switch to switch to Thread-Sanitizer-friendly primitives. 2018-08-07 09:08:23 +02:00
ssl_stat.c Merge HRR into ServerHello 2017-12-14 15:06:37 +00:00
ssl_txt.c Address coverity-reported NULL dereference in SSL_SESSION_print() 2018-07-01 18:20:11 -05:00
ssl_utst.c
t1_enc.c Ensure that we write out alerts correctly after early_data 2018-08-08 10:16:58 +01:00
t1_lib.c Don't use an RSA-PSS cert for RSA key exchange 2018-09-04 11:28:01 +01:00
t1_trce.c Fix ssl/t1_trce.c to parse certificate chains 2018-09-01 08:58:42 +08:00
tls13_enc.c Reduce stack usage in tls13_hkdf_expand 2018-09-24 16:01:48 +02:00
tls_srp.c Use the private RNG for data that is not public 2018-04-02 22:22:43 +02:00