Fix SSL_pending() and SSL_has_pending() with DTLS (3.0)#18975
Closed
mattcaswell wants to merge 2 commits intoopenssl:openssl-3.0from
Closed
Fix SSL_pending() and SSL_has_pending() with DTLS (3.0)#18975mattcaswell wants to merge 2 commits intoopenssl:openssl-3.0from
mattcaswell wants to merge 2 commits intoopenssl:openssl-3.0from
Conversation
If app data is received before a Finished message in DTLS then we buffer it to return later. The function SSL_pending() is supposed to tell you how much processed app data we have already buffered, and SSL_has_pending() is supposed to tell you if we have any data buffered (whether processed or not, and whether app data or not). Neither SSL_pending() or SSL_has_pending() were taking account of this DTLS specific app data buffer.
If the first app data record arrives before the Finished message we should be able to buffer it and move on to the Finished message.
mattcaswell
added
approval: review pending
hlandau
approved these changes
Aug 11, 2022
hlandau
removed
the
approval: review pending
t8m
approved these changes
Aug 16, 2022
t8m
added
approval: done
openssl-machine
removed
the
approval: done
Collaborator
|
This pull request is ready to merge |
openssl-machine
added
the
approval: ready to merge
Member
|
Merged to 3.0. Thank you. |
openssl-machine
pushed a commit
that referenced
this pull request
Aug 17, 2022
If app data is received before a Finished message in DTLS then we buffer it to return later. The function SSL_pending() is supposed to tell you how much processed app data we have already buffered, and SSL_has_pending() is supposed to tell you if we have any data buffered (whether processed or not, and whether app data or not). Neither SSL_pending() or SSL_has_pending() were taking account of this DTLS specific app data buffer. Reviewed-by: Hugo Landau <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #18975)
openssl-machine
pushed a commit
that referenced
this pull request
Aug 17, 2022
If the first app data record arrives before the Finished message we should be able to buffer it and move on to the Finished message. Reviewed-by: Hugo Landau <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #18975)
kafei-cy
added a commit
to kafei-cy/Tongsuo
that referenced
this pull request
Jan 11, 2026
Include 2 commits:
Fix SSL_pending() and SSL_has_pending() with DTLS
If app data is received before a Finished message in DTLS then we buffer
it to return later. The function SSL_pending() is supposed to tell you
how much processed app data we have already buffered, and SSL_has_pending()
is supposed to tell you if we have any data buffered (whether processed or
not, and whether app data or not).
Neither SSL_pending() or SSL_has_pending() were taking account of this
DTLS specific app data buffer.
Test that swapping the first app data record with Finished msg works
If the first app data record arrives before the Finished message we should
be able to buffer it and move on to the Finished message.
(Merged from openssl/openssl#18975)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a backport of #18868 to the 3.0 branch.
If app data is received before a Finished message in DTLS then we buffer
it to return later. The function SSL_pending() is supposed to tell you
how much processed app data we have already buffered, and SSL_has_pending()
is supposed to tell you if we have any data buffered (whether processed or
not, and whether app data or not).
Neither SSL_pending() or SSL_has_pending() were taking account of this
DTLS specific app data buffer.