No patch for this one since I'm not that familiar with your state machine. If the peer sends handshake messages fragmented across records such that the handshake message header is split over two records AND the two records are received in different steps asynchronously, OpenSSL fails to reassemble the message.
This is because every iteration through the READ_STATE_HEADER step in read_state_machine resets s->init_num. https://github.com/openssl/openssl/blob/0d4fb8439092ff8253af72ac6bc193e77ebbcf2f/ssl/statem/statem.c#L550 Instead, it should only get reset once between messages. The Basic-Server-Async-SplitHandshakeRecords test in BoringSSL's test suite can be used to repro this: https://mta.openssl.org/pipermail/openssl-dev/2016-March/005779.html (Also most other tests that say Async and SplitHandshakeRecords in them.) David -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4394 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
