Re: [openssl-dev] [openssl.org #4119] DTLS resets handshake hash too frequently for ClientHello

On 03/11/15 17:43, David Benjamin via RT wrote: > I'm not sure that fix quite works though. If BIO_flush completes > asynchronously Ahhh, yes good point. Updated patch attached. > (hrm, it's missing an rwstate update), Yes, just discovered that myself and then came back and reread your email

Re: [openssl-dev] [openssl.org #4119] DTLS resets handshake hash too frequently for ClientHello

On Wed, Nov 4, 2015 at 7:04 AM Matt Caswell via RT wrote: > > > On 03/11/15 17:43, David Benjamin via RT wrote: > > > I'm not sure that fix quite works though. If BIO_flush completes > > asynchronously > > Ahhh, yes good point. Updated patch attached. > > > (hrm, it's missing

Re: [openssl-dev] [openssl.org #4119] DTLS resets handshake hash too frequently for ClientHello

On 04/11/15 15:30, David Benjamin via RT wrote: > On Wed, Nov 4, 2015 at 7:04 AM Matt Caswell via RT wrote: > >> >> >> On 03/11/15 17:43, David Benjamin via RT wrote: >> >>> I'm not sure that fix quite works though. If BIO_flush completes >>> asynchronously >> >> Ahhh, yes

Re: [openssl-dev] [openssl.org #4119] DTLS resets handshake hash too frequently for ClientHello

Hi David, On 03/11/15 01:58, David Benjamin via RT wrote: > Hey folks, > > We found a small DTLS bug while writing some tests. I think it affects > 1.0.1 and 1.0.2 too, so I thought I'd send you a note. (Note sure about > master. I'm unfamiliar with the new state machine mechanism.) Just from

Re: [openssl-dev] [openssl.org #4119] DTLS resets handshake hash too frequently for ClientHello

On Tue, Nov 03, 2015 at 04:16:37PM +, Matt Caswell via RT wrote: > One other related point is that fragmenting ClientHellos is probably a > bad idea. The whole ClientHello/HelloVerifyRequest mechanism is meant to > be implemented without storing state on the server. That isn't possible > if

Re: [openssl-dev] [openssl.org #4119] DTLS resets handshake hash too frequently for ClientHello

On 03/11/15 18:28, Viktor Dukhovni wrote: > On Tue, Nov 03, 2015 at 04:16:37PM +, Matt Caswell via RT wrote: > >> One other related point is that fragmenting ClientHellos is probably a >> bad idea. The whole ClientHello/HelloVerifyRequest mechanism is meant to >> be implemented without

Re: [openssl-dev] [openssl.org #4119] DTLS resets handshake hash too frequently for ClientHello

On Tue, Nov 3, 2015 at 11:16 AM Matt Caswell via RT wrote: > Whilst investigating this I noticed another bug which is actually > probably more significant. My eyeball only look at the BoringSSL source > suggests that it is there too, so I'm not sure why you haven't seen it > in

Re: [openssl-dev] [openssl.org #4119] DTLS resets handshake hash too frequently for ClientHello

On Tue, Nov 3, 2015 at 12:42 PM David Benjamin wrote: > I'm not sure that fix quite works though. If BIO_flush completes > asynchronously (hrm, it's missing an rwstate update), then I believe you'll > be in a state where you *do* want to repeat the init_off / init_num

Re: [openssl-dev] [openssl.org #4119] DTLS resets handshake hash too frequently for ClientHello

Hi David On 03/11/15 01:58, David Benjamin via RT wrote: > Hey folks, > > We found a small DTLS bug while writing some tests. I think it affects > 1.0.1 and 1.0.2 too, so I thought I'd send you a note. (Note sure about > master. I'm unfamiliar with the new state machine mechanism.) > > In DTLS,

[openssl-dev] [openssl.org #4119] DTLS resets handshake hash too frequently for ClientHello

Hey folks, We found a small DTLS bug while writing some tests. I think it affects 1.0.1 and 1.0.2 too, so I thought I'd send you a note. (Note sure about master. I'm unfamiliar with the new state machine mechanism.) In DTLS, each ClientHello is supposed to reset the handshake hash (in case of