From f6d6e3082077fea70b5559a60994c1f847172211 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 7 Nov 2018 11:57:51 +0000 Subject: [PATCH] Fix incomplete assertion in ssl_write_handshake_msg() ssl_write_handshake_msg() includes the assertion that `ssl->handshake != NULL` when handling a record which is (a) a handshake message, and NOT (b) a HelloRequest. However, it later calls `ssl_append_flight()` for any record different from a HelloRequest handshake record, that is, records satisfying !(a) || !(b), instead of (a) && !(b) as covered by the assertion (specifically, CCS or Alert records). Since `ssl_append_flight()` assumes that `ssl->handshake != NULL`, this rightfully triggers static analyzer warnings. This commit expands the scope of the assertion to check that `ssl->handshake != NULL` for any record which is not a HelloRequest. --- library/ssl_tls.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 82e65251f..4dd291052 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3200,8 +3200,10 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) } } - if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST && + /* Whenever we send anything different from a + * HelloRequest we should be in a handshake - double check. */ + if( ! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && + hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST ) && ssl->handshake == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); @@ -3295,8 +3297,8 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) /* Either send now, or just save to be sent (and resent) later */ #if defined(MBEDTLS_SSL_PROTO_DTLS) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE || - hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) ) + ! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && + hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST ) ) { if( ( ret = ssl_flight_append( ssl ) ) != 0 ) {