Fix incomplete assertion in ssl_write_handshake_msg()

ssl_write_handshake_msg() includes the assertion that
`ssl->handshake != NULL` when handling a record which is
(a) a handshake message, and NOT
(b) a HelloRequest.
However, it later calls `ssl_append_flight()` for any
record different from a HelloRequest handshake record,
that is, records satisfying !(a) || !(b), instead of
(a) && !(b) as covered by the assertion (specifically,
CCS or Alert records).

Since `ssl_append_flight()` assumes that `ssl->handshake != NULL`,
this rightfully triggers static analyzer warnings.

This commit expands the scope of the assertion to check
that `ssl->handshake != NULL` for any record which is not
a HelloRequest.
This commit is contained in:
Hanno Becker 2018-11-07 11:57:51 +00:00
parent 06f88e9c42
commit f6d6e30820

View File

@ -3200,8 +3200,10 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
} }
} }
if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && /* Whenever we send anything different from a
hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST && * HelloRequest we should be in a handshake - double check. */
if( ! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST ) &&
ssl->handshake == NULL ) ssl->handshake == NULL )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
@ -3295,8 +3297,8 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
/* Either send now, or just save to be sent (and resent) later */ /* Either send now, or just save to be sent (and resent) later */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE || ! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) ) hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST ) )
{ {
if( ( ret = ssl_flight_append( ssl ) ) != 0 ) if( ( ret = ssl_flight_append( ssl ) ) != 0 )
{ {