From 72647429900ee70e241e85fc58530c31ba23edc6 Mon Sep 17 00:00:00 2001 From: "js126.lee" Date: Thu, 7 Apr 2016 14:02:13 +0900 Subject: [PATCH] Fixed tinydtls bug in handshake failure This patch is to fix bug of https://gerrit.iotivity.org/gerrit/#/c/7597/. Issue : Double remove peer occur because removed peer in dtls_alert_send_from_err. Patch 1,2: Call callback function in dtls_hadle_message when dtls handshake is failed. Destroy peer in case DLTS_CT_HANDSHAKE. Change checking peer point in handle_ccs Patch 3,4: With patch 2, android-x86 build was failed. But, it is not related to this patch. So, adding just comment to re-start jenkins server. Change-Id: Ie62ba1072dcbd2948d5931ed6fd606d540c650ba Signed-off-by: js126.lee Reviewed-on: https://gerrit.iotivity.org/gerrit/7651 Reviewed-by: Chul Lee Reviewed-by: Kyungsun Cho Tested-by: jenkins-iotivity Reviewed-by: Randeep Singh --- extlibs/tinydtls/dtls.c | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/extlibs/tinydtls/dtls.c b/extlibs/tinydtls/dtls.c index ee724d7..6cf26b4 100644 --- a/extlibs/tinydtls/dtls.c +++ b/extlibs/tinydtls/dtls.c @@ -4275,7 +4275,6 @@ handle_ccs(dtls_context_t *ctx, dtls_peer_t *peer, uint8 *record_header, uint8 *data, size_t data_length) { int err; - dtls_handshake_parameters_t *handshake = peer->handshake_params; /* A CCS message is handled after a KeyExchange message was * received from the client. When security parameters have been @@ -4291,6 +4290,7 @@ handle_ccs(dtls_context_t *ctx, dtls_peer_t *peer, if (data_length < 1 || data[0] != 1) return dtls_alert_fatal_create(DTLS_ALERT_DECODE_ERROR); + dtls_handshake_parameters_t *handshake = peer->handshake_params; /* Just change the cipher when we are on the same epoch */ if (peer->role == DTLS_SERVER) { err = calculate_key_block(ctx, handshake, peer, @@ -4395,14 +4395,6 @@ static int dtls_alert_send_from_err(dtls_context_t *ctx, dtls_peer_t *peer, } if (peer) { peer->state = DTLS_STATE_CLOSING; -#ifndef WITH_CONTIKI - HASH_DEL_PEER(ctx->peers, peer); -#else /* WITH_CONTIKI */ - list_remove(ctx->peers, peer); -#endif - (void)CALL(ctx, event, &peer->session, - DTLS_ALERT_LEVEL_FATAL, DTLS_ALERT_HANDSHAKE_FAILURE); - return dtls_send_alert(ctx, peer, DTLS_ALERT_LEVEL_FATAL, DTLS_ALERT_INTERNAL_ERROR); } } @@ -4451,6 +4443,10 @@ dtls_handle_message(dtls_context_t *ctx, dtls_info("decrypt_verify() failed\n"); if (peer->state < DTLS_STATE_CONNECTED) { dtls_alert_send_from_err(ctx, peer, &peer->session, err); + + (void)CALL(ctx, event, &peer->session, + DTLS_ALERT_LEVEL_FATAL, DTLS_ALERT_HANDSHAKE_FAILURE); + peer->state = DTLS_STATE_CLOSED; /* dtls_stop_retransmission(ctx, peer); */ dtls_destroy_peer(ctx, peer, 1); @@ -4487,11 +4483,14 @@ dtls_handle_message(dtls_context_t *ctx, if (err < 0) { dtls_warn("error while handling ChangeCipherSpec message\n"); dtls_alert_send_from_err(ctx, peer, session, err); + if (peer) { + (void)CALL(ctx, event, &peer->session, + DTLS_ALERT_LEVEL_FATAL, DTLS_ALERT_HANDSHAKE_FAILURE); - /* invalidate peer */ - dtls_destroy_peer(ctx, peer, 1); - peer = NULL; - + /* invalidate peer */ + dtls_destroy_peer(ctx, peer, 1); + peer = NULL; + } return err; } break; @@ -4543,6 +4542,13 @@ dtls_handle_message(dtls_context_t *ctx, if (err < 0) { dtls_warn("error while handling handshake packet\n"); dtls_alert_send_from_err(ctx, peer, session, err); + + if (peer) { + (void)CALL(ctx, event, &peer->session, + DTLS_ALERT_LEVEL_FATAL, DTLS_ALERT_HANDSHAKE_FAILURE); + dtls_destroy_peer(ctx, peer, 1); + } + return err; } if (peer && peer->state == DTLS_STATE_CONNECTED) { -- 2.7.4