From 5b3a2b854eb537b07127bd6d369521d2f525f6c0 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Tue, 16 May 2017 14:59:39 +0200
Subject: dtls: Ask for next DTLS record when disregarding future packet

---
 lib/ssl/src/dtls_connection.erl | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

(limited to 'lib')

diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl
index f078b87bce..01621c68c6 100644
--- a/lib/ssl/src/dtls_connection.erl
+++ b/lib/ssl/src/dtls_connection.erl
@@ -753,28 +753,30 @@ next_event(connection = StateName, no_record,
 	    {State, MoreActions} = send_handshake_flight(State1, Epoch),
 	    {next_state, StateName, State, Actions ++ MoreActions};
 	{#ssl_tls{epoch = _Epoch,
-		  version = _Version}, State} ->
+		  version = _Version}, State1} ->
 	    %% TODO maybe buffer later epoch
-	    {next_state, StateName, State, Actions};
+            {Record, State} = next_record(State1),
+            next_event(StateName, Record, State, Actions); 
 	{#alert{} = Alert, State} ->
 	    {next_state, StateName, State, [{next_event, internal, Alert} | Actions]}
     end;
 next_event(StateName, Record, 
-	   #state{connection_states = #{current_read := #{epoch := CurrentEpoch}}} = State, Actions) ->
+	   #state{connection_states = #{current_read := #{epoch := CurrentEpoch}}} = State0, Actions) ->
     case Record of
 	no_record ->
-	    {next_state, StateName, State, Actions};
+	    {next_state, StateName, State0, Actions};
 	#ssl_tls{epoch = CurrentEpoch,
 		  version = Version} = Record ->
 	    {next_state, StateName, 
-	     dtls_version(StateName, Version, State), 
+	     dtls_version(StateName, Version, State0), 
 	     [{next_event, internal, {protocol_record, Record}} | Actions]};
 	#ssl_tls{epoch = _Epoch,
 		 version = _Version} = _Record ->
 	    %% TODO maybe buffer later epoch
-	    {next_state, StateName, State, Actions};
+            {Record, State} = next_record(State0),
+            next_event(StateName, Record, State, Actions); 
 	#alert{} = Alert ->
-	    {next_state, StateName, State, [{next_event, internal, Alert} | Actions]}
+	    {next_state, StateName, State0, [{next_event, internal, Alert} | Actions]}
     end.
 
 decode_cipher_text(#state{protocol_buffers = #protocol_buffers{dtls_cipher_texts = [ CT | Rest]} = Buffers,
-- 
cgit v1.2.3


From 5732ccaa4a58e80322aeebddd992892326940da5 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Thu, 18 May 2017 11:34:15 +0200
Subject: dtls: Check for retransmitted changes_cipher_spec messages

Make sure to use current epoch as input to send_handshake_flight.
---
 lib/ssl/src/dtls_connection.erl | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl
index 01621c68c6..2de947d8b4 100644
--- a/lib/ssl/src/dtls_connection.erl
+++ b/lib/ssl/src/dtls_connection.erl
@@ -750,7 +750,13 @@ next_event(connection = StateName, no_record,
 	{#ssl_tls{epoch = Epoch,
 		  type = ?HANDSHAKE,
 		  version = _Version}, State1} = _Record when Epoch == CurrentEpoch-1 ->
-	    {State, MoreActions} = send_handshake_flight(State1, Epoch),
+	    {State, MoreActions} = send_handshake_flight(State1, CurrentEpoch),
+	    {next_state, StateName, State, Actions ++ MoreActions};
+        %% From FLIGHT perspective CHANGE_CIPHER_SPEC is treated as a handshake
+        {#ssl_tls{epoch = Epoch,
+		  type = ?CHANGE_CIPHER_SPEC,
+		  version = _Version}, State1} = _Record when Epoch == CurrentEpoch-1 ->
+	    {State, MoreActions} = send_handshake_flight(State1, CurrentEpoch),
 	    {next_state, StateName, State, Actions ++ MoreActions};
 	{#ssl_tls{epoch = _Epoch,
 		  version = _Version}, State1} ->
@@ -760,6 +766,25 @@ next_event(connection = StateName, no_record,
 	{#alert{} = Alert, State} ->
 	    {next_state, StateName, State, [{next_event, internal, Alert} | Actions]}
     end;
+next_event(connection = StateName, Record,
+	   #state{connection_states = #{current_read := #{epoch := CurrentEpoch}}} = State0, Actions) ->
+    case Record of
+	#ssl_tls{epoch = CurrentEpoch} ->
+	    {next_state, StateName, State0, [{next_event, internal, {protocol_record, Record}} | Actions]};
+	#ssl_tls{epoch = Epoch,
+                 type = ?HANDSHAKE,
+                 version = _Version} when Epoch == CurrentEpoch-1 ->
+	    {State, MoreActions} = send_handshake_flight(State0, CurrentEpoch),
+	    {next_state, StateName, State, Actions ++ MoreActions};
+        %% From FLIGHT perspective CHANGE_CIPHER_SPEC is treated as a handshake
+        #ssl_tls{epoch = Epoch,
+                 type = ?CHANGE_CIPHER_SPEC,
+                 version = _Version} when Epoch == CurrentEpoch-1 ->
+	    {State, MoreActions} = send_handshake_flight(State0, CurrentEpoch),
+	    {next_state, StateName, State, Actions ++ MoreActions};
+        _ -> 
+            next_event(StateName, no_record, State0, Actions) 
+    end;
 next_event(StateName, Record, 
 	   #state{connection_states = #{current_read := #{epoch := CurrentEpoch}}} = State0, Actions) ->
     case Record of
-- 
cgit v1.2.3