summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2022-03-26 15:05:53 +0000
committerjsing <>2022-03-26 15:05:53 +0000
commit2ce3af26514a8bfe23e0605aa5b31dc0ab865be1 (patch)
tree0e5ddc4d53a4d3e855b283f8436d0f4367460d9b
parent527e43312b5c8483664095a6593080962d0b2424 (diff)
downloadopenbsd-2ce3af26514a8bfe23e0605aa5b31dc0ab865be1.tar.gz
openbsd-2ce3af26514a8bfe23e0605aa5b31dc0ab865be1.tar.bz2
openbsd-2ce3af26514a8bfe23e0605aa5b31dc0ab865be1.zip
Clean up {dtls1,ssl3}_read_bytes()
Now that {dtls1,ssl3}_read_bytes() have been refactored, do a clean up pass - this cleans up various parts of the code and reduces differences between these two functions. ok = 1; *(&(ok)) tb@ ok inoguchi@
Diffstat
-rw-r--r--src/lib/libssl/d1_pkt.c176
-rw-r--r--src/lib/libssl/ssl_pkt.c190
2 files changed, 166 insertions, 200 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index f17608608e..456f871a43 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_pkt.c,v 1.122 2022/03/26 15:00:51 jsing Exp $ */ 1/* $OpenBSD: d1_pkt.c,v 1.123 2022/03/26 15:05:53 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -685,29 +685,37 @@ dtls1_read_handshake_unexpected(SSL *s)
685int 685int
686dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) 686dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
687{ 687{
688 int al, i, ret; 688 SSL3_RECORD_INTERNAL *rr;
689 int rrcount = 0; 689 int rrcount = 0;
690 unsigned int n; 690 unsigned int n;
691 SSL3_RECORD_INTERNAL *rr; 691 int ret;
692 692
693 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ 693 if (s->s3->rbuf.buf == NULL) {
694 if (!ssl3_setup_buffers(s)) 694 if (!ssl3_setup_buffers(s))
695 return (-1); 695 return -1;
696 }
696 697
697 if ((type && 698 if (len < 0) {
698 type != SSL3_RT_APPLICATION_DATA && type != SSL3_RT_HANDSHAKE) ||
699 (peek && (type != SSL3_RT_APPLICATION_DATA))) {
700 SSLerror(s, ERR_R_INTERNAL_ERROR); 699 SSLerror(s, ERR_R_INTERNAL_ERROR);
701 return -1; 700 return -1;
702 } 701 }
703 702
704 if (!s->internal->in_handshake && SSL_in_init(s)) { 703 if (type != 0 && type != SSL3_RT_APPLICATION_DATA &&
705 i = s->internal->handshake_func(s); 704 type != SSL3_RT_HANDSHAKE) {
706 if (i < 0) 705 SSLerror(s, ERR_R_INTERNAL_ERROR);
707 return (i); 706 return -1;
708 if (i == 0) { 707 }
708 if (peek && type != SSL3_RT_APPLICATION_DATA) {
709 SSLerror(s, ERR_R_INTERNAL_ERROR);
710 return -1;
711 }
712
713 if (SSL_in_init(s) && !s->internal->in_handshake) {
714 if ((ret = s->internal->handshake_func(s)) < 0)
715 return ret;
716 if (ret == 0) {
709 SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); 717 SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
710 return (-1); 718 return -1;
711 } 719 }
712 } 720 }
713 721
@@ -727,33 +735,24 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
727 735
728 s->internal->rwstate = SSL_NOTHING; 736 s->internal->rwstate = SSL_NOTHING;
729 737
730 /* s->s3->rrec.type - is the type of record 738 rr = &s->s3->rrec;
731 * s->s3->rrec.data, - data
732 * s->s3->rrec.off, - offset into 'data' for next read
733 * s->s3->rrec.length, - number of bytes. */
734 rr = &(s->s3->rrec);
735 739
736 /* We are not handshaking and have no data yet, 740 /*
737 * so process data buffered during the last handshake 741 * We are not handshaking and have no data yet, so process data buffered
738 * in advance, if any. 742 * during the last handshake in advance, if any.
739 */ 743 */
740 if (s->s3->hs.state == SSL_ST_OK && rr->length == 0) 744 if (s->s3->hs.state == SSL_ST_OK && rr->length == 0)
741 dtls1_retrieve_buffered_record(s, &(s->d1->buffered_app_data)); 745 dtls1_retrieve_buffered_record(s, &s->d1->buffered_app_data);
742 746
743 /* Check for timeout */
744 if (dtls1_handle_timeout(s) > 0) 747 if (dtls1_handle_timeout(s) > 0)
745 goto start; 748 goto start;
746 749
747 /* get new packet if necessary */ 750 if (rr->length == 0 || s->internal->rstate == SSL_ST_READ_BODY) {
748 if ((rr->length == 0) || (s->internal->rstate == SSL_ST_READ_BODY)) { 751 if ((ret = dtls1_get_record(s)) <= 0) {
749 ret = dtls1_get_record(s); 752 /* Anything other than a timeout is an error. */
750 if (ret <= 0) { 753 if ((ret = dtls1_read_failed(s, ret)) <= 0)
751 ret = dtls1_read_failed(s, ret); 754 return ret;
752 /* anything other than a timeout is an error */ 755 goto start;
753 if (ret <= 0)
754 return (ret);
755 else
756 goto start;
757 } 756 }
758 } 757 }
759 758
@@ -762,17 +761,16 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
762 goto start; 761 goto start;
763 } 762 }
764 763
765 /* we now have a packet which can be read and processed */ 764 /* We now have a packet which can be read and processed. */
766 765
767 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, 766 if (s->s3->change_cipher_spec && rr->type != SSL3_RT_HANDSHAKE) {
768 * reset by ssl3_get_finished */ 767 /*
769 && (rr->type != SSL3_RT_HANDSHAKE)) { 768 * We now have application data between CCS and Finished.
770 /* We now have application data between CCS and Finished.
771 * Most likely the packets were reordered on their way, so 769 * Most likely the packets were reordered on their way, so
772 * buffer the application data for later processing rather 770 * buffer the application data for later processing rather
773 * than dropping the connection. 771 * than dropping the connection.
774 */ 772 */
775 if (dtls1_buffer_record(s, &(s->d1->buffered_app_data), 773 if (dtls1_buffer_record(s, &s->d1->buffered_app_data,
776 rr->seq_num) < 0) { 774 rr->seq_num) < 0) {
777 SSLerror(s, ERR_R_INTERNAL_ERROR); 775 SSLerror(s, ERR_R_INTERNAL_ERROR);
778 return (-1); 776 return (-1);
@@ -781,35 +779,41 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
781 goto start; 779 goto start;
782 } 780 }
783 781
784 /* If the other end has shut down, throw anything we read away 782 /*
785 * (even in 'peek' mode) */ 783 * If the other end has shut down, throw anything we read away (even in
784 * 'peek' mode).
785 */
786 if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) { 786 if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) {
787 rr->length = 0;
788 s->internal->rwstate = SSL_NOTHING; 787 s->internal->rwstate = SSL_NOTHING;
789 return (0); 788 rr->length = 0;
789 return 0;
790 } 790 }
791 791
792 /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ 792 /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
793 if (type == rr->type) { 793 if (type == rr->type) {
794 /* make sure that we are not getting application data when we 794 /*
795 * are doing a handshake for the first time */ 795 * Make sure that we are not getting application data when we
796 * are doing a handshake for the first time.
797 */
796 if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA && 798 if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA &&
797 !tls12_record_layer_read_protected(s->internal->rl)) { 799 !tls12_record_layer_read_protected(s->internal->rl)) {
798 al = SSL_AD_UNEXPECTED_MESSAGE;
799 SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE); 800 SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
800 goto fatal_err; 801 ssl3_send_alert(s, SSL3_AL_FATAL,
802 SSL_AD_UNEXPECTED_MESSAGE);
803 return -1;
801 } 804 }
802 805
803 if (len <= 0) 806 if (len <= 0)
804 return (len); 807 return len;
805 808
806 if ((unsigned int)len > rr->length) 809 if ((unsigned int)len > rr->length)
807 n = rr->length; 810 n = rr->length;
808 else 811 else
809 n = (unsigned int)len; 812 n = (unsigned int)len;
810 813
811 memcpy(buf, &(rr->data[rr->off]), n); 814 memcpy(buf, &rr->data[rr->off], n);
812 if (!peek) { 815 if (!peek) {
816 memset(&rr->data[rr->off], 0, n);
813 rr->length -= n; 817 rr->length -= n;
814 rr->off += n; 818 rr->off += n;
815 if (rr->length == 0) { 819 if (rr->length == 0) {
@@ -818,7 +822,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
818 } 822 }
819 } 823 }
820 824
821 return (n); 825 return n;
822 } 826 }
823 827
824 /* 828 /*
@@ -838,42 +842,16 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
838 return (0); 842 return (0);
839 } 843 }
840 844
841 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) { 845 if (rr->type == SSL3_RT_APPLICATION_DATA) {
842 if ((ret = ssl3_read_change_cipher_spec(s)) <= 0) 846 /*
843 return ret; 847 * At this point, we were expecting handshake data, but have
844 goto start; 848 * application data. If the library was running inside
845 } 849 * ssl3_read() (i.e. in_read_app_data is set) and it makes
846 850 * sense to read application data at this point (session
847 if (rr->type == SSL3_RT_HANDSHAKE) { 851 * renegotiation not yet started), we will indulge it.
848 if ((ret = dtls1_read_handshake_unexpected(s)) <= 0)
849 return ret;
850 goto start;
851 }
852
853 switch (rr->type) {
854 default:
855 al = SSL_AD_UNEXPECTED_MESSAGE;
856 SSLerror(s, SSL_R_UNEXPECTED_RECORD);
857 goto fatal_err;
858 case SSL3_RT_CHANGE_CIPHER_SPEC:
859 case SSL3_RT_ALERT:
860 case SSL3_RT_HANDSHAKE:
861 /* we already handled all of these, with the possible exception
862 * of SSL3_RT_HANDSHAKE when s->internal->in_handshake is set, but that
863 * should not happen when type != rr->type */
864 al = SSL_AD_UNEXPECTED_MESSAGE;
865 SSLerror(s, ERR_R_INTERNAL_ERROR);
866 goto fatal_err;
867 case SSL3_RT_APPLICATION_DATA:
868 /* At this point, we were expecting handshake data,
869 * but have application data. If the library was
870 * running inside ssl3_read() (i.e. in_read_app_data
871 * is set) and it makes sense to read application data
872 * at this point (session renegotiation not yet started),
873 * we will indulge it.
874 */ 852 */
875 if (s->s3->in_read_app_data && 853 if (s->s3->in_read_app_data != 0 &&
876 (s->s3->total_renegotiations != 0) && 854 s->s3->total_renegotiations != 0 &&
877 (((s->s3->hs.state & SSL_ST_CONNECT) && 855 (((s->s3->hs.state & SSL_ST_CONNECT) &&
878 (s->s3->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) && 856 (s->s3->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) &&
879 (s->s3->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || ( 857 (s->s3->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || (
@@ -881,19 +859,31 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
881 (s->s3->hs.state <= SSL3_ST_SW_HELLO_REQ_A) && 859 (s->s3->hs.state <= SSL3_ST_SW_HELLO_REQ_A) &&
882 (s->s3->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) { 860 (s->s3->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
883 s->s3->in_read_app_data = 2; 861 s->s3->in_read_app_data = 2;
884 return (-1); 862 return -1;
885 } else { 863 } else {
886 al = SSL_AD_UNEXPECTED_MESSAGE;
887 SSLerror(s, SSL_R_UNEXPECTED_RECORD); 864 SSLerror(s, SSL_R_UNEXPECTED_RECORD);
888 goto fatal_err; 865 ssl3_send_alert(s, SSL3_AL_FATAL,
866 SSL_AD_UNEXPECTED_MESSAGE);
867 return -1;
889 } 868 }
890 } 869 }
891 /* not reached */
892 870
893 fatal_err: 871 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
894 ssl3_send_alert(s, SSL3_AL_FATAL, al); 872 if ((ret = ssl3_read_change_cipher_spec(s)) <= 0)
873 return ret;
874 goto start;
875 }
895 876
896 return (-1); 877 if (rr->type == SSL3_RT_HANDSHAKE) {
878 if ((ret = dtls1_read_handshake_unexpected(s)) <= 0)
879 return ret;
880 goto start;
881 }
882
883 /* Unknown record type. */
884 SSLerror(s, SSL_R_UNEXPECTED_RECORD);
885 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
886 return -1;
897} 887}
898 888
899int 889int
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index 57230f8fae..3dd0269540 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_pkt.c,v 1.57 2022/03/17 17:28:08 jsing Exp $ */ 1/* $OpenBSD: ssl_pkt.c,v 1.58 2022/03/26 15:05:53 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1008,37 +1008,40 @@ ssl3_read_handshake_unexpected(SSL *s)
1008int 1008int
1009ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) 1009ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1010{ 1010{
1011 int al, i, ret; 1011 SSL3_RECORD_INTERNAL *rr;
1012 int rrcount = 0; 1012 int rrcount = 0;
1013 unsigned int n; 1013 unsigned int n;
1014 SSL3_RECORD_INTERNAL *rr; 1014 int ret;
1015 1015
1016 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ 1016 if (s->s3->rbuf.buf == NULL) {
1017 if (!ssl3_setup_read_buffer(s)) 1017 if (!ssl3_setup_read_buffer(s))
1018 return (-1); 1018 return -1;
1019 }
1019 1020
1020 if (len < 0) { 1021 if (len < 0) {
1021 SSLerror(s, ERR_R_INTERNAL_ERROR); 1022 SSLerror(s, ERR_R_INTERNAL_ERROR);
1022 return -1; 1023 return -1;
1023 } 1024 }
1024 1025
1025 if ((type && type != SSL3_RT_APPLICATION_DATA && 1026 if (type != 0 && type != SSL3_RT_APPLICATION_DATA &&
1026 type != SSL3_RT_HANDSHAKE) || 1027 type != SSL3_RT_HANDSHAKE) {
1027 (peek && (type != SSL3_RT_APPLICATION_DATA))) { 1028 SSLerror(s, ERR_R_INTERNAL_ERROR);
1029 return -1;
1030 }
1031 if (peek && type != SSL3_RT_APPLICATION_DATA) {
1028 SSLerror(s, ERR_R_INTERNAL_ERROR); 1032 SSLerror(s, ERR_R_INTERNAL_ERROR);
1029 return -1; 1033 return -1;
1030 } 1034 }
1031 1035
1032 if ((type == SSL3_RT_HANDSHAKE) && 1036 if (type == SSL3_RT_HANDSHAKE && s->s3->handshake_fragment_len > 0) {
1033 (s->s3->handshake_fragment_len > 0)) { 1037 /* Partially satisfy request from fragment storage. */
1034 /* (partially) satisfy request from storage */
1035 unsigned char *src = s->s3->handshake_fragment; 1038 unsigned char *src = s->s3->handshake_fragment;
1036 unsigned char *dst = buf; 1039 unsigned char *dst = buf;
1037 unsigned int k; 1040 unsigned int k;
1038 1041
1039 /* peek == 0 */ 1042 /* peek == 0 */
1040 n = 0; 1043 n = 0;
1041 while ((len > 0) && (s->s3->handshake_fragment_len > 0)) { 1044 while (len > 0 && s->s3->handshake_fragment_len > 0) {
1042 *dst++ = *src++; 1045 *dst++ = *src++;
1043 len--; 1046 len--;
1044 s->s3->handshake_fragment_len--; 1047 s->s3->handshake_fragment_len--;
@@ -1050,18 +1053,12 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1050 return n; 1053 return n;
1051 } 1054 }
1052 1055
1053 /* 1056 if (SSL_in_init(s) && !s->internal->in_handshake) {
1054 * Now s->s3->handshake_fragment_len == 0 if 1057 if ((ret = s->internal->handshake_func(s)) < 0)
1055 * type == SSL3_RT_HANDSHAKE. 1058 return ret;
1056 */ 1059 if (ret == 0) {
1057 if (!s->internal->in_handshake && SSL_in_init(s)) {
1058 /* type == SSL3_RT_APPLICATION_DATA */
1059 i = s->internal->handshake_func(s);
1060 if (i < 0)
1061 return (i);
1062 if (i == 0) {
1063 SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); 1060 SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
1064 return (-1); 1061 return -1;
1065 } 1062 }
1066 } 1063 }
1067 1064
@@ -1081,61 +1078,56 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1081 1078
1082 s->internal->rwstate = SSL_NOTHING; 1079 s->internal->rwstate = SSL_NOTHING;
1083 1080
1084 /* 1081 rr = &s->s3->rrec;
1085 * s->s3->rrec.type - is the type of record
1086 * s->s3->rrec.data, - data
1087 * s->s3->rrec.off, - offset into 'data' for next read
1088 * s->s3->rrec.length, - number of bytes.
1089 */
1090 rr = &(s->s3->rrec);
1091 1082
1092 /* get new packet if necessary */ 1083 if (rr->length == 0 || s->internal->rstate == SSL_ST_READ_BODY) {
1093 if ((rr->length == 0) || (s->internal->rstate == SSL_ST_READ_BODY)) { 1084 if ((ret = ssl3_get_record(s)) <= 0)
1094 ret = ssl3_get_record(s); 1085 return ret;
1095 if (ret <= 0)
1096 return (ret);
1097 } 1086 }
1098 1087
1099 /* we now have a packet which can be read and processed */ 1088 /* We now have a packet which can be read and processed. */
1100 1089
1101 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, 1090 if (s->s3->change_cipher_spec && rr->type != SSL3_RT_HANDSHAKE) {
1102 * reset by ssl3_get_finished */
1103 && (rr->type != SSL3_RT_HANDSHAKE)) {
1104 al = SSL_AD_UNEXPECTED_MESSAGE;
1105 SSLerror(s, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); 1091 SSLerror(s, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
1106 goto fatal_err; 1092 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1093 return -1;
1107 } 1094 }
1108 1095
1109 /* If the other end has shut down, throw anything we read away 1096 /*
1110 * (even in 'peek' mode) */ 1097 * If the other end has shut down, throw anything we read away (even in
1098 * 'peek' mode).
1099 */
1111 if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) { 1100 if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) {
1112 rr->length = 0;
1113 s->internal->rwstate = SSL_NOTHING; 1101 s->internal->rwstate = SSL_NOTHING;
1114 return (0); 1102 rr->length = 0;
1103 return 0;
1115 } 1104 }
1116 1105
1117 /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ 1106 /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
1118 if (type == rr->type) { 1107 if (type == rr->type) {
1119 /* make sure that we are not getting application data when we 1108 /*
1120 * are doing a handshake for the first time */ 1109 * Make sure that we are not getting application data when we
1110 * are doing a handshake for the first time.
1111 */
1121 if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA && 1112 if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA &&
1122 !tls12_record_layer_read_protected(s->internal->rl)) { 1113 !tls12_record_layer_read_protected(s->internal->rl)) {
1123 al = SSL_AD_UNEXPECTED_MESSAGE;
1124 SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE); 1114 SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
1125 goto fatal_err; 1115 ssl3_send_alert(s, SSL3_AL_FATAL,
1116 SSL_AD_UNEXPECTED_MESSAGE);
1117 return -1;
1126 } 1118 }
1127 1119
1128 if (len <= 0) 1120 if (len <= 0)
1129 return (len); 1121 return len;
1130 1122
1131 if ((unsigned int)len > rr->length) 1123 if ((unsigned int)len > rr->length)
1132 n = rr->length; 1124 n = rr->length;
1133 else 1125 else
1134 n = (unsigned int)len; 1126 n = (unsigned int)len;
1135 1127
1136 memcpy(buf, &(rr->data[rr->off]), n); 1128 memcpy(buf, &rr->data[rr->off], n);
1137 if (!peek) { 1129 if (!peek) {
1138 memset(&(rr->data[rr->off]), 0, n); 1130 memset(&rr->data[rr->off], 0, n);
1139 rr->length -= n; 1131 rr->length -= n;
1140 rr->off += n; 1132 rr->off += n;
1141 if (rr->length == 0) { 1133 if (rr->length == 0) {
@@ -1146,7 +1138,8 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1146 ssl3_release_read_buffer(s); 1138 ssl3_release_read_buffer(s);
1147 } 1139 }
1148 } 1140 }
1149 return (n); 1141
1142 return n;
1150 } 1143 }
1151 1144
1152 /* 1145 /*
@@ -1161,77 +1154,60 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1161 } 1154 }
1162 1155
1163 if (s->internal->shutdown & SSL_SENT_SHUTDOWN) { 1156 if (s->internal->shutdown & SSL_SENT_SHUTDOWN) {
1164 /* but we have not received a shutdown */
1165 s->internal->rwstate = SSL_NOTHING; 1157 s->internal->rwstate = SSL_NOTHING;
1166 rr->length = 0; 1158 rr->length = 0;
1167 return (0); 1159 return 0;
1168 }
1169
1170 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
1171 if ((ret = ssl3_read_change_cipher_spec(s)) <= 0)
1172 return ret;
1173 goto start;
1174 }
1175
1176 if (rr->type == SSL3_RT_HANDSHAKE) {
1177 if ((ret = ssl3_read_handshake_unexpected(s)) <= 0)
1178 return ret;
1179 goto start;
1180 } 1160 }
1181 1161
1182 switch (rr->type) { 1162 if (rr->type == SSL3_RT_APPLICATION_DATA) {
1183 default:
1184 /* 1163 /*
1185 * TLS up to v1.1 just ignores unknown message types: 1164 * At this point, we were expecting handshake data, but have
1186 * TLS v1.2 give an unexpected message alert. 1165 * application data. If the library was running inside
1166 * ssl3_read() (i.e. in_read_app_data is set) and it makes
1167 * sense to read application data at this point (session
1168 * renegotiation not yet started), we will indulge it.
1187 */ 1169 */
1188 if (s->version >= TLS1_VERSION && 1170 if (s->s3->in_read_app_data != 0 &&
1189 s->version <= TLS1_1_VERSION) { 1171 s->s3->total_renegotiations != 0 &&
1190 rr->length = 0;
1191 goto start;
1192 }
1193 al = SSL_AD_UNEXPECTED_MESSAGE;
1194 SSLerror(s, SSL_R_UNEXPECTED_RECORD);
1195 goto fatal_err;
1196 case SSL3_RT_CHANGE_CIPHER_SPEC:
1197 case SSL3_RT_ALERT:
1198 case SSL3_RT_HANDSHAKE:
1199 /* we already handled all of these, with the possible exception
1200 * of SSL3_RT_HANDSHAKE when s->internal->in_handshake is set, but that
1201 * should not happen when type != rr->type */
1202 al = SSL_AD_UNEXPECTED_MESSAGE;
1203 SSLerror(s, ERR_R_INTERNAL_ERROR);
1204 goto fatal_err;
1205 case SSL3_RT_APPLICATION_DATA:
1206 /* At this point, we were expecting handshake data,
1207 * but have application data. If the library was
1208 * running inside ssl3_read() (i.e. in_read_app_data
1209 * is set) and it makes sense to read application data
1210 * at this point (session renegotiation not yet started),
1211 * we will indulge it.
1212 */
1213 if (s->s3->in_read_app_data &&
1214 (s->s3->total_renegotiations != 0) &&
1215 (((s->s3->hs.state & SSL_ST_CONNECT) && 1172 (((s->s3->hs.state & SSL_ST_CONNECT) &&
1216 (s->s3->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) && 1173 (s->s3->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) &&
1217 (s->s3->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || 1174 (s->s3->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || (
1218 ((s->s3->hs.state & SSL_ST_ACCEPT) && 1175 (s->s3->hs.state & SSL_ST_ACCEPT) &&
1219 (s->s3->hs.state <= SSL3_ST_SW_HELLO_REQ_A) && 1176 (s->s3->hs.state <= SSL3_ST_SW_HELLO_REQ_A) &&
1220 (s->s3->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) { 1177 (s->s3->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
1221 s->s3->in_read_app_data = 2; 1178 s->s3->in_read_app_data = 2;
1222 return (-1); 1179 return -1;
1223 } else { 1180 } else {
1224 al = SSL_AD_UNEXPECTED_MESSAGE;
1225 SSLerror(s, SSL_R_UNEXPECTED_RECORD); 1181 SSLerror(s, SSL_R_UNEXPECTED_RECORD);
1226 goto fatal_err; 1182 ssl3_send_alert(s, SSL3_AL_FATAL,
1183 SSL_AD_UNEXPECTED_MESSAGE);
1184 return -1;
1227 } 1185 }
1228 } 1186 }
1229 /* not reached */
1230 1187
1231 fatal_err: 1188 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
1232 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1189 if ((ret = ssl3_read_change_cipher_spec(s)) <= 0)
1190 return ret;
1191 goto start;
1192 }
1233 1193
1234 return (-1); 1194 if (rr->type == SSL3_RT_HANDSHAKE) {
1195 if ((ret = ssl3_read_handshake_unexpected(s)) <= 0)
1196 return ret;
1197 goto start;
1198 }
1199
1200 /*
1201 * Unknown record type - TLSv1.2 sends an unexpected message alert while
1202 * earlier versions silently ignore the record.
1203 */
1204 if (ssl_effective_tls_version(s) <= TLS1_1_VERSION) {
1205 rr->length = 0;
1206 goto start;
1207 }
1208 SSLerror(s, SSL_R_UNEXPECTED_RECORD);
1209 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1210 return -1;
1235} 1211}
1236 1212
1237int 1213int
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 17:45:36 +0000