summaryrefslogtreecommitdiff
path: root/src/lib/libssl/d1_pkt.c
diff options
context:
space:
mode:
authorjsing <>2022-11-11 17:15:27 +0000
committerjsing <>2022-11-11 17:15:27 +0000
commit167103faa44f8407455f11f6599e9919e2b22653 (patch)
treea8f8e94c51cf1dc74d90e267faf0ad4720537e35 /src/lib/libssl/d1_pkt.c
parentf8749b129444d560b9e645a68ec7b045800243ed (diff)
downloadopenbsd-167103faa44f8407455f11f6599e9919e2b22653.tar.gz
openbsd-167103faa44f8407455f11f6599e9919e2b22653.tar.bz2
openbsd-167103faa44f8407455f11f6599e9919e2b22653.zip
Convert the legacy TLS stack to tls_content.
This converts the legacy TLS stack to tls_content - records are now opened into a tls_content structure, rather than being written back into the same buffer that the sealed record was read into. This will allow for further clean up of the legacy record layer. ok tb@
Diffstat (limited to 'src/lib/libssl/d1_pkt.c')
-rw-r--r--src/lib/libssl/d1_pkt.c190
1 files changed, 123 insertions, 67 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 1431434ba8..35d5d8ec6d 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_pkt.c,v 1.124 2022/10/02 16:36:41 jsing Exp $ */ 1/* $OpenBSD: d1_pkt.c,v 1.125 2022/11/11 17:15:26 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -115,6 +115,7 @@
115 115
116#include <endian.h> 116#include <endian.h>
117#include <errno.h> 117#include <errno.h>
118#include <limits.h>
118#include <stdio.h> 119#include <stdio.h>
119 120
120#include <openssl/buffer.h> 121#include <openssl/buffer.h>
@@ -124,6 +125,7 @@
124#include "dtls_locl.h" 125#include "dtls_locl.h"
125#include "pqueue.h" 126#include "pqueue.h"
126#include "ssl_locl.h" 127#include "ssl_locl.h"
128#include "tls_content.h"
127 129
128/* mod 128 saturating subtract of two 64-bit values in big-endian order */ 130/* mod 128 saturating subtract of two 64-bit values in big-endian order */
129static int 131static int
@@ -247,6 +249,44 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
247 return (-1); 249 return (-1);
248} 250}
249 251
252static int
253dtls1_buffer_rcontent(SSL *s, rcontent_pqueue *queue, unsigned char *priority)
254{
255 DTLS1_RCONTENT_DATA_INTERNAL *rdata;
256 pitem *item;
257
258 /* Limit the size of the queue to prevent DOS attacks */
259 if (pqueue_size(queue->q) >= 100)
260 return 0;
261
262 rdata = malloc(sizeof(DTLS1_RCONTENT_DATA_INTERNAL));
263 item = pitem_new(priority, rdata);
264 if (rdata == NULL || item == NULL)
265 goto init_err;
266
267 rdata->rcontent = s->s3->rcontent;
268 s->s3->rcontent = NULL;
269
270 item->data = rdata;
271
272 /* insert should not fail, since duplicates are dropped */
273 if (pqueue_insert(queue->q, item) == NULL)
274 goto err;
275
276 if ((s->s3->rcontent = tls_content_new()) == NULL)
277 goto err;
278
279 return (1);
280
281 err:
282 tls_content_free(rdata->rcontent);
283
284 init_err:
285 SSLerror(s, ERR_R_INTERNAL_ERROR);
286 free(rdata);
287 pitem_free(item);
288 return (-1);
289}
250 290
251static int 291static int
252dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue) 292dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
@@ -267,6 +307,29 @@ dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
267} 307}
268 308
269static int 309static int
310dtls1_retrieve_buffered_rcontent(SSL *s, rcontent_pqueue *queue)
311{
312 DTLS1_RCONTENT_DATA_INTERNAL *rdata;
313 pitem *item;
314
315 item = pqueue_pop(queue->q);
316 if (item) {
317 rdata = item->data;
318
319 tls_content_free(s->s3->rcontent);
320 s->s3->rcontent = rdata->rcontent;
321 s->s3->rrec.epoch = tls_content_epoch(s->s3->rcontent);
322
323 free(item->data);
324 pitem_free(item);
325
326 return (1);
327 }
328
329 return (0);
330}
331
332static int
270dtls1_process_buffered_record(SSL *s) 333dtls1_process_buffered_record(SSL *s)
271{ 334{
272 /* Check if epoch is current. */ 335 /* Check if epoch is current. */
@@ -295,13 +358,11 @@ dtls1_process_record(SSL *s)
295{ 358{
296 SSL3_RECORD_INTERNAL *rr = &(s->s3->rrec); 359 SSL3_RECORD_INTERNAL *rr = &(s->s3->rrec);
297 uint8_t alert_desc; 360 uint8_t alert_desc;
298 uint8_t *out;
299 size_t out_len;
300 361
301 tls12_record_layer_set_version(s->rl, s->version); 362 tls12_record_layer_set_version(s->rl, s->version);
302 363
303 if (!tls12_record_layer_open_record(s->rl, s->packet, 364 if (!tls12_record_layer_open_record(s->rl, s->packet, s->packet_length,
304 s->packet_length, &out, &out_len)) { 365 s->s3->rcontent)) {
305 tls12_record_layer_alert(s->rl, &alert_desc); 366 tls12_record_layer_alert(s->rl, &alert_desc);
306 367
307 if (alert_desc == 0) 368 if (alert_desc == 0)
@@ -311,10 +372,8 @@ dtls1_process_record(SSL *s)
311 * DTLS should silently discard invalid records, including those 372 * DTLS should silently discard invalid records, including those
312 * with a bad MAC, as per RFC 6347 section 4.1.2.1. 373 * with a bad MAC, as per RFC 6347 section 4.1.2.1.
313 */ 374 */
314 if (alert_desc == SSL_AD_BAD_RECORD_MAC) { 375 if (alert_desc == SSL_AD_BAD_RECORD_MAC)
315 out_len = 0;
316 goto done; 376 goto done;
317 }
318 377
319 if (alert_desc == SSL_AD_RECORD_OVERFLOW) 378 if (alert_desc == SSL_AD_RECORD_OVERFLOW)
320 SSLerror(s, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); 379 SSLerror(s, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
@@ -322,11 +381,10 @@ dtls1_process_record(SSL *s)
322 goto fatal_err; 381 goto fatal_err;
323 } 382 }
324 383
325 done: 384 /* XXX move to record layer. */
326 rr->data = out; 385 tls_content_set_epoch(s->s3->rcontent, rr->epoch);
327 rr->length = out_len;
328 rr->off = 0;
329 386
387 done:
330 s->packet_length = 0; 388 s->packet_length = 0;
331 389
332 return (1); 390 return (1);
@@ -485,7 +543,6 @@ dtls1_get_record(SSL *s)
485static int 543static int
486dtls1_read_handshake_unexpected(SSL *s) 544dtls1_read_handshake_unexpected(SSL *s)
487{ 545{
488 SSL3_RECORD_INTERNAL *rr = &s->s3->rrec;
489 struct hm_header_st hs_msg_hdr; 546 struct hm_header_st hs_msg_hdr;
490 CBS cbs; 547 CBS cbs;
491 int ret; 548 int ret;
@@ -495,19 +552,16 @@ dtls1_read_handshake_unexpected(SSL *s)
495 return -1; 552 return -1;
496 } 553 }
497 554
498 if (rr->off != 0) {
499 SSLerror(s, ERR_R_INTERNAL_ERROR);
500 return -1;
501 }
502
503 /* Parse handshake message header. */ 555 /* Parse handshake message header. */
504 CBS_init(&cbs, rr->data, rr->length); 556 CBS_dup(&cbs, tls_content_cbs(s->s3->rcontent));
505 if (!dtls1_get_message_header(&cbs, &hs_msg_hdr)) 557 if (!dtls1_get_message_header(&cbs, &hs_msg_hdr))
506 return -1; /* XXX - probably should drop/continue. */ 558 return -1; /* XXX - probably should drop/continue. */
507 559
508 /* This may just be a stale retransmit. */ 560 /* This may just be a stale retransmit. */
509 if (rr->epoch != tls12_record_layer_read_epoch(s->rl)) { 561 if (tls_content_epoch(s->s3->rcontent) !=
510 rr->length = 0; 562 tls12_record_layer_read_epoch(s->rl)) {
563 tls_content_clear(s->s3->rcontent);
564 s->s3->rrec.length = 0;
511 return 1; 565 return 1;
512 } 566 }
513 567
@@ -532,10 +586,11 @@ dtls1_read_handshake_unexpected(SSL *s)
532 return -1; 586 return -1;
533 } 587 }
534 588
535 ssl_msg_callback(s, 0, SSL3_RT_HANDSHAKE, rr->data, 589 ssl_msg_callback_cbs(s, 0, SSL3_RT_HANDSHAKE,
536 DTLS1_HM_HEADER_LENGTH); 590 tls_content_cbs(s->s3->rcontent));
537 591
538 rr->length = 0; 592 tls_content_clear(s->s3->rcontent);
593 s->s3->rrec.length = 0;
539 594
540 /* 595 /*
541 * It should be impossible to hit this, but keep the safety 596 * It should be impossible to hit this, but keep the safety
@@ -624,7 +679,8 @@ dtls1_read_handshake_unexpected(SSL *s)
624 679
625 dtls1_retransmit_buffered_messages(s); 680 dtls1_retransmit_buffered_messages(s);
626 681
627 rr->length = 0; 682 tls_content_clear(s->s3->rcontent);
683 s->s3->rrec.length = 0;
628 684
629 return 1; 685 return 1;
630 686
@@ -685,9 +741,8 @@ dtls1_read_handshake_unexpected(SSL *s)
685int 741int
686dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) 742dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
687{ 743{
688 SSL3_RECORD_INTERNAL *rr;
689 int rrcount = 0; 744 int rrcount = 0;
690 unsigned int n; 745 ssize_t ssret;
691 int ret; 746 int ret;
692 747
693 if (s->s3->rbuf.buf == NULL) { 748 if (s->s3->rbuf.buf == NULL) {
@@ -695,6 +750,11 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
695 return -1; 750 return -1;
696 } 751 }
697 752
753 if (s->s3->rcontent == NULL) {
754 if ((s->s3->rcontent = tls_content_new()) == NULL)
755 return -1;
756 }
757
698 if (len < 0) { 758 if (len < 0) {
699 SSLerror(s, ERR_R_INTERNAL_ERROR); 759 SSLerror(s, ERR_R_INTERNAL_ERROR);
700 return -1; 760 return -1;
@@ -735,19 +795,18 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
735 795
736 s->rwstate = SSL_NOTHING; 796 s->rwstate = SSL_NOTHING;
737 797
738 rr = &s->s3->rrec;
739
740 /* 798 /*
741 * We are not handshaking and have no data yet, so process data buffered 799 * We are not handshaking and have no data yet, so process data buffered
742 * during the last handshake in advance, if any. 800 * during the last handshake in advance, if any.
743 */ 801 */
744 if (s->s3->hs.state == SSL_ST_OK && rr->length == 0) 802 if (s->s3->hs.state == SSL_ST_OK &&
745 dtls1_retrieve_buffered_record(s, &s->d1->buffered_app_data); 803 tls_content_remaining(s->s3->rcontent) == 0)
804 dtls1_retrieve_buffered_rcontent(s, &s->d1->buffered_app_data);
746 805
747 if (dtls1_handle_timeout(s) > 0) 806 if (dtls1_handle_timeout(s) > 0)
748 goto start; 807 goto start;
749 808
750 if (rr->length == 0 || s->rstate == SSL_ST_READ_BODY) { 809 if (tls_content_remaining(s->s3->rcontent) == 0) {
751 if ((ret = dtls1_get_record(s)) <= 0) { 810 if ((ret = dtls1_get_record(s)) <= 0) {
752 /* Anything other than a timeout is an error. */ 811 /* Anything other than a timeout is an error. */
753 if ((ret = dtls1_read_failed(s, ret)) <= 0) 812 if ((ret = dtls1_read_failed(s, ret)) <= 0)
@@ -756,26 +815,30 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
756 } 815 }
757 } 816 }
758 817
759 if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) { 818 if (s->d1->listen &&
760 rr->length = 0; 819 tls_content_type(s->s3->rcontent) != SSL3_RT_HANDSHAKE) {
820 tls_content_clear(s->s3->rcontent);
821 s->s3->rrec.length = 0;
761 goto start; 822 goto start;
762 } 823 }
763 824
764 /* We now have a packet which can be read and processed. */ 825 /* We now have a packet which can be read and processed. */
765 826
766 if (s->s3->change_cipher_spec && rr->type != SSL3_RT_HANDSHAKE) { 827 if (s->s3->change_cipher_spec &&
828 tls_content_type(s->s3->rcontent) != SSL3_RT_HANDSHAKE) {
767 /* 829 /*
768 * We now have application data between CCS and Finished. 830 * We now have application data between CCS and Finished.
769 * Most likely the packets were reordered on their way, so 831 * Most likely the packets were reordered on their way, so
770 * buffer the application data for later processing rather 832 * buffer the application data for later processing rather
771 * than dropping the connection. 833 * than dropping the connection.
772 */ 834 */
773 if (dtls1_buffer_record(s, &s->d1->buffered_app_data, 835 if (dtls1_buffer_rcontent(s, &s->d1->buffered_app_data,
774 rr->seq_num) < 0) { 836 s->s3->rrec.seq_num) < 0) {
775 SSLerror(s, ERR_R_INTERNAL_ERROR); 837 SSLerror(s, ERR_R_INTERNAL_ERROR);
776 return (-1); 838 return (-1);
777 } 839 }
778 rr->length = 0; 840 tls_content_clear(s->s3->rcontent);
841 s->s3->rrec.length = 0;
779 goto start; 842 goto start;
780 } 843 }
781 844
@@ -785,12 +848,13 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
785 */ 848 */
786 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { 849 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
787 s->rwstate = SSL_NOTHING; 850 s->rwstate = SSL_NOTHING;
788 rr->length = 0; 851 tls_content_clear(s->s3->rcontent);
852 s->s3->rrec.length = 0;
789 return 0; 853 return 0;
790 } 854 }
791 855
792 /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ 856 /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
793 if (type == rr->type) { 857 if (tls_content_type(s->s3->rcontent) == type) {
794 /* 858 /*
795 * Make sure that we are not getting application data when we 859 * Make sure that we are not getting application data when we
796 * are doing a handshake for the first time. 860 * are doing a handshake for the first time.
@@ -806,31 +870,23 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
806 if (len <= 0) 870 if (len <= 0)
807 return len; 871 return len;
808 872
809 if ((unsigned int)len > rr->length) 873 if (peek) {
810 n = rr->length; 874 ssret = tls_content_peek(s->s3->rcontent, buf, len);
811 else 875 } else {
812 n = (unsigned int)len; 876 ssret = tls_content_read(s->s3->rcontent, buf, len);
813
814 memcpy(buf, &rr->data[rr->off], n);
815 if (!peek) {
816 memset(&rr->data[rr->off], 0, n);
817 rr->length -= n;
818 rr->off += n;
819 if (rr->length == 0) {
820 s->rstate = SSL_ST_READ_HEADER;
821 rr->off = 0;
822 }
823 } 877 }
878 if (ssret < INT_MIN || ssret > INT_MAX)
879 return -1;
880 if (ssret < 0)
881 return (int)ssret;
824 882
825 return n; 883 if (tls_content_remaining(s->s3->rcontent) == 0)
826 } 884 s->rstate = SSL_ST_READ_HEADER;
827 885
828 /* 886 return (int)ssret;
829 * If we get here, then type != rr->type; if we have a handshake 887 }
830 * message, then it was unexpected (Hello Request or Client Hello).
831 */
832 888
833 if (rr->type == SSL3_RT_ALERT) { 889 if (tls_content_type(s->s3->rcontent) == SSL3_RT_ALERT) {
834 if ((ret = ssl3_read_alert(s)) <= 0) 890 if ((ret = ssl3_read_alert(s)) <= 0)
835 return ret; 891 return ret;
836 goto start; 892 goto start;
@@ -838,11 +894,12 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
838 894
839 if (s->shutdown & SSL_SENT_SHUTDOWN) { 895 if (s->shutdown & SSL_SENT_SHUTDOWN) {
840 s->rwstate = SSL_NOTHING; 896 s->rwstate = SSL_NOTHING;
841 rr->length = 0; 897 tls_content_clear(s->s3->rcontent);
898 s->s3->rrec.length = 0;
842 return (0); 899 return (0);
843 } 900 }
844 901
845 if (rr->type == SSL3_RT_APPLICATION_DATA) { 902 if (tls_content_type(s->s3->rcontent) == SSL3_RT_APPLICATION_DATA) {
846 /* 903 /*
847 * At this point, we were expecting handshake data, but have 904 * At this point, we were expecting handshake data, but have
848 * application data. If the library was running inside 905 * application data. If the library was running inside
@@ -868,13 +925,13 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
868 } 925 }
869 } 926 }
870 927
871 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) { 928 if (tls_content_type(s->s3->rcontent) == SSL3_RT_CHANGE_CIPHER_SPEC) {
872 if ((ret = ssl3_read_change_cipher_spec(s)) <= 0) 929 if ((ret = ssl3_read_change_cipher_spec(s)) <= 0)
873 return ret; 930 return ret;
874 goto start; 931 goto start;
875 } 932 }
876 933
877 if (rr->type == SSL3_RT_HANDSHAKE) { 934 if (tls_content_type(s->s3->rcontent) == SSL3_RT_HANDSHAKE) {
878 if ((ret = dtls1_read_handshake_unexpected(s)) <= 0) 935 if ((ret = dtls1_read_handshake_unexpected(s)) <= 0)
879 return ret; 936 return ret;
880 goto start; 937 goto start;
@@ -891,8 +948,7 @@ dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
891{ 948{
892 int i; 949 int i;
893 950
894 if (SSL_in_init(s) && !s->in_handshake) 951 if (SSL_in_init(s) && !s->in_handshake) {
895 {
896 i = s->handshake_func(s); 952 i = s->handshake_func(s);
897 if (i < 0) 953 if (i < 0)
898 return (i); 954 return (i);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-15 08:01:57 +0000