summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_pkt.c
diff options
context:
space:
mode:
authorjsing <>2022-11-11 17:15:27 +0000
committerjsing <>2022-11-11 17:15:27 +0000
commit167103faa44f8407455f11f6599e9919e2b22653 (patch)
treea8f8e94c51cf1dc74d90e267faf0ad4720537e35 /src/lib/libssl/ssl_pkt.c
parentf8749b129444d560b9e645a68ec7b045800243ed (diff)
downloadopenbsd-167103faa44f8407455f11f6599e9919e2b22653.tar.gz
openbsd-167103faa44f8407455f11f6599e9919e2b22653.tar.bz2
openbsd-167103faa44f8407455f11f6599e9919e2b22653.zip
Convert the legacy TLS stack to tls_content.
This converts the legacy TLS stack to tls_content - records are now opened into a tls_content structure, rather than being written back into the same buffer that the sealed record was read into. This will allow for further clean up of the legacy record layer. ok tb@
Diffstat (limited to 'src/lib/libssl/ssl_pkt.c')
-rw-r--r--src/lib/libssl/ssl_pkt.c120
1 files changed, 52 insertions, 68 deletions
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index 58d3ee1db2..4d79981484 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_pkt.c,v 1.63 2022/11/10 18:06:37 jsing Exp $ */ 1/* $OpenBSD: ssl_pkt.c,v 1.64 2022/11/11 17:15:26 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -110,6 +110,7 @@
110 */ 110 */
111 111
112#include <errno.h> 112#include <errno.h>
113#include <limits.h>
113#include <stdio.h> 114#include <stdio.h>
114 115
115#include <openssl/buffer.h> 116#include <openssl/buffer.h>
@@ -118,6 +119,7 @@
118#include "bytestring.h" 119#include "bytestring.h"
119#include "dtls_locl.h" 120#include "dtls_locl.h"
120#include "ssl_locl.h" 121#include "ssl_locl.h"
122#include "tls_content.h"
121 123
122static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, 124static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
123 unsigned int len); 125 unsigned int len);
@@ -333,8 +335,6 @@ ssl3_get_record(SSL *s)
333 SSL3_BUFFER_INTERNAL *rb = &(s->s3->rbuf); 335 SSL3_BUFFER_INTERNAL *rb = &(s->s3->rbuf);
334 SSL3_RECORD_INTERNAL *rr = &(s->s3->rrec); 336 SSL3_RECORD_INTERNAL *rr = &(s->s3->rrec);
335 uint8_t alert_desc; 337 uint8_t alert_desc;
336 uint8_t *out;
337 size_t out_len;
338 int al, n; 338 int al, n;
339 int ret = -1; 339 int ret = -1;
340 340
@@ -410,8 +410,8 @@ ssl3_get_record(SSL *s)
410 */ 410 */
411 tls12_record_layer_set_version(s->rl, s->version); 411 tls12_record_layer_set_version(s->rl, s->version);
412 412
413 if (!tls12_record_layer_open_record(s->rl, s->packet, 413 if (!tls12_record_layer_open_record(s->rl, s->packet, s->packet_length,
414 s->packet_length, &out, &out_len)) { 414 s->s3->rcontent)) {
415 tls12_record_layer_alert(s->rl, &alert_desc); 415 tls12_record_layer_alert(s->rl, &alert_desc);
416 416
417 if (alert_desc == 0) 417 if (alert_desc == 0)
@@ -426,14 +426,10 @@ ssl3_get_record(SSL *s)
426 goto fatal_err; 426 goto fatal_err;
427 } 427 }
428 428
429 rr->data = out;
430 rr->length = out_len;
431 rr->off = 0;
432
433 /* we have pulled in a full packet so zero things */ 429 /* we have pulled in a full packet so zero things */
434 s->packet_length = 0; 430 s->packet_length = 0;
435 431
436 if (rr->length == 0) { 432 if (tls_content_remaining(s->s3->rcontent) == 0) {
437 /* 433 /*
438 * Zero-length fragments are only permitted for application 434 * Zero-length fragments are only permitted for application
439 * data, as per RFC 5246 section 6.2.1. 435 * data, as per RFC 5246 section 6.2.1.
@@ -444,6 +440,8 @@ ssl3_get_record(SSL *s)
444 goto fatal_err; 440 goto fatal_err;
445 } 441 }
446 442
443 tls_content_clear(s->s3->rcontent);
444
447 /* 445 /*
448 * CBC countermeasures for known IV weaknesses can legitimately 446 * CBC countermeasures for known IV weaknesses can legitimately
449 * insert a single empty record, so we allow ourselves to read 447 * insert a single empty record, so we allow ourselves to read
@@ -691,20 +689,9 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
691static ssize_t 689static ssize_t
692ssl3_read_cb(void *buf, size_t n, void *cb_arg) 690ssl3_read_cb(void *buf, size_t n, void *cb_arg)
693{ 691{
694 SSL3_RECORD_INTERNAL *rr;
695 SSL *s = cb_arg; 692 SSL *s = cb_arg;
696 693
697 rr = &s->s3->rrec; 694 return tls_content_read(s->s3->rcontent, buf, n);
698
699 if (n > rr->length)
700 n = rr->length;
701
702 memcpy(buf, &rr->data[rr->off], n);
703
704 rr->off += n;
705 rr->length -= n;
706
707 return n;
708} 695}
709 696
710#define SSL3_ALERT_LENGTH 2 697#define SSL3_ALERT_LENGTH 2
@@ -791,21 +778,18 @@ ssl3_read_alert(SSL *s)
791int 778int
792ssl3_read_change_cipher_spec(SSL *s) 779ssl3_read_change_cipher_spec(SSL *s)
793{ 780{
794 SSL3_RECORD_INTERNAL *rr = &s->s3->rrec; 781 const uint8_t ccs[1] = { SSL3_MT_CCS };
795 const uint8_t ccs[] = { SSL3_MT_CCS };
796 CBS cbs;
797 782
798 /* 783 /*
799 * 'Change Cipher Spec' is just a single byte, so we know exactly what 784 * 'Change Cipher Spec' is just a single byte, so we know exactly what
800 * the record payload has to look like. 785 * the record payload has to look like.
801 */ 786 */
802 CBS_init(&cbs, rr->data, rr->length); 787 if (tls_content_remaining(s->s3->rcontent) != sizeof(ccs)) {
803 if (rr->off != 0 || CBS_len(&cbs) != sizeof(ccs)) {
804 SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC); 788 SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC);
805 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 789 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
806 return -1; 790 return -1;
807 } 791 }
808 if (!CBS_mem_equal(&cbs, ccs, sizeof(ccs))) { 792 if (!tls_content_equal(s->s3->rcontent, ccs, sizeof(ccs))) {
809 SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC); 793 SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC);
810 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); 794 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
811 return -1; 795 return -1;
@@ -813,7 +797,8 @@ ssl3_read_change_cipher_spec(SSL *s)
813 797
814 /* XDTLS: check that epoch is consistent */ 798 /* XDTLS: check that epoch is consistent */
815 799
816 ssl_msg_callback_cbs(s, 0, SSL3_RT_CHANGE_CIPHER_SPEC, &cbs); 800 ssl_msg_callback_cbs(s, 0, SSL3_RT_CHANGE_CIPHER_SPEC,
801 tls_content_cbs(s->s3->rcontent));
817 802
818 /* Check that we have a cipher to change to. */ 803 /* Check that we have a cipher to change to. */
819 if (s->s3->hs.cipher == NULL) { 804 if (s->s3->hs.cipher == NULL) {
@@ -830,7 +815,7 @@ ssl3_read_change_cipher_spec(SSL *s)
830 * handshake messages are still missing, so just 815 * handshake messages are still missing, so just
831 * drop it. 816 * drop it.
832 */ 817 */
833 rr->length = 0; 818 tls_content_clear(s->s3->rcontent);
834 return 1; 819 return 1;
835 } 820 }
836 s->d1->change_cipher_spec_ok = 0; 821 s->d1->change_cipher_spec_ok = 0;
@@ -844,7 +829,7 @@ ssl3_read_change_cipher_spec(SSL *s)
844 s->s3->flags &= ~SSL3_FLAGS_CCS_OK; 829 s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
845 } 830 }
846 831
847 rr->length = 0; 832 tls_content_clear(s->s3->rcontent);
848 833
849 s->s3->change_cipher_spec = 1; 834 s->s3->change_cipher_spec = 1;
850 if (!ssl3_do_change_cipher_spec(s)) 835 if (!ssl3_do_change_cipher_spec(s))
@@ -1053,9 +1038,8 @@ ssl3_read_handshake_unexpected(SSL *s)
1053int 1038int
1054ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) 1039ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1055{ 1040{
1056 SSL3_RECORD_INTERNAL *rr;
1057 int rrcount = 0; 1041 int rrcount = 0;
1058 unsigned int n; 1042 ssize_t ssret;
1059 int ret; 1043 int ret;
1060 1044
1061 if (s->s3->rbuf.buf == NULL) { 1045 if (s->s3->rbuf.buf == NULL) {
@@ -1063,6 +1047,11 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1063 return -1; 1047 return -1;
1064 } 1048 }
1065 1049
1050 if (s->s3->rcontent == NULL) {
1051 if ((s->s3->rcontent = tls_content_new()) == NULL)
1052 return -1;
1053 }
1054
1066 if (len < 0) { 1055 if (len < 0) {
1067 SSLerror(s, ERR_R_INTERNAL_ERROR); 1056 SSLerror(s, ERR_R_INTERNAL_ERROR);
1068 return -1; 1057 return -1;
@@ -1120,16 +1109,15 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1120 1109
1121 s->rwstate = SSL_NOTHING; 1110 s->rwstate = SSL_NOTHING;
1122 1111
1123 rr = &s->s3->rrec; 1112 if (tls_content_remaining(s->s3->rcontent) == 0) {
1124
1125 if (rr->length == 0 || s->rstate == SSL_ST_READ_BODY) {
1126 if ((ret = ssl3_get_record(s)) <= 0) 1113 if ((ret = ssl3_get_record(s)) <= 0)
1127 return ret; 1114 return ret;
1128 } 1115 }
1129 1116
1130 /* We now have a packet which can be read and processed. */ 1117 /* We now have a packet which can be read and processed. */
1131 1118
1132 if (s->s3->change_cipher_spec && rr->type != SSL3_RT_HANDSHAKE) { 1119 if (s->s3->change_cipher_spec &&
1120 tls_content_type(s->s3->rcontent) != SSL3_RT_HANDSHAKE) {
1133 SSLerror(s, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); 1121 SSLerror(s, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
1134 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); 1122 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1135 return -1; 1123 return -1;
@@ -1141,12 +1129,13 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1141 */ 1129 */
1142 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { 1130 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
1143 s->rwstate = SSL_NOTHING; 1131 s->rwstate = SSL_NOTHING;
1144 rr->length = 0; 1132 tls_content_clear(s->s3->rcontent);
1133 s->s3->rrec.length = 0;
1145 return 0; 1134 return 0;
1146 } 1135 }
1147 1136
1148 /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ 1137 /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
1149 if (type == rr->type) { 1138 if (tls_content_type(s->s3->rcontent) == type) {
1150 /* 1139 /*
1151 * Make sure that we are not getting application data when we 1140 * Make sure that we are not getting application data when we
1152 * are doing a handshake for the first time. 1141 * are doing a handshake for the first time.
@@ -1162,34 +1151,28 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1162 if (len <= 0) 1151 if (len <= 0)
1163 return len; 1152 return len;
1164 1153
1165 if ((unsigned int)len > rr->length) 1154 if (peek) {
1166 n = rr->length; 1155 ssret = tls_content_peek(s->s3->rcontent, buf, len);
1167 else 1156 } else {
1168 n = (unsigned int)len; 1157 ssret = tls_content_read(s->s3->rcontent, buf, len);
1169
1170 memcpy(buf, &rr->data[rr->off], n);
1171 if (!peek) {
1172 memset(&rr->data[rr->off], 0, n);
1173 rr->length -= n;
1174 rr->off += n;
1175 if (rr->length == 0) {
1176 s->rstate = SSL_ST_READ_HEADER;
1177 rr->off = 0;
1178 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
1179 s->s3->rbuf.left == 0)
1180 ssl3_release_read_buffer(s);
1181 }
1182 } 1158 }
1159 if (ssret < INT_MIN || ssret > INT_MAX)
1160 return -1;
1161 if (ssret < 0)
1162 return (int)ssret;
1183 1163
1184 return n; 1164 if (tls_content_remaining(s->s3->rcontent) == 0) {
1185 } 1165 s->rstate = SSL_ST_READ_HEADER;
1186 1166
1187 /* 1167 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
1188 * If we get here, then type != rr->type; if we have a handshake 1168 s->s3->rbuf.left == 0)
1189 * message, then it was unexpected (Hello Request or Client Hello). 1169 ssl3_release_read_buffer(s);
1190 */ 1170 }
1171
1172 return ssret;
1173 }
1191 1174
1192 if (rr->type == SSL3_RT_ALERT) { 1175 if (tls_content_type(s->s3->rcontent) == SSL3_RT_ALERT) {
1193 if ((ret = ssl3_read_alert(s)) <= 0) 1176 if ((ret = ssl3_read_alert(s)) <= 0)
1194 return ret; 1177 return ret;
1195 goto start; 1178 goto start;
@@ -1197,11 +1180,12 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1197 1180
1198 if (s->shutdown & SSL_SENT_SHUTDOWN) { 1181 if (s->shutdown & SSL_SENT_SHUTDOWN) {
1199 s->rwstate = SSL_NOTHING; 1182 s->rwstate = SSL_NOTHING;
1200 rr->length = 0; 1183 tls_content_clear(s->s3->rcontent);
1184 s->s3->rrec.length = 0;
1201 return 0; 1185 return 0;
1202 } 1186 }
1203 1187
1204 if (rr->type == SSL3_RT_APPLICATION_DATA) { 1188 if (tls_content_type(s->s3->rcontent) == SSL3_RT_APPLICATION_DATA) {
1205 /* 1189 /*
1206 * At this point, we were expecting handshake data, but have 1190 * At this point, we were expecting handshake data, but have
1207 * application data. If the library was running inside 1191 * application data. If the library was running inside
@@ -1227,13 +1211,13 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1227 } 1211 }
1228 } 1212 }
1229 1213
1230 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) { 1214 if (tls_content_type(s->s3->rcontent) == SSL3_RT_CHANGE_CIPHER_SPEC) {
1231 if ((ret = ssl3_read_change_cipher_spec(s)) <= 0) 1215 if ((ret = ssl3_read_change_cipher_spec(s)) <= 0)
1232 return ret; 1216 return ret;
1233 goto start; 1217 goto start;
1234 } 1218 }
1235 1219
1236 if (rr->type == SSL3_RT_HANDSHAKE) { 1220 if (tls_content_type(s->s3->rcontent) == SSL3_RT_HANDSHAKE) {
1237 if ((ret = ssl3_read_handshake_unexpected(s)) <= 0) 1221 if ((ret = ssl3_read_handshake_unexpected(s)) <= 0)
1238 return ret; 1222 return ret;
1239 goto start; 1223 goto start;
@@ -1244,7 +1228,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1244 * earlier versions silently ignore the record. 1228 * earlier versions silently ignore the record.
1245 */ 1229 */
1246 if (ssl_effective_tls_version(s) <= TLS1_1_VERSION) { 1230 if (ssl_effective_tls_version(s) <= TLS1_1_VERSION) {
1247 rr->length = 0; 1231 tls_content_clear(s->s3->rcontent);
1248 goto start; 1232 goto start;
1249 } 1233 }
1250 SSLerror(s, SSL_R_UNEXPECTED_RECORD); 1234 SSLerror(s, SSL_R_UNEXPECTED_RECORD);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-17 20:47:18 +0000