Clean up {dtls1,ssl3}_read_bytes()

Now that {dtls1,ssl3}_read_bytes() have been refactored, do a clean up pass - this cleans up various parts of the code and reduces differences between these two functions. ok = 1; *(&(ok)) tb@ ok inoguchi@
author: jsing <> 2022-03-26 15:05:53 +0000
committer: jsing <> 2022-03-26 15:05:53 +0000
commit: 2ce3af26514a8bfe23e0605aa5b31dc0ab865be1 (patch)
tree: 0e5ddc4d53a4d3e855b283f8436d0f4367460d9b /src/lib/libssl/ssl_pkt.c
parent: 527e43312b5c8483664095a6593080962d0b2424 (diff)
download: openbsd-2ce3af26514a8bfe23e0605aa5b31dc0ab865be1.tar.gz
openbsd-2ce3af26514a8bfe23e0605aa5b31dc0ab865be1.tar.bz2
openbsd-2ce3af26514a8bfe23e0605aa5b31dc0ab865be1.zip
1 files changed, 83 insertions, 107 deletions
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index 57230f8fae..3dd0269540 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.57 2022/03/17 17:28:08 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.58 2022/03/26 15:05:53 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1008,37 +1008,40 @@ ssl3_read_handshake_unexpected(SSL *s)
 int
 ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
 {
-        int al, i, ret;
+        SSL3_RECORD_INTERNAL *rr;
        int rrcount = 0;
        unsigned int n;
-        SSL3_RECORD_INTERNAL *rr;
+        int ret;
-        if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
+        if (s->s3->rbuf.buf == NULL) {
                if (!ssl3_setup_read_buffer(s))
-                        return (-1);
+                        return -1;
+        }
        if (len < 0) {
                SSLerror(s, ERR_R_INTERNAL_ERROR);
                return -1;
        }
-        if ((type && type != SSL3_RT_APPLICATION_DATA &&
+        if (type != 0 && type != SSL3_RT_APPLICATION_DATA &&
-            type != SSL3_RT_HANDSHAKE) ||
+            type != SSL3_RT_HANDSHAKE) {
-            (peek && (type != SSL3_RT_APPLICATION_DATA))) {
+                SSLerror(s, ERR_R_INTERNAL_ERROR);
+                return -1;
+        }
+        if (peek && type != SSL3_RT_APPLICATION_DATA) {
                SSLerror(s, ERR_R_INTERNAL_ERROR);
                return -1;
        }
-        if ((type == SSL3_RT_HANDSHAKE) &&
+        if (type == SSL3_RT_HANDSHAKE && s->s3->handshake_fragment_len > 0) {
-            (s->s3->handshake_fragment_len > 0)) {
+                /* Partially satisfy request from fragment storage. */
-                /* (partially) satisfy request from storage */
                unsigned char *src = s->s3->handshake_fragment;
                unsigned char *dst = buf;
                unsigned int k;
                /* peek == 0 */
                n = 0;
-                while ((len > 0) && (s->s3->handshake_fragment_len > 0)) {
+                while (len > 0 && s->s3->handshake_fragment_len > 0) {
                        *dst++ = *src++;
                        len--;
                        s->s3->handshake_fragment_len--;
@@ -1050,18 +1053,12 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
                return n;
        }
-        /*
+        if (SSL_in_init(s) && !s->internal->in_handshake) {
-         * Now s->s3->handshake_fragment_len == 0 if
+                if ((ret = s->internal->handshake_func(s)) < 0)
-         * type == SSL3_RT_HANDSHAKE.
+                        return ret;
-         */
+                if (ret == 0) {
-        if (!s->internal->in_handshake && SSL_in_init(s)) {
-                /* type == SSL3_RT_APPLICATION_DATA */
-                i = s->internal->handshake_func(s);
-                if (i < 0)
-                        return (i);
-                if (i == 0) {
                        SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
-                        return (-1);
+                        return -1;
                }
        }
@@ -1081,61 +1078,56 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
        s->internal->rwstate = SSL_NOTHING;
-        /*
+        rr = &s->s3->rrec;
-         * s->s3->rrec.type         - is the type of record
-         * s->s3->rrec.data,    - data
-         * s->s3->rrec.off,     - offset into 'data' for next read
-         * s->s3->rrec.length,  - number of bytes.
-         */
-        rr = &(s->s3->rrec);
-        /* get new packet if necessary */
+        if (rr->length == 0 || s->internal->rstate == SSL_ST_READ_BODY) {
-        if ((rr->length == 0) || (s->internal->rstate == SSL_ST_READ_BODY)) {
+                if ((ret = ssl3_get_record(s)) <= 0)
-                ret = ssl3_get_record(s);
+                        return ret;
-                if (ret <= 0)
-                        return (ret);
        }
-        /* we now have a packet which can be read and processed */
+        /* We now have a packet which can be read and processed. */
-        if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
+        if (s->s3->change_cipher_spec && rr->type != SSL3_RT_HANDSHAKE) {
-                                       * reset by ssl3_get_finished */
-            && (rr->type != SSL3_RT_HANDSHAKE)) {
-                al = SSL_AD_UNEXPECTED_MESSAGE;
                SSLerror(s, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
-                goto fatal_err;
+                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+                return -1;
        }
-        /* If the other end has shut down, throw anything we read away
+        /*
-         * (even in 'peek' mode) */
+         * If the other end has shut down, throw anything we read away (even in
+         * 'peek' mode).
+         */
        if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) {
-                rr->length = 0;
                s->internal->rwstate = SSL_NOTHING;
-                return (0);
+                rr->length = 0;
+                return 0;
        }
        /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
        if (type == rr->type) {
-                /* make sure that we are not getting application data when we
+                /*
-                 * are doing a handshake for the first time */
+                 * Make sure that we are not getting application data when we
+                 * are doing a handshake for the first time.
+                 */
                if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA &&
                    !tls12_record_layer_read_protected(s->internal->rl)) {
-                        al = SSL_AD_UNEXPECTED_MESSAGE;
                        SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
-                        goto fatal_err;
+                        ssl3_send_alert(s, SSL3_AL_FATAL,
+                            SSL_AD_UNEXPECTED_MESSAGE);
+                        return -1;
                }
                if (len <= 0)
-                        return (len);
+                        return len;
                if ((unsigned int)len > rr->length)
                        n = rr->length;
                else
                        n = (unsigned int)len;
-                memcpy(buf, &(rr->data[rr->off]), n);
+                memcpy(buf, &rr->data[rr->off], n);
                if (!peek) {
-                        memset(&(rr->data[rr->off]), 0, n);
+                        memset(&rr->data[rr->off], 0, n);
                        rr->length -= n;
                        rr->off += n;
                        if (rr->length == 0) {
@@ -1146,7 +1138,8 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
                                        ssl3_release_read_buffer(s);
                        }
                }
-                return (n);
+                return n;
        }
        /*
@@ -1161,77 +1154,60 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
        }
        if (s->internal->shutdown & SSL_SENT_SHUTDOWN) {
-                /* but we have not received a shutdown */
                s->internal->rwstate = SSL_NOTHING;
                rr->length = 0;
-                return (0);
+                return 0;
-        }
-        if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
-                if ((ret = ssl3_read_change_cipher_spec(s)) <= 0)
-                        return ret;
-                goto start;
-        }
-        if (rr->type == SSL3_RT_HANDSHAKE) {
-                if ((ret = ssl3_read_handshake_unexpected(s)) <= 0)
-                        return ret;
-                goto start;
        }
-        switch (rr->type) {
+        if (rr->type == SSL3_RT_APPLICATION_DATA) {
-        default:
                /*
-                 * TLS up to v1.1 just ignores unknown message types:
+                 * At this point, we were expecting handshake data, but have
-                 * TLS v1.2 give an unexpected message alert.
+                 * application data. If the library was running inside
+                 * ssl3_read() (i.e. in_read_app_data is set) and it makes
+                 * sense to read application data at this point (session
+                 * renegotiation not yet started), we will indulge it.
                 */
-                if (s->version >= TLS1_VERSION &&
+                if (s->s3->in_read_app_data != 0 &&
-                    s->version <= TLS1_1_VERSION) {
+                    s->s3->total_renegotiations != 0 &&
-                        rr->length = 0;
-                        goto start;
-                }
-                al = SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerror(s, SSL_R_UNEXPECTED_RECORD);
-                goto fatal_err;
-        case SSL3_RT_CHANGE_CIPHER_SPEC:
-        case SSL3_RT_ALERT:
-        case SSL3_RT_HANDSHAKE:
-                /* we already handled all of these, with the possible exception
-                 * of SSL3_RT_HANDSHAKE when s->internal->in_handshake is set, but that
-                 * should not happen when type != rr->type */
-                al = SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                goto fatal_err;
-        case SSL3_RT_APPLICATION_DATA:
-                /* At this point, we were expecting handshake data,
-                 * but have application data.  If the library was
-                 * running inside ssl3_read() (i.e. in_read_app_data
-                 * is set) and it makes sense to read application data
-                 * at this point (session renegotiation not yet started),
-                 * we will indulge it.
-                 */
-                if (s->s3->in_read_app_data &&
-                    (s->s3->total_renegotiations != 0) &&
                    (((s->s3->hs.state & SSL_ST_CONNECT) &&
                    (s->s3->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) &&
-                    (s->s3->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) ||
+                    (s->s3->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || (
-                    ((s->s3->hs.state & SSL_ST_ACCEPT) &&
+                    (s->s3->hs.state & SSL_ST_ACCEPT) &&
                    (s->s3->hs.state <= SSL3_ST_SW_HELLO_REQ_A) &&
                    (s->s3->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
                        s->s3->in_read_app_data = 2;
-                        return (-1);
+                        return -1;
                } else {
-                        al = SSL_AD_UNEXPECTED_MESSAGE;
                        SSLerror(s, SSL_R_UNEXPECTED_RECORD);
-                        goto fatal_err;
+                        ssl3_send_alert(s, SSL3_AL_FATAL,
+                            SSL_AD_UNEXPECTED_MESSAGE);
+                        return -1;
                }
        }
-        /* not reached */
- fatal_err:
+        if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+                if ((ret = ssl3_read_change_cipher_spec(s)) <= 0)
+                        return ret;
+                goto start;
+        }
-        return (-1);
+        if (rr->type == SSL3_RT_HANDSHAKE) {
+                if ((ret = ssl3_read_handshake_unexpected(s)) <= 0)
+                        return ret;
+                goto start;
+        }
+        /*
+         * Unknown record type - TLSv1.2 sends an unexpected message alert while
+         * earlier versions silently ignore the record.
+         */
+        if (ssl_effective_tls_version(s) <= TLS1_1_VERSION) {
+                rr->length = 0;
+                goto start;
+        }
+        SSLerror(s, SSL_R_UNEXPECTED_RECORD);
+        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+        return -1;
 }
 int
author	jsing <>	2022-03-26 15:05:53 +0000
committer	jsing <>	2022-03-26 15:05:53 +0000
commit	2ce3af26514a8bfe23e0605aa5b31dc0ab865be1 (patch)
tree	0e5ddc4d53a4d3e855b283f8436d0f4367460d9b /src/lib/libssl/ssl_pkt.c
parent	527e43312b5c8483664095a6593080962d0b2424 (diff)
download	openbsd-2ce3af26514a8bfe23e0605aa5b31dc0ab865be1.tar.gz openbsd-2ce3af26514a8bfe23e0605aa5b31dc0ab865be1.tar.bz2 openbsd-2ce3af26514a8bfe23e0605aa5b31dc0ab865be1.zip

diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c index 57230f8fae..3dd0269540 100644 --- a/src/lib/libssl/ssl_pkt.c +++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_pkt.c,v 1.57 2022/03/17 17:28:08 jsing Exp $ */	1	/* $OpenBSD: ssl_pkt.c,v 1.58 2022/03/26 15:05:53 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1008,37 +1008,40 @@ ssl3_read_handshake_unexpected(SSL *s)
1008	int	1008	int
1009	ssl3_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)	1009	ssl3_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
1010	{	1010	{
1011	int al, i, ret;	1011	SSL3_RECORD_INTERNAL *rr;
1012	int rrcount = 0;	1012	int rrcount = 0;
1013	unsigned int n;	1013	unsigned int n;
1014	SSL3_RECORD_INTERNAL *rr;	1014	int ret;
1015		1015
1016	if (s->s3->rbuf.buf == NULL) /* Not initialized yet */	1016	if (s->s3->rbuf.buf == NULL) {
1017	if (!ssl3_setup_read_buffer(s))	1017	if (!ssl3_setup_read_buffer(s))
1018	return (-1);	1018	return -1;
		1019	}
1019		1020
1020	if (len < 0) {	1021	if (len < 0) {
1021	SSLerror(s, ERR_R_INTERNAL_ERROR);	1022	SSLerror(s, ERR_R_INTERNAL_ERROR);
1022	return -1;	1023	return -1;
1023	}	1024	}
1024		1025
1025	if ((type && type != SSL3_RT_APPLICATION_DATA &&	1026	if (type != 0 && type != SSL3_RT_APPLICATION_DATA &&
1026	type != SSL3_RT_HANDSHAKE) \|\|	1027	type != SSL3_RT_HANDSHAKE) {
1027	(peek && (type != SSL3_RT_APPLICATION_DATA))) {	1028	SSLerror(s, ERR_R_INTERNAL_ERROR);
		1029	return -1;
		1030	}
		1031	if (peek && type != SSL3_RT_APPLICATION_DATA) {
1028	SSLerror(s, ERR_R_INTERNAL_ERROR);	1032	SSLerror(s, ERR_R_INTERNAL_ERROR);
1029	return -1;	1033	return -1;
1030	}	1034	}
1031		1035
1032	if ((type == SSL3_RT_HANDSHAKE) &&	1036	if (type == SSL3_RT_HANDSHAKE && s->s3->handshake_fragment_len > 0) {
1033	(s->s3->handshake_fragment_len > 0)) {	1037	/* Partially satisfy request from fragment storage. */
1034	/* (partially) satisfy request from storage */
1035	unsigned char *src = s->s3->handshake_fragment;	1038	unsigned char *src = s->s3->handshake_fragment;
1036	unsigned char *dst = buf;	1039	unsigned char *dst = buf;
1037	unsigned int k;	1040	unsigned int k;
1038		1041
1039	/* peek == 0 */	1042	/* peek == 0 */
1040	n = 0;	1043	n = 0;
1041	while ((len > 0) && (s->s3->handshake_fragment_len > 0)) {	1044	while (len > 0 && s->s3->handshake_fragment_len > 0) {
1042	dst++ = src++;	1045	dst++ = src++;
1043	len--;	1046	len--;
1044	s->s3->handshake_fragment_len--;	1047	s->s3->handshake_fragment_len--;
@@ -1050,18 +1053,12 @@ ssl3_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
1050	return n;	1053	return n;
1051	}	1054	}
1052		1055
1053	/*	1056	if (SSL_in_init(s) && !s->internal->in_handshake) {
1054	* Now s->s3->handshake_fragment_len == 0 if	1057	if ((ret = s->internal->handshake_func(s)) < 0)
1055	* type == SSL3_RT_HANDSHAKE.	1058	return ret;
1056	*/	1059	if (ret == 0) {
1057	if (!s->internal->in_handshake && SSL_in_init(s)) {
1058	/* type == SSL3_RT_APPLICATION_DATA */
1059	i = s->internal->handshake_func(s);
1060	if (i < 0)
1061	return (i);
1062	if (i == 0) {
1063	SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);	1060	SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
1064	return (-1);	1061	return -1;
1065	}	1062	}
1066	}	1063	}
1067		1064
@@ -1081,61 +1078,56 @@ ssl3_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
1081		1078
1082	s->internal->rwstate = SSL_NOTHING;	1079	s->internal->rwstate = SSL_NOTHING;
1083		1080
1084	/*	1081	rr = &s->s3->rrec;
1085	* s->s3->rrec.type - is the type of record
1086	* s->s3->rrec.data, - data
1087	* s->s3->rrec.off, - offset into 'data' for next read
1088	* s->s3->rrec.length, - number of bytes.
1089	*/
1090	rr = &(s->s3->rrec);
1091		1082
1092	/* get new packet if necessary */	1083	if (rr->length == 0 \|\| s->internal->rstate == SSL_ST_READ_BODY) {
1093	if ((rr->length == 0) \|\| (s->internal->rstate == SSL_ST_READ_BODY)) {	1084	if ((ret = ssl3_get_record(s)) <= 0)
1094	ret = ssl3_get_record(s);	1085	return ret;
1095	if (ret <= 0)
1096	return (ret);
1097	}	1086	}
1098		1087
1099	/* we now have a packet which can be read and processed */	1088	/* We now have a packet which can be read and processed. */
1100		1089
1101	if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,	1090	if (s->s3->change_cipher_spec && rr->type != SSL3_RT_HANDSHAKE) {
1102	* reset by ssl3_get_finished */
1103	&& (rr->type != SSL3_RT_HANDSHAKE)) {
1104	al = SSL_AD_UNEXPECTED_MESSAGE;
1105	SSLerror(s, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);	1091	SSLerror(s, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
1106	goto fatal_err;	1092	ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
		1093	return -1;
1107	}	1094	}
1108		1095
1109	/* If the other end has shut down, throw anything we read away	1096	/*
1110	* (even in 'peek' mode) */	1097	* If the other end has shut down, throw anything we read away (even in
		1098	* 'peek' mode).
		1099	*/
1111	if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) {	1100	if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) {
1112	rr->length = 0;
1113	s->internal->rwstate = SSL_NOTHING;	1101	s->internal->rwstate = SSL_NOTHING;
1114	return (0);	1102	rr->length = 0;
		1103	return 0;
1115	}	1104	}
1116		1105
1117	/* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */	1106	/* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
1118	if (type == rr->type) {	1107	if (type == rr->type) {
1119	/* make sure that we are not getting application data when we	1108	/*
1120	* are doing a handshake for the first time */	1109	* Make sure that we are not getting application data when we
		1110	* are doing a handshake for the first time.
		1111	*/
1121	if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA &&	1112	if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA &&
1122	!tls12_record_layer_read_protected(s->internal->rl)) {	1113	!tls12_record_layer_read_protected(s->internal->rl)) {
1123	al = SSL_AD_UNEXPECTED_MESSAGE;
1124	SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);	1114	SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
1125	goto fatal_err;	1115	ssl3_send_alert(s, SSL3_AL_FATAL,
		1116	SSL_AD_UNEXPECTED_MESSAGE);
		1117	return -1;
1126	}	1118	}
1127		1119
1128	if (len <= 0)	1120	if (len <= 0)
1129	return (len);	1121	return len;
1130		1122
1131	if ((unsigned int)len > rr->length)	1123	if ((unsigned int)len > rr->length)
1132	n = rr->length;	1124	n = rr->length;
1133	else	1125	else
1134	n = (unsigned int)len;	1126	n = (unsigned int)len;
1135		1127
1136	memcpy(buf, &(rr->data[rr->off]), n);	1128	memcpy(buf, &rr->data[rr->off], n);
1137	if (!peek) {	1129	if (!peek) {
1138	memset(&(rr->data[rr->off]), 0, n);	1130	memset(&rr->data[rr->off], 0, n);
1139	rr->length -= n;	1131	rr->length -= n;
1140	rr->off += n;	1132	rr->off += n;
1141	if (rr->length == 0) {	1133	if (rr->length == 0) {
@@ -1146,7 +1138,8 @@ ssl3_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
1146	ssl3_release_read_buffer(s);	1138	ssl3_release_read_buffer(s);
1147	}	1139	}
1148	}	1140	}
1149	return (n);	1141
		1142	return n;
1150	}	1143	}
1151		1144
1152	/*	1145	/*
@@ -1161,77 +1154,60 @@ ssl3_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
1161	}	1154	}
1162		1155
1163	if (s->internal->shutdown & SSL_SENT_SHUTDOWN) {	1156	if (s->internal->shutdown & SSL_SENT_SHUTDOWN) {
1164	/* but we have not received a shutdown */
1165	s->internal->rwstate = SSL_NOTHING;	1157	s->internal->rwstate = SSL_NOTHING;
1166	rr->length = 0;	1158	rr->length = 0;
1167	return (0);	1159	return 0;
1168	}
1169
1170	if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
1171	if ((ret = ssl3_read_change_cipher_spec(s)) <= 0)
1172	return ret;
1173	goto start;
1174	}
1175
1176	if (rr->type == SSL3_RT_HANDSHAKE) {
1177	if ((ret = ssl3_read_handshake_unexpected(s)) <= 0)
1178	return ret;
1179	goto start;
1180	}	1160	}
1181		1161
1182	switch (rr->type) {	1162	if (rr->type == SSL3_RT_APPLICATION_DATA) {
1183	default:
1184	/*	1163	/*
1185	* TLS up to v1.1 just ignores unknown message types:	1164	* At this point, we were expecting handshake data, but have
1186	* TLS v1.2 give an unexpected message alert.	1165	* application data. If the library was running inside
		1166	* ssl3_read() (i.e. in_read_app_data is set) and it makes
		1167	* sense to read application data at this point (session
		1168	* renegotiation not yet started), we will indulge it.
1187	*/	1169	*/
1188	if (s->version >= TLS1_VERSION &&	1170	if (s->s3->in_read_app_data != 0 &&
1189	s->version <= TLS1_1_VERSION) {	1171	s->s3->total_renegotiations != 0 &&
1190	rr->length = 0;
1191	goto start;
1192	}
1193	al = SSL_AD_UNEXPECTED_MESSAGE;
1194	SSLerror(s, SSL_R_UNEXPECTED_RECORD);
1195	goto fatal_err;
1196	case SSL3_RT_CHANGE_CIPHER_SPEC:
1197	case SSL3_RT_ALERT:
1198	case SSL3_RT_HANDSHAKE:
1199	/* we already handled all of these, with the possible exception
1200	* of SSL3_RT_HANDSHAKE when s->internal->in_handshake is set, but that
1201	* should not happen when type != rr->type */
1202	al = SSL_AD_UNEXPECTED_MESSAGE;
1203	SSLerror(s, ERR_R_INTERNAL_ERROR);
1204	goto fatal_err;
1205	case SSL3_RT_APPLICATION_DATA:
1206	/* At this point, we were expecting handshake data,
1207	* but have application data. If the library was
1208	* running inside ssl3_read() (i.e. in_read_app_data
1209	* is set) and it makes sense to read application data
1210	* at this point (session renegotiation not yet started),
1211	* we will indulge it.
1212	*/
1213	if (s->s3->in_read_app_data &&
1214	(s->s3->total_renegotiations != 0) &&
1215	(((s->s3->hs.state & SSL_ST_CONNECT) &&	1172	(((s->s3->hs.state & SSL_ST_CONNECT) &&
1216	(s->s3->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) &&	1173	(s->s3->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) &&
1217	(s->s3->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) \|\|	1174	(s->s3->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) \|\| (
1218	((s->s3->hs.state & SSL_ST_ACCEPT) &&	1175	(s->s3->hs.state & SSL_ST_ACCEPT) &&
1219	(s->s3->hs.state <= SSL3_ST_SW_HELLO_REQ_A) &&	1176	(s->s3->hs.state <= SSL3_ST_SW_HELLO_REQ_A) &&
1220	(s->s3->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) {	1177	(s->s3->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
1221	s->s3->in_read_app_data = 2;	1178	s->s3->in_read_app_data = 2;
1222	return (-1);	1179	return -1;
1223	} else {	1180	} else {
1224	al = SSL_AD_UNEXPECTED_MESSAGE;
1225	SSLerror(s, SSL_R_UNEXPECTED_RECORD);	1181	SSLerror(s, SSL_R_UNEXPECTED_RECORD);
1226	goto fatal_err;	1182	ssl3_send_alert(s, SSL3_AL_FATAL,
		1183	SSL_AD_UNEXPECTED_MESSAGE);
		1184	return -1;
1227	}	1185	}
1228	}	1186	}
1229	/* not reached */
1230		1187
1231	fatal_err:	1188	if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
1232	ssl3_send_alert(s, SSL3_AL_FATAL, al);	1189	if ((ret = ssl3_read_change_cipher_spec(s)) <= 0)
		1190	return ret;
		1191	goto start;
		1192	}
1233		1193
1234	return (-1);	1194	if (rr->type == SSL3_RT_HANDSHAKE) {
		1195	if ((ret = ssl3_read_handshake_unexpected(s)) <= 0)
		1196	return ret;
		1197	goto start;
		1198	}
		1199
		1200	/*
		1201	* Unknown record type - TLSv1.2 sends an unexpected message alert while
		1202	* earlier versions silently ignore the record.
		1203	*/
		1204	if (ssl_effective_tls_version(s) <= TLS1_1_VERSION) {
		1205	rr->length = 0;
		1206	goto start;
		1207	}
		1208	SSLerror(s, SSL_R_UNEXPECTED_RECORD);
		1209	ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
		1210	return -1;
1235	}	1211	}
1236		1212
1237	int	1213	int