summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authortb <>2020-06-01 19:51:31 +0000
committertb <>2020-06-01 19:51:31 +0000
commit4e967b47a9720e5103bffe1537f460142bb49437 (patch)
treeec75cae4bc63fe2fadaccf9167466567d3f5196a /src
parente495e6d54d419f6c036260759c1c9f274a80cfcd (diff)
downloadopenbsd-4e967b47a9720e5103bffe1537f460142bb49437.tar.gz
openbsd-4e967b47a9720e5103bffe1537f460142bb49437.tar.bz2
openbsd-4e967b47a9720e5103bffe1537f460142bb49437.zip
Split the handling of post handshake handshake messages into its
own recv function. This simplifies tls13_recod_layer_read_internal() greatly and makes the phh handling easier to reason about since the code is no longer glued to the right hand edge of the terminal. ok jsing
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/tls13_record_layer.c99
1 files changed, 44 insertions, 55 deletions
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c
index 6c48c93f08..9465a54b6d 100644
--- a/src/lib/libssl/tls13_record_layer.c
+++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_record_layer.c,v 1.48 2020/06/01 07:59:49 tb Exp $ */ 1/* $OpenBSD: tls13_record_layer.c,v 1.49 2020/06/01 19:51:31 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -885,6 +885,40 @@ tls13_record_layer_pending(struct tls13_record_layer *rl, uint8_t content_type)
885} 885}
886 886
887static ssize_t 887static ssize_t
888tls13_record_layer_recv_phh(struct tls13_record_layer *rl)
889{
890 ssize_t ret = TLS13_IO_FAILURE;
891
892 rl->phh = 1;
893
894 /*
895 * The post handshake handshake receive callback is allowed to return:
896 *
897 * TLS13_IO_WANT_POLLIN need more handshake data.
898 * TLS13_IO_WANT_POLLOUT got whole handshake message, response enqueued.
899 * TLS13_IO_SUCCESS got the whole handshake, nothing more to do.
900 * TLS13_IO_FAILURE something broke.
901 */
902 if (rl->cb.phh_recv != NULL)
903 ret = rl->cb.phh_recv(rl->cb_arg, &rl->rbuf_cbs);
904
905 tls13_record_layer_rbuf_free(rl);
906
907 /* Leave post handshake handshake mode unless we need more data. */
908 if (ret != TLS13_IO_WANT_POLLIN)
909 rl->phh = 0;
910
911 if (ret == TLS13_IO_SUCCESS) {
912 if (rl->phh_retry)
913 return TLS13_IO_WANT_RETRY;
914
915 return TLS13_IO_WANT_POLLIN;
916 }
917
918 return ret;
919}
920
921static ssize_t
888tls13_record_layer_read_internal(struct tls13_record_layer *rl, 922tls13_record_layer_read_internal(struct tls13_record_layer *rl,
889 uint8_t content_type, uint8_t *buf, size_t n, int peek) 923 uint8_t content_type, uint8_t *buf, size_t n, int peek)
890{ 924{
@@ -912,68 +946,23 @@ tls13_record_layer_read_internal(struct tls13_record_layer *rl,
912 } 946 }
913 947
914 /* 948 /*
915 * If we are in post handshake handshake mode, we may not see 949 * If we are in post handshake handshake mode, we must not see
916 * any record type that isn't a handshake until we are done. 950 * any record type that isn't a handshake until we are done.
917 */ 951 */
918 if (rl->phh && rl->rbuf_content_type != SSL3_RT_HANDSHAKE) 952 if (rl->phh && rl->rbuf_content_type != SSL3_RT_HANDSHAKE)
919 return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE); 953 return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE);
920 954
955 /*
956 * Handshake content can appear as post-handshake messages (yup,
957 * the RFC reused the same content type...), which means we can
958 * be trying to read application data and need to handle a
959 * post-handshake handshake message instead...
960 */
921 if (rl->rbuf_content_type != content_type) { 961 if (rl->rbuf_content_type != content_type) {
922 /*
923 * Handshake content can appear as post-handshake messages (yup,
924 * the RFC reused the same content type...), which means we can
925 * be trying to read application data and need to handle a
926 * post-handshake handshake message instead...
927 */
928 if (rl->rbuf_content_type == SSL3_RT_HANDSHAKE) { 962 if (rl->rbuf_content_type == SSL3_RT_HANDSHAKE) {
929 if (rl->handshake_completed) { 963 if (rl->handshake_completed)
930 rl->phh = 1; 964 return tls13_record_layer_recv_phh(rl);
931 ret = TLS13_IO_FAILURE;
932
933 /*
934 * The post handshake handshake
935 * receive callback is allowed to
936 * return:
937 *
938 * TLS13_IO_WANT_POLLIN ->
939 * I need more handshake data.
940 *
941 * TLS13_IO_WANT_POLLOUT -> I got the
942 * whole handshake message, and have
943 * enqueued a response
944 *
945 * TLS13_IO_SUCCESS -> I got the whole handshake,
946 * nothing more to do
947 *
948 * TLS13_IO_FAILURE -> something broke.
949 */
950 if (rl->cb.phh_recv != NULL) {
951 ret = rl->cb.phh_recv(
952 rl->cb_arg, &rl->rbuf_cbs);
953 }
954
955 tls13_record_layer_rbuf_free(rl);
956
957 if (ret == TLS13_IO_WANT_POLLIN)
958 return ret;
959
960 /*
961 * leave post handshake handshake mode
962 * if we do not need more handshake data
963 */
964 rl->phh = 0;
965
966 if (ret == TLS13_IO_SUCCESS) {
967 if (rl->phh_retry)
968 return TLS13_IO_WANT_RETRY;
969
970 return TLS13_IO_WANT_POLLIN;
971 }
972
973 return ret;
974 }
975 } 965 }
976
977 return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE); 966 return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE);
978 } 967 }
979 968
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 00:41:12 +0000