Implement support for SSL_peek() in the TLSv1.3 record layer.

ok beck@ tb@
author: jsing <> 2020-01-22 06:23:00 +0000
committer: jsing <> 2020-01-22 06:23:00 +0000
commit: 9e9db88c593e9fe3ec46a015b783a8903db297c3 (patch)
tree: b500b4cd4fbfdaf1e52f3a0b754eb1e97bd5f92f /src
parent: 0cbc880fa36f08c10caa253c5b025333c684fa2f (diff)
download: openbsd-9e9db88c593e9fe3ec46a015b783a8903db297c3.tar.gz
openbsd-9e9db88c593e9fe3ec46a015b783a8903db297c3.tar.bz2
openbsd-9e9db88c593e9fe3ec46a015b783a8903db297c3.zip
3 files changed, 39 insertions, 14 deletions
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index fc1d6c1889..68a129a634 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.43 2020/01/22 05:06:23 tb Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.44 2020/01/22 06:23:00 jsing Exp $ */
 /*
 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -136,6 +136,7 @@ ssize_t tls13_record_layer_phh(struct tls13_record_layer *rl, CBS *cbs);
 ssize_t tls13_read_handshake_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n);
 ssize_t tls13_write_handshake_data(struct tls13_record_layer *rl, const uint8_t *buf,
    size_t n);
+ssize_t tls13_peek_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n);
 ssize_t tls13_read_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n);
 ssize_t tls13_write_application_data(struct tls13_record_layer *rl, const uint8_t *buf,
    size_t n);
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index d92d3cb8b6..73d936ac3f 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_lib.c,v 1.19 2020/01/22 03:15:43 beck Exp $ */
+/*      $OpenBSD: tls13_lib.c,v 1.20 2020/01/22 06:23:00 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -412,12 +412,6 @@ tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len, int pee
                return tls13_legacy_return_code(ssl, TLS13_IO_WANT_POLLIN);
        }
-        if (peek) {
-                /* XXX - support peek... */
-                SSLerror(ssl, ERR_R_INTERNAL_ERROR);
-                return -1;
-        }
        if (type != SSL3_RT_APPLICATION_DATA) {
                SSLerror(ssl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                return -1;
@@ -427,7 +421,11 @@ tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len, int pee
                return -1;
        }
-        ret = tls13_read_application_data(ctx->rl, buf, len);
+        if (peek)
+                ret = tls13_peek_application_data(ctx->rl, buf, len);
+        else
+                ret = tls13_read_application_data(ctx->rl, buf, len);
        return tls13_legacy_return_code(ssl, ret);
 }
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c
index ef558d52df..4de7340999 100644
--- a/src/lib/libssl/tls13_record_layer.c
+++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_record_layer.c,v 1.21 2020/01/22 05:06:23 tb Exp $ */
+/* $OpenBSD: tls13_record_layer.c,v 1.22 2020/01/22 06:23:00 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -812,8 +812,8 @@ tls13_record_layer_read_record(struct tls13_record_layer *rl)
 }
 ssize_t
-tls13_record_layer_read(struct tls13_record_layer *rl, uint8_t content_type,
+tls13_record_layer_read_internal(struct tls13_record_layer *rl,
-    uint8_t *buf, size_t n)
+    uint8_t content_type, uint8_t *buf, size_t n, int peek)
 {
        ssize_t ret;
@@ -898,8 +898,11 @@ tls13_record_layer_read(struct tls13_record_layer *rl, uint8_t content_type,
        /* XXX - CBS_memcpy? CBS_copy_bytes? */
        memcpy(buf, CBS_data(&rl->rbuf_cbs), n);
-        if (!CBS_skip(&rl->rbuf_cbs, n))
-                goto err;
+        if (!peek) {
+                if (!CBS_skip(&rl->rbuf_cbs, n))
+                        goto err;
+        }
        if (CBS_len(&rl->rbuf_cbs) == 0)
                tls13_record_layer_rbuf_free(rl);
@@ -910,6 +913,20 @@ tls13_record_layer_read(struct tls13_record_layer *rl, uint8_t content_type,
        return TLS13_IO_FAILURE;
 }
+ssize_t
+tls13_record_layer_peek(struct tls13_record_layer *rl, uint8_t content_type,
+    uint8_t *buf, size_t n)
+{
+        return tls13_record_layer_read_internal(rl, content_type, buf, n, 1);
+}
+ssize_t
+tls13_record_layer_read(struct tls13_record_layer *rl, uint8_t content_type,
+    uint8_t *buf, size_t n)
+{
+        return tls13_record_layer_read_internal(rl, content_type, buf, n, 0);
+}
 static ssize_t
 tls13_record_layer_write_record(struct tls13_record_layer *rl,
    uint8_t content_type, const uint8_t *content, size_t content_len)
@@ -1006,6 +1023,15 @@ tls13_write_handshake_data(struct tls13_record_layer *rl, const uint8_t *buf,
 }
 ssize_t
+tls13_peek_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n)
+{
+        if (!rl->handshake_completed)
+                return TLS13_IO_FAILURE;
+        return tls13_record_layer_peek(rl, SSL3_RT_APPLICATION_DATA, buf, n);
+}
+ssize_t
 tls13_read_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n)
 {
        if (!rl->handshake_completed)
author	jsing <>	2020-01-22 06:23:00 +0000
committer	jsing <>	2020-01-22 06:23:00 +0000
commit	9e9db88c593e9fe3ec46a015b783a8903db297c3 (patch)
tree	b500b4cd4fbfdaf1e52f3a0b754eb1e97bd5f92f /src
parent	0cbc880fa36f08c10caa253c5b025333c684fa2f (diff)
download	openbsd-9e9db88c593e9fe3ec46a015b783a8903db297c3.tar.gz openbsd-9e9db88c593e9fe3ec46a015b783a8903db297c3.tar.bz2 openbsd-9e9db88c593e9fe3ec46a015b783a8903db297c3.zip

diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h index fc1d6c1889..68a129a634 100644 --- a/src/lib/libssl/tls13_internal.h +++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_internal.h,v 1.43 2020/01/22 05:06:23 tb Exp $ */	1	/* $OpenBSD: tls13_internal.h,v 1.44 2020/01/22 06:23:00 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2018 Bob Beck <beck@openbsd.org>
4	* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>	4	* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -136,6 +136,7 @@ ssize_t tls13_record_layer_phh(struct tls13_record_layer rl, CBS cbs);
136	ssize_t tls13_read_handshake_data(struct tls13_record_layer rl, uint8_t buf, size_t n);	136	ssize_t tls13_read_handshake_data(struct tls13_record_layer rl, uint8_t buf, size_t n);
137	ssize_t tls13_write_handshake_data(struct tls13_record_layer rl, const uint8_t buf,	137	ssize_t tls13_write_handshake_data(struct tls13_record_layer rl, const uint8_t buf,
138	size_t n);	138	size_t n);
		139	ssize_t tls13_peek_application_data(struct tls13_record_layer rl, uint8_t buf, size_t n);
139	ssize_t tls13_read_application_data(struct tls13_record_layer rl, uint8_t buf, size_t n);	140	ssize_t tls13_read_application_data(struct tls13_record_layer rl, uint8_t buf, size_t n);
140	ssize_t tls13_write_application_data(struct tls13_record_layer rl, const uint8_t buf,	141	ssize_t tls13_write_application_data(struct tls13_record_layer rl, const uint8_t buf,
141	size_t n);	142	size_t n);


diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c index d92d3cb8b6..73d936ac3f 100644 --- a/src/lib/libssl/tls13_lib.c +++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_lib.c,v 1.19 2020/01/22 03:15:43 beck Exp $ */	1	/* $OpenBSD: tls13_lib.c,v 1.20 2020/01/22 06:23:00 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2019 Bob Beck <beck@openbsd.org>	4	* Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -412,12 +412,6 @@ tls13_legacy_read_bytes(SSL ssl, int type, unsigned char buf, int len, int pee
412	return tls13_legacy_return_code(ssl, TLS13_IO_WANT_POLLIN);	412	return tls13_legacy_return_code(ssl, TLS13_IO_WANT_POLLIN);
413	}	413	}
414		414
415	if (peek) {
416	/* XXX - support peek... */
417	SSLerror(ssl, ERR_R_INTERNAL_ERROR);
418	return -1;
419	}
420
421	if (type != SSL3_RT_APPLICATION_DATA) {	415	if (type != SSL3_RT_APPLICATION_DATA) {
422	SSLerror(ssl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);	416	SSLerror(ssl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
423	return -1;	417	return -1;
@@ -427,7 +421,11 @@ tls13_legacy_read_bytes(SSL ssl, int type, unsigned char buf, int len, int pee
427	return -1;	421	return -1;
428	}	422	}
429		423
430	ret = tls13_read_application_data(ctx->rl, buf, len);	424	if (peek)
		425	ret = tls13_peek_application_data(ctx->rl, buf, len);
		426	else
		427	ret = tls13_read_application_data(ctx->rl, buf, len);
		428
431	return tls13_legacy_return_code(ssl, ret);	429	return tls13_legacy_return_code(ssl, ret);
432	}	430	}
433		431


diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c index ef558d52df..4de7340999 100644 --- a/src/lib/libssl/tls13_record_layer.c +++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_record_layer.c,v 1.21 2020/01/22 05:06:23 tb Exp $ */	1	/* $OpenBSD: tls13_record_layer.c,v 1.22 2020/01/22 06:23:00 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -812,8 +812,8 @@ tls13_record_layer_read_record(struct tls13_record_layer *rl)
812	}	812	}
813		813
814	ssize_t	814	ssize_t
815	tls13_record_layer_read(struct tls13_record_layer *rl, uint8_t content_type,	815	tls13_record_layer_read_internal(struct tls13_record_layer *rl,
816	uint8_t *buf, size_t n)	816	uint8_t content_type, uint8_t *buf, size_t n, int peek)
817	{	817	{
818	ssize_t ret;	818	ssize_t ret;
819		819
@@ -898,8 +898,11 @@ tls13_record_layer_read(struct tls13_record_layer *rl, uint8_t content_type,
898		898
899	/* XXX - CBS_memcpy? CBS_copy_bytes? */	899	/* XXX - CBS_memcpy? CBS_copy_bytes? */
900	memcpy(buf, CBS_data(&rl->rbuf_cbs), n);	900	memcpy(buf, CBS_data(&rl->rbuf_cbs), n);
901	if (!CBS_skip(&rl->rbuf_cbs, n))	901
902	goto err;	902	if (!peek) {
		903	if (!CBS_skip(&rl->rbuf_cbs, n))
		904	goto err;
		905	}
903		906
904	if (CBS_len(&rl->rbuf_cbs) == 0)	907	if (CBS_len(&rl->rbuf_cbs) == 0)
905	tls13_record_layer_rbuf_free(rl);	908	tls13_record_layer_rbuf_free(rl);
@@ -910,6 +913,20 @@ tls13_record_layer_read(struct tls13_record_layer *rl, uint8_t content_type,
910	return TLS13_IO_FAILURE;	913	return TLS13_IO_FAILURE;
911	}	914	}
912		915
		916	ssize_t
		917	tls13_record_layer_peek(struct tls13_record_layer *rl, uint8_t content_type,
		918	uint8_t *buf, size_t n)
		919	{
		920	return tls13_record_layer_read_internal(rl, content_type, buf, n, 1);
		921	}
		922
		923	ssize_t
		924	tls13_record_layer_read(struct tls13_record_layer *rl, uint8_t content_type,
		925	uint8_t *buf, size_t n)
		926	{
		927	return tls13_record_layer_read_internal(rl, content_type, buf, n, 0);
		928	}
		929
913	static ssize_t	930	static ssize_t
914	tls13_record_layer_write_record(struct tls13_record_layer *rl,	931	tls13_record_layer_write_record(struct tls13_record_layer *rl,
915	uint8_t content_type, const uint8_t *content, size_t content_len)	932	uint8_t content_type, const uint8_t *content, size_t content_len)
@@ -1006,6 +1023,15 @@ tls13_write_handshake_data(struct tls13_record_layer rl, const uint8_t buf,
1006	}	1023	}
1007		1024
1008	ssize_t	1025	ssize_t
		1026	tls13_peek_application_data(struct tls13_record_layer rl, uint8_t buf, size_t n)
		1027	{
		1028	if (!rl->handshake_completed)
		1029	return TLS13_IO_FAILURE;
		1030
		1031	return tls13_record_layer_peek(rl, SSL3_RT_APPLICATION_DATA, buf, n);
		1032	}
		1033
		1034	ssize_t
1009	tls13_read_application_data(struct tls13_record_layer rl, uint8_t buf, size_t n)	1035	tls13_read_application_data(struct tls13_record_layer rl, uint8_t buf, size_t n)
1010	{	1036	{
1011	if (!rl->handshake_completed)	1037	if (!rl->handshake_completed)