summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_pkt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_pkt.c')
-rw-r--r--src/lib/libssl/ssl_pkt.c120
1 files changed, 52 insertions, 68 deletions
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index 58d3ee1db2..4d79981484 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_pkt.c,v 1.63 2022/11/10 18:06:37 jsing Exp $ */ 1/* $OpenBSD: ssl_pkt.c,v 1.64 2022/11/11 17:15:26 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -110,6 +110,7 @@
110 */ 110 */
111 111
112#include <errno.h> 112#include <errno.h>
113#include <limits.h>
113#include <stdio.h> 114#include <stdio.h>
114 115
115#include <openssl/buffer.h> 116#include <openssl/buffer.h>
@@ -118,6 +119,7 @@
118#include "bytestring.h" 119#include "bytestring.h"
119#include "dtls_locl.h" 120#include "dtls_locl.h"
120#include "ssl_locl.h" 121#include "ssl_locl.h"
122#include "tls_content.h"
121 123
122static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, 124static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
123 unsigned int len); 125 unsigned int len);
@@ -333,8 +335,6 @@ ssl3_get_record(SSL *s)
333 SSL3_BUFFER_INTERNAL *rb = &(s->s3->rbuf); 335 SSL3_BUFFER_INTERNAL *rb = &(s->s3->rbuf);
334 SSL3_RECORD_INTERNAL *rr = &(s->s3->rrec); 336 SSL3_RECORD_INTERNAL *rr = &(s->s3->rrec);
335 uint8_t alert_desc; 337 uint8_t alert_desc;
336 uint8_t *out;
337 size_t out_len;
338 int al, n; 338 int al, n;
339 int ret = -1; 339 int ret = -1;
340 340
@@ -410,8 +410,8 @@ ssl3_get_record(SSL *s)
410 */ 410 */
411 tls12_record_layer_set_version(s->rl, s->version); 411 tls12_record_layer_set_version(s->rl, s->version);
412 412
413 if (!tls12_record_layer_open_record(s->rl, s->packet, 413 if (!tls12_record_layer_open_record(s->rl, s->packet, s->packet_length,
414 s->packet_length, &out, &out_len)) { 414 s->s3->rcontent)) {
415 tls12_record_layer_alert(s->rl, &alert_desc); 415 tls12_record_layer_alert(s->rl, &alert_desc);
416 416
417 if (alert_desc == 0) 417 if (alert_desc == 0)
@@ -426,14 +426,10 @@ ssl3_get_record(SSL *s)
426 goto fatal_err; 426 goto fatal_err;
427 } 427 }
428 428
429 rr->data = out;
430 rr->length = out_len;
431 rr->off = 0;
432
433 /* we have pulled in a full packet so zero things */ 429 /* we have pulled in a full packet so zero things */
434 s->packet_length = 0; 430 s->packet_length = 0;
435 431
436 if (rr->length == 0) { 432 if (tls_content_remaining(s->s3->rcontent) == 0) {
437 /* 433 /*
438 * Zero-length fragments are only permitted for application 434 * Zero-length fragments are only permitted for application
439 * data, as per RFC 5246 section 6.2.1. 435 * data, as per RFC 5246 section 6.2.1.
@@ -444,6 +440,8 @@ ssl3_get_record(SSL *s)
444 goto fatal_err; 440 goto fatal_err;
445 } 441 }
446 442
443 tls_content_clear(s->s3->rcontent);
444
447 /* 445 /*
448 * CBC countermeasures for known IV weaknesses can legitimately 446 * CBC countermeasures for known IV weaknesses can legitimately
449 * insert a single empty record, so we allow ourselves to read 447 * insert a single empty record, so we allow ourselves to read
@@ -691,20 +689,9 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
691static ssize_t 689static ssize_t
692ssl3_read_cb(void *buf, size_t n, void *cb_arg) 690ssl3_read_cb(void *buf, size_t n, void *cb_arg)
693{ 691{
694 SSL3_RECORD_INTERNAL *rr;
695 SSL *s = cb_arg; 692 SSL *s = cb_arg;
696 693
697 rr = &s->s3->rrec; 694 return tls_content_read(s->s3->rcontent, buf, n);
698
699 if (n > rr->length)
700 n = rr->length;
701
702 memcpy(buf, &rr->data[rr->off], n);
703
704 rr->off += n;
705 rr->length -= n;
706
707 return n;
708} 695}
709 696
710#define SSL3_ALERT_LENGTH 2 697#define SSL3_ALERT_LENGTH 2
@@ -791,21 +778,18 @@ ssl3_read_alert(SSL *s)
791int 778int
792ssl3_read_change_cipher_spec(SSL *s) 779ssl3_read_change_cipher_spec(SSL *s)
793{ 780{
794 SSL3_RECORD_INTERNAL *rr = &s->s3->rrec; 781 const uint8_t ccs[1] = { SSL3_MT_CCS };
795 const uint8_t ccs[] = { SSL3_MT_CCS };
796 CBS cbs;
797 782
798 /* 783 /*
799 * 'Change Cipher Spec' is just a single byte, so we know exactly what 784 * 'Change Cipher Spec' is just a single byte, so we know exactly what
800 * the record payload has to look like. 785 * the record payload has to look like.
801 */ 786 */
802 CBS_init(&cbs, rr->data, rr->length); 787 if (tls_content_remaining(s->s3->rcontent) != sizeof(ccs)) {
803 if (rr->off != 0 || CBS_len(&cbs) != sizeof(ccs)) {
804 SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC); 788 SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC);
805 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 789 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
806 return -1; 790 return -1;
807 } 791 }
808 if (!CBS_mem_equal(&cbs, ccs, sizeof(ccs))) { 792 if (!tls_content_equal(s->s3->rcontent, ccs, sizeof(ccs))) {
809 SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC); 793 SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC);
810 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); 794 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
811 return -1; 795 return -1;
@@ -813,7 +797,8 @@ ssl3_read_change_cipher_spec(SSL *s)
813 797
814 /* XDTLS: check that epoch is consistent */ 798 /* XDTLS: check that epoch is consistent */
815 799
816 ssl_msg_callback_cbs(s, 0, SSL3_RT_CHANGE_CIPHER_SPEC, &cbs); 800 ssl_msg_callback_cbs(s, 0, SSL3_RT_CHANGE_CIPHER_SPEC,
801 tls_content_cbs(s->s3->rcontent));
817 802
818 /* Check that we have a cipher to change to. */ 803 /* Check that we have a cipher to change to. */
819 if (s->s3->hs.cipher == NULL) { 804 if (s->s3->hs.cipher == NULL) {
@@ -830,7 +815,7 @@ ssl3_read_change_cipher_spec(SSL *s)
830 * handshake messages are still missing, so just 815 * handshake messages are still missing, so just
831 * drop it. 816 * drop it.
832 */ 817 */
833 rr->length = 0; 818 tls_content_clear(s->s3->rcontent);
834 return 1; 819 return 1;
835 } 820 }
836 s->d1->change_cipher_spec_ok = 0; 821 s->d1->change_cipher_spec_ok = 0;
@@ -844,7 +829,7 @@ ssl3_read_change_cipher_spec(SSL *s)
844 s->s3->flags &= ~SSL3_FLAGS_CCS_OK; 829 s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
845 } 830 }
846 831
847 rr->length = 0; 832 tls_content_clear(s->s3->rcontent);
848 833
849 s->s3->change_cipher_spec = 1; 834 s->s3->change_cipher_spec = 1;
850 if (!ssl3_do_change_cipher_spec(s)) 835 if (!ssl3_do_change_cipher_spec(s))
@@ -1053,9 +1038,8 @@ ssl3_read_handshake_unexpected(SSL *s)
1053int 1038int
1054ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) 1039ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1055{ 1040{
1056 SSL3_RECORD_INTERNAL *rr;
1057 int rrcount = 0; 1041 int rrcount = 0;
1058 unsigned int n; 1042 ssize_t ssret;
1059 int ret; 1043 int ret;
1060 1044
1061 if (s->s3->rbuf.buf == NULL) { 1045 if (s->s3->rbuf.buf == NULL) {
@@ -1063,6 +1047,11 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1063 return -1; 1047 return -1;
1064 } 1048 }
1065 1049
1050 if (s->s3->rcontent == NULL) {
1051 if ((s->s3->rcontent = tls_content_new()) == NULL)
1052 return -1;
1053 }
1054
1066 if (len < 0) { 1055 if (len < 0) {
1067 SSLerror(s, ERR_R_INTERNAL_ERROR); 1056 SSLerror(s, ERR_R_INTERNAL_ERROR);
1068 return -1; 1057 return -1;
@@ -1120,16 +1109,15 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1120 1109
1121 s->rwstate = SSL_NOTHING; 1110 s->rwstate = SSL_NOTHING;
1122 1111
1123 rr = &s->s3->rrec; 1112 if (tls_content_remaining(s->s3->rcontent) == 0) {
1124
1125 if (rr->length == 0 || s->rstate == SSL_ST_READ_BODY) {
1126 if ((ret = ssl3_get_record(s)) <= 0) 1113 if ((ret = ssl3_get_record(s)) <= 0)
1127 return ret; 1114 return ret;
1128 } 1115 }
1129 1116
1130 /* We now have a packet which can be read and processed. */ 1117 /* We now have a packet which can be read and processed. */
1131 1118
1132 if (s->s3->change_cipher_spec && rr->type != SSL3_RT_HANDSHAKE) { 1119 if (s->s3->change_cipher_spec &&
1120 tls_content_type(s->s3->rcontent) != SSL3_RT_HANDSHAKE) {
1133 SSLerror(s, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); 1121 SSLerror(s, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
1134 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); 1122 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1135 return -1; 1123 return -1;
@@ -1141,12 +1129,13 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1141 */ 1129 */
1142 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { 1130 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
1143 s->rwstate = SSL_NOTHING; 1131 s->rwstate = SSL_NOTHING;
1144 rr->length = 0; 1132 tls_content_clear(s->s3->rcontent);
1133 s->s3->rrec.length = 0;
1145 return 0; 1134 return 0;
1146 } 1135 }
1147 1136
1148 /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ 1137 /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
1149 if (type == rr->type) { 1138 if (tls_content_type(s->s3->rcontent) == type) {
1150 /* 1139 /*
1151 * Make sure that we are not getting application data when we 1140 * Make sure that we are not getting application data when we
1152 * are doing a handshake for the first time. 1141 * are doing a handshake for the first time.
@@ -1162,34 +1151,28 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1162 if (len <= 0) 1151 if (len <= 0)
1163 return len; 1152 return len;
1164 1153
1165 if ((unsigned int)len > rr->length) 1154 if (peek) {
1166 n = rr->length; 1155 ssret = tls_content_peek(s->s3->rcontent, buf, len);
1167 else 1156 } else {
1168 n = (unsigned int)len; 1157 ssret = tls_content_read(s->s3->rcontent, buf, len);
1169
1170 memcpy(buf, &rr->data[rr->off], n);
1171 if (!peek) {
1172 memset(&rr->data[rr->off], 0, n);
1173 rr->length -= n;
1174 rr->off += n;
1175 if (rr->length == 0) {
1176 s->rstate = SSL_ST_READ_HEADER;
1177 rr->off = 0;
1178 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
1179 s->s3->rbuf.left == 0)
1180 ssl3_release_read_buffer(s);
1181 }
1182 } 1158 }
1159 if (ssret < INT_MIN || ssret > INT_MAX)
1160 return -1;
1161 if (ssret < 0)
1162 return (int)ssret;
1183 1163
1184 return n; 1164 if (tls_content_remaining(s->s3->rcontent) == 0) {
1185 } 1165 s->rstate = SSL_ST_READ_HEADER;
1186 1166
1187 /* 1167 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
1188 * If we get here, then type != rr->type; if we have a handshake 1168 s->s3->rbuf.left == 0)
1189 * message, then it was unexpected (Hello Request or Client Hello). 1169 ssl3_release_read_buffer(s);
1190 */ 1170 }
1171
1172 return ssret;
1173 }
1191 1174
1192 if (rr->type == SSL3_RT_ALERT) { 1175 if (tls_content_type(s->s3->rcontent) == SSL3_RT_ALERT) {
1193 if ((ret = ssl3_read_alert(s)) <= 0) 1176 if ((ret = ssl3_read_alert(s)) <= 0)
1194 return ret; 1177 return ret;
1195 goto start; 1178 goto start;
@@ -1197,11 +1180,12 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1197 1180
1198 if (s->shutdown & SSL_SENT_SHUTDOWN) { 1181 if (s->shutdown & SSL_SENT_SHUTDOWN) {
1199 s->rwstate = SSL_NOTHING; 1182 s->rwstate = SSL_NOTHING;
1200 rr->length = 0; 1183 tls_content_clear(s->s3->rcontent);
1184 s->s3->rrec.length = 0;
1201 return 0; 1185 return 0;
1202 } 1186 }
1203 1187
1204 if (rr->type == SSL3_RT_APPLICATION_DATA) { 1188 if (tls_content_type(s->s3->rcontent) == SSL3_RT_APPLICATION_DATA) {
1205 /* 1189 /*
1206 * At this point, we were expecting handshake data, but have 1190 * At this point, we were expecting handshake data, but have
1207 * application data. If the library was running inside 1191 * application data. If the library was running inside
@@ -1227,13 +1211,13 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1227 } 1211 }
1228 } 1212 }
1229 1213
1230 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) { 1214 if (tls_content_type(s->s3->rcontent) == SSL3_RT_CHANGE_CIPHER_SPEC) {
1231 if ((ret = ssl3_read_change_cipher_spec(s)) <= 0) 1215 if ((ret = ssl3_read_change_cipher_spec(s)) <= 0)
1232 return ret; 1216 return ret;
1233 goto start; 1217 goto start;
1234 } 1218 }
1235 1219
1236 if (rr->type == SSL3_RT_HANDSHAKE) { 1220 if (tls_content_type(s->s3->rcontent) == SSL3_RT_HANDSHAKE) {
1237 if ((ret = ssl3_read_handshake_unexpected(s)) <= 0) 1221 if ((ret = ssl3_read_handshake_unexpected(s)) <= 0)
1238 return ret; 1222 return ret;
1239 goto start; 1223 goto start;
@@ -1244,7 +1228,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1244 * earlier versions silently ignore the record. 1228 * earlier versions silently ignore the record.
1245 */ 1229 */
1246 if (ssl_effective_tls_version(s) <= TLS1_1_VERSION) { 1230 if (ssl_effective_tls_version(s) <= TLS1_1_VERSION) {
1247 rr->length = 0; 1231 tls_content_clear(s->s3->rcontent);
1248 goto start; 1232 goto start;
1249 } 1233 }
1250 SSLerror(s, SSL_R_UNEXPECTED_RECORD); 1234 SSLerror(s, SSL_R_UNEXPECTED_RECORD);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-27 04:10:52 +0000