int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send)
{
- uint32_t max_early_data = s->max_early_data;
+ uint32_t max_early_data;
SSL_SESSION *sess = s->session;
/*
}
sess = s->psksession;
}
- if (!s->server
- || (s->hit && sess->ext.max_early_data < s->max_early_data))
+
+ if (!s->server)
max_early_data = sess->ext.max_early_data;
+ else if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED)
+ max_early_data = s->recv_max_early_data;
+ else
+ max_early_data = s->recv_max_early_data < sess->ext.max_early_data
+ ? s->recv_max_early_data : sess->ext.max_early_data;
if (max_early_data == 0) {
SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE,
thisrr->rec_version = version;
/*
- * Lets check version. In TLSv1.3 we ignore this field. For the
+ * Lets check version. In TLSv1.3 we only check this field
+ * when encryption is occurring (see later check). For the
* ServerHello after an HRR we haven't actually selected TLSv1.3
* yet, but we still treat it as TLSv1.3, so we must check for
* that explicitly
}
}
- if (SSL_IS_TLS13(s)
- && s->enc_read_ctx != NULL
- && thisrr->type != SSL3_RT_APPLICATION_DATA
- && (thisrr->type != SSL3_RT_CHANGE_CIPHER_SPEC
- || !SSL_IS_FIRST_HANDSHAKE(s))) {
- SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
- SSL_F_SSL3_GET_RECORD, SSL_R_BAD_RECORD_TYPE);
- return -1;
+ if (SSL_IS_TLS13(s) && s->enc_read_ctx != NULL) {
+ if (thisrr->type != SSL3_RT_APPLICATION_DATA
+ && (thisrr->type != SSL3_RT_CHANGE_CIPHER_SPEC
+ || !SSL_IS_FIRST_HANDSHAKE(s))
+ && (thisrr->type != SSL3_RT_ALERT
+ || s->statem.enc_read_state
+ != ENC_READ_STATE_ALLOW_PLAIN_ALERTS)) {
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+ SSL_F_SSL3_GET_RECORD, SSL_R_BAD_RECORD_TYPE);
+ return -1;
+ }
+ if (thisrr->rec_version != TLS1_2_VERSION) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,
+ SSL_R_WRONG_VERSION_NUMBER);
+ return -1;
+ }
}
if (thisrr->length >
return -1;
}
#ifdef SSL_DEBUG
- printf("dec %"OSSLzu"\n", rr[0].length);
+ printf("dec %lu\n", (unsigned long)rr[0].length);
{
size_t z;
for (z = 0; z < rr[0].length; z++)
}
}
- if (SSL_IS_TLS13(s) && s->enc_read_ctx != NULL) {
+ if (SSL_IS_TLS13(s)
+ && s->enc_read_ctx != NULL
+ && thisrr->type != SSL3_RT_ALERT) {
size_t end;
if (thisrr->length == 0
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
ERR_R_INTERNAL_ERROR);
return -1;
- } else if (ssl_randbytes(s, recs[ctr].input, ivlen) <= 0) {
+ } else if (RAND_bytes(recs[ctr].input, ivlen) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
ERR_R_INTERNAL_ERROR);
return -1;
|| EVP_DigestUpdate(md_ctx, ssl3_pad_2, npad) <= 0
|| EVP_DigestUpdate(md_ctx, md, md_size) <= 0
|| EVP_DigestFinal_ex(md_ctx, md, &md_size_u) <= 0) {
- EVP_MD_CTX_reset(md_ctx);
+ EVP_MD_CTX_free(md_ctx);
return 0;
}
mac_ctx = hash;
} else {
hmac = EVP_MD_CTX_new();
- if (hmac == NULL || !EVP_MD_CTX_copy(hmac, hash))
+ if (hmac == NULL || !EVP_MD_CTX_copy(hmac, hash)) {
+ EVP_MD_CTX_free(hmac);
return 0;
+ }
mac_ctx = hmac;
}
p += 6;
n2s(p, rr->length);
+ rr->read = 0;
/*
* Lets check the version. We tolerate alerts that don't have the exact
if (version != s->version) {
/* unexpected version, silently discard */
rr->length = 0;
+ rr->read = 1;
RECORD_LAYER_reset_packet_length(&s->rlayer);
goto again;
}
if ((version & 0xff00) != (s->version & 0xff00)) {
/* wrong version, silently discard record */
rr->length = 0;
+ rr->read = 1;
RECORD_LAYER_reset_packet_length(&s->rlayer);
goto again;
}
if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
/* record too long, silently discard it */
rr->length = 0;
+ rr->read = 1;
RECORD_LAYER_reset_packet_length(&s->rlayer);
goto again;
}
&& rr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) {
/* record too long, silently discard it */
rr->length = 0;
+ rr->read = 1;
RECORD_LAYER_reset_packet_length(&s->rlayer);
goto again;
}
return -1;
}
rr->length = 0;
+ rr->read = 1;
RECORD_LAYER_reset_packet_length(&s->rlayer);
goto again;
}
*/
if (!dtls1_record_replay_check(s, bitmap)) {
rr->length = 0;
+ rr->read = 1;
RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */
goto again; /* get another record */
}
#endif
/* just read a 0 length packet */
- if (rr->length == 0)
+ if (rr->length == 0) {
+ rr->read = 1;
goto again;
+ }
/*
* If this record is from the next epoch (either HM or ALERT), and a
}
}
rr->length = 0;
+ rr->read = 1;
RECORD_LAYER_reset_packet_length(&s->rlayer);
goto again;
}
return -1;
}
rr->length = 0;
+ rr->read = 1;
RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */
goto again; /* get another record */
}
projects / openssl.git / blobdiff