X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Frecord%2Frec_layer_s3.c;h=59aa8d4caec0db47acc6172346a9fe2aaa594cb7;hp=b4dee6e21d48a9c5887586b5579523d61a159ac1;hb=c7f47786a5e5f68dc33091ffb2a42e51a73de3a1;hpb=0386aad1ab472a4059da85131cceca15aab5ebae diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index b4dee6e21d..59aa8d4cae 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -8,6 +8,7 @@ */ #include +#include #include #include #define USE_SOCKETS @@ -1387,69 +1388,6 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ - /* If we are a client, check for an incoming 'Hello Request': */ - if ((!s->server) && - (s->rlayer.handshake_fragment_len >= 4) && - !SSL_IS_TLS13(s) && - (s->rlayer.handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && - (s->session != NULL) && (s->session->cipher != NULL)) { - s->rlayer.handshake_fragment_len = 0; - - if ((s->rlayer.handshake_fragment[1] != 0) || - (s->rlayer.handshake_fragment[2] != 0) || - (s->rlayer.handshake_fragment[3] != 0)) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_HELLO_REQUEST); - goto f_err; - } - - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - s->rlayer.handshake_fragment, 4, s, - s->msg_callback_arg); - - if (SSL_is_init_finished(s) && - !s->s3->renegotiate) { - ssl3_renegotiate(s); - if (ssl3_renegotiate_check(s)) { - i = s->handshake_func(s); - if (i < 0) - return i; - if (i == 0) { - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); - return -1; - } - - if (!(s->mode & SSL_MODE_AUTO_RETRY)) { - if (SSL3_BUFFER_get_left(rbuf) == 0) { - /* no read-ahead left? */ - BIO *bio; - /* - * In the case where we try to read application data, - * but we trigger an SSL handshake, we return -1 with - * the retry option set. Otherwise renegotiation may - * cause nasty problems in the blocking world - */ - s->rwstate = SSL_READING; - bio = SSL_get_rbio(s); - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - return -1; - } - } - } else { - SSL3_RECORD_set_read(rr); - } - } else { - /* Does this ever happen? */ - SSL3_RECORD_set_read(rr); - } - /* - * we either finished a handshake or ignored the request, now try - * again to obtain the (application) data we were asked for - */ - goto start; - } /* * If we are a server and get a client hello when renegotiation isn't * allowed send back a no renegotiation alert and carry on. WARNING: @@ -1558,18 +1496,27 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } /* - * Unexpected handshake message (Client Hello, NewSessionTicket (TLS1.3) or + * Unexpected handshake message (ClientHello, NewSessionTicket (TLS1.3) or * protocol violation) */ if ((s->rlayer.handshake_fragment_len >= 4) - && !ossl_statem_get_in_handshake(s)) { - if (SSL_is_init_finished(s)) { - ossl_statem_set_in_init(s, 1); - if (!SSL_IS_TLS13(s)) { - s->renegotiate = 1; - s->new_session = 1; - } + && !ossl_statem_get_in_handshake(s)) { + /* + * To get here we must be trying to read app data but found handshake + * data. But if we're trying to read app data, and we're not in init + * (which is tested for at the top of this function) then init must be + * finished + */ + assert(SSL_is_init_finished(s)); + if (!SSL_is_init_finished(s)) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); + goto f_err; } + + /* We found handshake data, so we're going back into init */ + ossl_statem_set_in_init(s, 1); + i = s->handshake_func(s); if (i < 0) return i;