SSL3_RECORD *rr;
SSL3_BUFFER *rbuf;
void (*cb) (const SSL *ssl, int type2, int val) = NULL;
+ int is_tls13 = SSL_IS_TLS13(s);
rbuf = &s->rlayer.rbuf;
if (type == SSL3_RECORD_get_type(rr)
|| (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
&& type == SSL3_RT_HANDSHAKE && recvd_type != NULL
- && !SSL_IS_TLS13(s))) {
+ && !is_tls13)) {
/*
* SSL3_RT_APPLICATION_DATA or
* SSL3_RT_HANDSHAKE or
return -1;
}
- /*
- * In case of record types for which we have 'fragment' storage, fill
- * that so that we can process the data at a fixed place.
- */
- {
- size_t dest_maxlen = 0;
- unsigned char *dest = NULL;
- size_t *dest_len = NULL;
-
- if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) {
- dest_maxlen = sizeof(s->rlayer.handshake_fragment);
- dest = s->rlayer.handshake_fragment;
- dest_len = &s->rlayer.handshake_fragment_len;
- }
-
- if (dest_maxlen > 0) {
- n = dest_maxlen - *dest_len; /* available space in 'dest' */
- if (SSL3_RECORD_get_length(rr) < n)
- n = SSL3_RECORD_get_length(rr); /* available bytes */
-
- /* now move 'n' bytes: */
- memcpy(dest + *dest_len,
- SSL3_RECORD_get_data(rr) + SSL3_RECORD_get_off(rr), n);
- SSL3_RECORD_add_off(rr, n);
- SSL3_RECORD_sub_length(rr, n);
- *dest_len += n;
- if (SSL3_RECORD_get_length(rr) == 0)
- SSL3_RECORD_set_read(rr);
-
- if (*dest_len < dest_maxlen)
- goto start; /* fragment was too small */
- }
- }
-
/*-
* s->rlayer.handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE;
* (Possibly rr is 'empty' now, i.e. rr->length may be 0.)
cb(s, SSL_CB_READ_ALERT, j);
}
- if (alert_level == SSL3_AL_WARNING) {
+ if (alert_level == SSL3_AL_WARNING
+ || (is_tls13 && alert_descr == SSL_AD_USER_CANCELLED)) {
s->s3->warn_alert = alert_descr;
SSL3_RECORD_set_read(rr);
SSL_R_TOO_MANY_WARN_ALERTS);
return -1;
}
+ }
- if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
- s->shutdown |= SSL_RECEIVED_SHUTDOWN;
- return 0;
- }
- /*
- * Apart from close_notify the only other warning alert in TLSv1.3
- * is user_cancelled - which we just ignore.
- */
- if (SSL_IS_TLS13(s) && alert_descr != SSL_AD_USER_CANCELLED) {
- SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL3_READ_BYTES,
- SSL_R_UNKNOWN_ALERT_TYPE);
- return -1;
- }
- /*
- * This is a warning but we receive it if we requested
- * renegotiation and the peer denied it. Terminate with a fatal
- * alert because if application tried to renegotiate it
- * presumably had a good reason and expects it to succeed. In
- * future we might have a renegotiation where we don't care if
- * the peer refused it where we carry on.
- */
- if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
- SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL3_READ_BYTES,
- SSL_R_NO_RENEGOTIATION);
- return -1;
- }
- } else if (alert_level == SSL3_AL_FATAL) {
+ /*
+ * Apart from close_notify the only other warning alert in TLSv1.3
+ * is user_cancelled - which we just ignore.
+ */
+ if (is_tls13 && alert_descr == SSL_AD_USER_CANCELLED) {
+ goto start;
+ } else if (alert_descr == SSL_AD_CLOSE_NOTIFY
+ && (is_tls13 || alert_level == SSL3_AL_WARNING)) {
+ s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+ return 0;
+ } else if (alert_level == SSL3_AL_FATAL || is_tls13) {
char tmp[16];
s->rwstate = SSL_NOTHING;
SSL3_RECORD_set_read(rr);
SSL_CTX_remove_session(s->session_ctx, s->session);
return 0;
- } else {
- SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL3_READ_BYTES,
- SSL_R_UNKNOWN_ALERT_TYPE);
+ } else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
+ /*
+ * This is a warning but we receive it if we requested
+ * renegotiation and the peer denied it. Terminate with a fatal
+ * alert because if application tried to renegotiate it
+ * presumably had a good reason and expects it to succeed. In
+ * future we might have a renegotiation where we don't care if
+ * the peer refused it where we carry on.
+ */
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL3_READ_BYTES,
+ SSL_R_NO_RENEGOTIATION);
return -1;
+ } else if (alert_level == SSL3_AL_WARNING) {
+ /* We ignore any other warning alert in TLSv1.2 and below */
+ goto start;
}
- goto start;
+ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL3_READ_BYTES,
+ SSL_R_UNKNOWN_ALERT_TYPE);
+ return -1;
}
- if (s->shutdown & SSL_SENT_SHUTDOWN) { /* but we have not received a
- * shutdown */
+ /*
+ * If we've sent a close_notify but not yet received one back then ditch
+ * anything we read.
+ */
+ if ((s->shutdown & SSL_SENT_SHUTDOWN) != 0 ) {
+ /*
+ * In TLSv1.3 this could get problematic if we receive a KeyUpdate
+ * message after we sent a close_notify because we're about to ditch it,
+ * so we won't be able to read a close_notify sent afterwards! We don't
+ * support that.
+ */
s->rwstate = SSL_NOTHING;
SSL3_RECORD_set_length(rr, 0);
SSL3_RECORD_set_read(rr);
+
+ if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE
+ && (s->mode & SSL_MODE_AUTO_RETRY) != 0)
+ goto start;
return 0;
}
+ /*
+ * For handshake data we have 'fragment' storage, so fill that so that we
+ * can process the header at a fixed place. This is done after the
+ * "SHUTDOWN" code above to avoid filling the fragment storage with data
+ * that we're just going to discard.
+ */
+ if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) {
+ size_t dest_maxlen = sizeof(s->rlayer.handshake_fragment);
+ unsigned char *dest = s->rlayer.handshake_fragment;
+ size_t *dest_len = &s->rlayer.handshake_fragment_len;
+
+ n = dest_maxlen - *dest_len; /* available space in 'dest' */
+ if (SSL3_RECORD_get_length(rr) < n)
+ n = SSL3_RECORD_get_length(rr); /* available bytes */
+
+ /* now move 'n' bytes: */
+ memcpy(dest + *dest_len,
+ SSL3_RECORD_get_data(rr) + SSL3_RECORD_get_off(rr), n);
+ SSL3_RECORD_add_off(rr, n);
+ SSL3_RECORD_sub_length(rr, n);
+ *dest_len += n;
+ if (SSL3_RECORD_get_length(rr) == 0)
+ SSL3_RECORD_set_read(rr);
+
+ if (*dest_len < dest_maxlen)
+ goto start; /* fragment was too small */
+ }
+
if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
SSL_R_CCS_RECEIVED_EARLY);