* https://www.openssl.org/source/license.html
*/
-#include <assert.h>
#include "../ssl_locl.h"
#include "internal/constant_time_locl.h"
#include <openssl/rand.h>
#include "record_locl.h"
+#include "internal/cryptlib.h"
static const unsigned char ssl3_pad_1[48] = {
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
sslv2pkt = pkt;
if (!PACKET_get_net_2_len(&sslv2pkt, &sslv2len)
|| !PACKET_get_1(&sslv2pkt, &type)) {
- al = SSL_AD_INTERNAL_ERROR;
+ al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
goto f_err;
}
}
if (thisrr->length < MIN_SSL2_RECORD_LEN) {
- al = SSL_AD_HANDSHAKE_FAILURE;
+ al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
}
} else {
/* SSLv3+ style record */
- /*
- * TODO(TLS1.3): This callback only provides the "outer" record
- * type to the callback. Somehow we need to pass the "inner"
- * record type
- */
if (s->msg_callback)
s->msg_callback(0, 0, SSL3_RT_HEADER, p, 5, s,
s->msg_callback_arg);
if (!PACKET_get_1(&pkt, &type)
|| !PACKET_get_net_2(&pkt, &version)
|| !PACKET_get_net_2_len(&pkt, &thisrr->length)) {
- al = SSL_AD_INTERNAL_ERROR;
+ al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
goto f_err;
}
unsigned char *mac;
/* TODO(size_t): convert this to do size_t properly */
imac_size = EVP_MD_CTX_size(s->read_hash);
- assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE);
- if (imac_size < 0 || imac_size > EVP_MAX_MD_SIZE) {
+ if (!ossl_assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE)) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_SSL3_GET_RECORD, ERR_LIB_EVP);
goto f_err;
unsigned char mac_tmp[EVP_MAX_MD_SIZE];
mac_size = EVP_MD_CTX_size(s->read_hash);
- OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
+ if (!ossl_assert(mac_size <= EVP_MAX_MD_SIZE)) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
for (j = 0; j < num_recs; j++) {
thisrr = &rr[j];
* contents of the padding bytes.
*/
mac = mac_tmp;
- ssl3_cbc_copy_mac(mac_tmp, thisrr, mac_size);
+ if (!ssl3_cbc_copy_mac(mac_tmp, thisrr, mac_size)) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
thisrr->length -= mac_size;
} else {
/*
if (SSL_IS_TLS13(s) && s->enc_read_ctx != NULL) {
size_t end;
- if (thisrr->length == 0) {
+ if (thisrr->length == 0
+ || thisrr->type != SSL3_RT_APPLICATION_DATA) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BAD_RECORD_TYPE);
goto f_err;
SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BAD_RECORD_TYPE);
goto f_err;
}
+ if (s->msg_callback)
+ s->msg_callback(0, s->version, SSL3_RT_INNER_CONTENT_TYPE,
+ &thisrr->data[end], 1, s, s->msg_callback_arg);
+ }
+
+ /*
+ * TLSv1.3 alert and handshake records are required to be non-zero in
+ * length.
+ */
+ if (SSL_IS_TLS13(s)
+ && (thisrr->type == SSL3_RT_HANDSHAKE
+ || thisrr->type == SSL3_RT_ALERT)
+ && thisrr->length == 0) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BAD_LENGTH);
+ goto f_err;
}
if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
if (sending) {
if (EVP_MD_CTX_md(s->write_hash)) {
int n = EVP_MD_CTX_size(s->write_hash);
- OPENSSL_assert(n >= 0);
+ if (!ossl_assert(n >= 0)) {
+ SSLerr(SSL_F_TLS1_ENC, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
}
ds = s->enc_write_ctx;
if (s->enc_write_ctx == NULL)
} else {
if (EVP_MD_CTX_md(s->read_hash)) {
int n = EVP_MD_CTX_size(s->read_hash);
- OPENSSL_assert(n >= 0);
+ if (!ossl_assert(n >= 0)) {
+ SSLerr(SSL_F_TLS1_ENC, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
}
ds = s->enc_read_ctx;
if (s->enc_read_ctx == NULL)
}
t = EVP_MD_CTX_size(hash);
- OPENSSL_assert(t >= 0);
+ if (!ossl_assert(t >= 0))
+ return 0;
md_size = t;
/* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
ssl->s3->read_mac_secret,
ssl->s3->read_mac_secret_size, 0) <= 0) {
EVP_MD_CTX_free(hmac);
- return -1;
+ return 0;
}
} else {
/* TODO(size_t): Convert these calls */
*/
#define CBC_MAC_ROTATE_IN_PLACE
-void ssl3_cbc_copy_mac(unsigned char *out,
+int ssl3_cbc_copy_mac(unsigned char *out,
const SSL3_RECORD *rec, size_t md_size)
{
#if defined(CBC_MAC_ROTATE_IN_PLACE)
size_t i, j;
size_t rotate_offset;
- OPENSSL_assert(rec->orig_len >= md_size);
- OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
+ if (!ossl_assert(rec->orig_len >= md_size
+ && md_size <= EVP_MAX_MD_SIZE))
+ return 0;
#if defined(CBC_MAC_ROTATE_IN_PLACE)
rotated_mac = rotated_mac_buf + ((0 - (size_t)rotated_mac_buf) & 63);
rotate_offset &= constant_time_lt_s(rotate_offset, md_size);
}
#endif
+
+ return 1;
}
int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
if (SSL_READ_ETM(s) && s->read_hash) {
unsigned char *mac;
mac_size = EVP_MD_CTX_size(s->read_hash);
- OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
+ if (!ossl_assert(mac_size <= EVP_MAX_MD_SIZE)) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_DTLS1_PROCESS_RECORD, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
if (rr->orig_len < mac_size) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
}
mac_size = (size_t)imac_size;
- OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
+ if (!ossl_assert(mac_size <= EVP_MAX_MD_SIZE)) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_DTLS1_PROCESS_RECORD, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
/*
* orig_len is the length of the record before any padding was
* contents of the padding bytes.
*/
mac = mac_tmp;
- ssl3_cbc_copy_mac(mac_tmp, rr, mac_size);
+ if (!ssl3_cbc_copy_mac(mac_tmp, rr, mac_size)) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_DTLS1_PROCESS_RECORD, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
rr->length -= mac_size;
} else {
/*
}
/*
- * retrieve a buffered record that belongs to the current epoch, ie,
- * processed
+ * Retrieve a buffered record that belongs to the current epoch, i.e. processed
*/
#define dtls1_get_processed_record(s) \
dtls1_retrieve_buffered_record((s), \