diff options
author | Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk> | 2023-12-19 10:37:53 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2024-04-23 11:57:05 +0100 |
commit | cd8226fbbf0197a432a55c45e80bbaedd99ff795 (patch) | |
tree | 557f82be8824310cee83c6d7d47ecc5f904f0cbc | |
parent | c88ec0c693be00c21b7c4ca962adf9dec4107590 (diff) |
Handle alerts similarly in dtls1_read_bytes() as done in ssl3_read_bytes()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22360)
-rw-r--r-- | ssl/record/rec_layer_d1.c | 54 |
1 files changed, 28 insertions, 26 deletions
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index f04fea04f3..480d0d9cdc 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -421,32 +421,33 @@ int dtls1_read_bytes(SSL *s, uint8_t type, uint8_t *recvd_type, SSL_R_TOO_MANY_WARN_ALERTS); return -1; } + } + /* + * Apart from close_notify the only other warning alert in DTLSv1.3 + * is user_cancelled - which we just ignore. + */ + if (is_dtls13 && alert_descr == SSL_AD_USER_CANCELLED) { + goto start; + } else if (alert_descr == SSL_AD_CLOSE_NOTIFY + && (is_dtls13 || alert_level == SSL3_AL_WARNING)) { +#ifndef OPENSSL_NO_SCTP /* - * Apart from close_notify the only other warning alert in DTLSv1.3 - * is user_cancelled - which we just ignore. + * With SCTP and streams the socket may deliver app data + * after a close_notify alert. We have to check this first so + * that nothing gets discarded. */ - if (is_dtls13 && alert_descr == SSL_AD_USER_CANCELLED) { - goto start; - } else if (alert_descr == SSL_AD_CLOSE_NOTIFY) { -#ifndef OPENSSL_NO_SCTP - /* - * With SCTP and streams the socket may deliver app data - * after a close_notify alert. We have to check this first so - * that nothing gets discarded. - */ - if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && - BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) > 0) { - sc->d1->shutdown_received = 1; - sc->rwstate = SSL_READING; - BIO_clear_retry_flags(SSL_get_rbio(s)); - BIO_set_retry_read(SSL_get_rbio(s)); - return -1; - } -#endif - sc->shutdown |= SSL_RECEIVED_SHUTDOWN; - return 0; + if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && + BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) > 0) { + sc->d1->shutdown_received = 1; + sc->rwstate = SSL_READING; + BIO_clear_retry_flags(SSL_get_rbio(s)); + BIO_set_retry_read(SSL_get_rbio(s)); + return -1; } +#endif + sc->shutdown |= SSL_RECEIVED_SHUTDOWN; + return 0; } else if (alert_level == SSL3_AL_FATAL || is_dtls13) { sc->rwstate = SSL_NOTHING; sc->s3.fatal_alert = alert_descr; @@ -458,12 +459,13 @@ int dtls1_read_bytes(SSL *s, uint8_t type, uint8_t *recvd_type, return -1; SSL_CTX_remove_session(sc->session_ctx, sc->session); return 0; - } else { - SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER, SSL_R_UNKNOWN_ALERT_TYPE); - return -1; + } else if (alert_level == SSL3_AL_WARNING) { + /* We ignore any other warning alert in (D)TLSv1.2 and below */ + goto start; } - goto start; + SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER, SSL_R_UNKNOWN_ALERT_TYPE); + return -1; } if (sc->shutdown & SSL_SENT_SHUTDOWN) { /* but we have not received a |