diff options
author | Matt Caswell <matt@openssl.org> | 2022-07-26 15:25:03 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2022-08-18 16:38:14 +0100 |
commit | d3192c2643e4de2e2c36e107b7759f845a6e2bff (patch) | |
tree | 89470cb3d5fea640e7e187e478c0ac60077332a0 /ssl | |
parent | 4566dae7236b5c90364e963fd02b2ee533e0d712 (diff) |
Clean up some SCTP releated issues
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/record/methods/dtls_meth.c | 9 | ||||
-rw-r--r-- | ssl/record/methods/recmethod_local.h | 1 | ||||
-rw-r--r-- | ssl/record/methods/tls_common.c | 6 | ||||
-rw-r--r-- | ssl/record/rec_layer_d1.c | 1 | ||||
-rw-r--r-- | ssl/record/rec_layer_s3.c | 17 | ||||
-rw-r--r-- | ssl/record/record.h | 10 |
6 files changed, 21 insertions, 23 deletions
diff --git a/ssl/record/methods/dtls_meth.c b/ssl/record/methods/dtls_meth.c index 2bea171c26..718e0d8e5e 100644 --- a/ssl/record/methods/dtls_meth.c +++ b/ssl/record/methods/dtls_meth.c @@ -200,8 +200,8 @@ static int dtls_process_record(OSSL_RECORD_LAYER *rl, DTLS1_BITMAP *bitmap) */ if (enc_err == 0) { ERR_pop_to_mark(); - if (rl->alert != 0) { - /* SSLfatal() got called */ + if (rl->alert != SSL_AD_NO_ALERT) { + /* RLAYERfatal() already called */ goto end; } /* For DTLS we simply ignore bad packets. */ @@ -510,7 +510,7 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl) rret = rl->funcs->read_n(rl, more, more, 1, 1, &n); /* this packet contained a partial record, dump it */ if (rret < OSSL_RECORD_RETURN_SUCCESS || n != more) { - if (rl->alert != 0) { + if (rl->alert != SSL_AD_NO_ALERT) { /* read_n() called RLAYERfatal() */ return OSSL_RECORD_RETURN_FATAL; } @@ -577,7 +577,7 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl) } if (!dtls_process_record(rl, bitmap)) { - if (rl->alert != 0) { + if (rl->alert != SSL_AD_NO_ALERT) { /* dtls_process_record() called RLAYERfatal */ return OSSL_RECORD_RETURN_FATAL; } @@ -616,7 +616,6 @@ static int dtls_free(OSSL_RECORD_LAYER *rl) while ((item = pqueue_pop(rl->unprocessed_rcds.q)) != NULL) { rdata = (DTLS_RLAYER_RECORD_DATA *)item->data; /* Push to the next record layer */ - /* TODO(RECLAYER): Handle SCTP meta data */ ret &= BIO_write_ex(rl->next, rdata->packet, rdata->packet_length, &written); OPENSSL_free(rdata->rbuf.buf); diff --git a/ssl/record/methods/recmethod_local.h b/ssl/record/methods/recmethod_local.h index 972fd19a1b..2fb100d5a9 100644 --- a/ssl/record/methods/recmethod_local.h +++ b/ssl/record/methods/recmethod_local.h @@ -200,7 +200,6 @@ typedef struct dtls_rlayer_record_data_st { SSL3_RECORD rrec; } DTLS_RLAYER_RECORD_DATA; - extern struct record_functions_st ssl_3_0_funcs; extern struct record_functions_st tls_1_funcs; extern struct record_functions_st tls_1_3_funcs; diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c index 83e9a0c40a..4fc5c010de 100644 --- a/ssl/record/methods/tls_common.c +++ b/ssl/record/methods/tls_common.c @@ -695,7 +695,7 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl) * 1: Success or MTE decryption failed (MAC will be randomised) */ if (enc_err == 0) { - if (rl->alert != 0) { + if (rl->alert != SSL_AD_NO_ALERT) { /* RLAYERfatal() already got called */ goto end; } @@ -752,7 +752,7 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl) } if (enc_err == 0) { - if (rl->alert != 0) { + if (rl->alert != SSL_AD_NO_ALERT) { /* We already called RLAYERfatal() */ goto end; } @@ -1115,6 +1115,8 @@ tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers, rl->direction = direction; rl->level = level; + rl->alert = SSL_AD_NO_ALERT; + if (level == OSSL_RECORD_PROTECTION_LEVEL_NONE) rl->is_first_record = 1; diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 9a83e6d924..53a3d1bf80 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -178,7 +178,6 @@ static void dtls_unbuffer_record(SSL_CONNECTION *s) #ifndef OPENSSL_NO_SCTP /* Restore bio_dgram_sctp_rcvinfo struct */ if (BIO_dgram_is_sctp(SSL_get_rbio(s))) { - DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *)item->data; BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo); } diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 0adf5d49a9..807cc43c15 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1087,10 +1087,19 @@ int ossl_tls_handle_rlayer_return(SSL_CONNECTION *s, int ret, char *file, SSL_R_UNEXPECTED_EOF_WHILE_READING, NULL); } } else if (ret == OSSL_RECORD_RETURN_FATAL) { - ERR_new(); - ERR_set_debug(file, line, 0); - ossl_statem_fatal(s, s->rlayer.rrlmethod->get_alert_code(s->rlayer.rrl), - SSL_R_RECORD_LAYER_FAILURE, NULL); + int al = s->rlayer.rrlmethod->get_alert_code(s->rlayer.rrl); + + if (al != SSL_AD_NO_ALERT) { + ERR_new(); + ERR_set_debug(file, line, 0); + ossl_statem_fatal(s, al, SSL_R_RECORD_LAYER_FAILURE, NULL); + } + /* + * else some failure but there is no alert code. We don't log an + * error for this. The record layer should have logged an error + * already or, if not, its due to some sys call error which will be + * reported via SSL_ERROR_SYSCALL and errno. + */ } /* * The record layer distinguishes the cases of EOF, non-fatal diff --git a/ssl/record/record.h b/ssl/record/record.h index 793292ae33..4d3f7169dd 100644 --- a/ssl/record/record.h +++ b/ssl/record/record.h @@ -107,16 +107,6 @@ typedef struct record_pqueue_st { struct pqueue_st *q; } record_pqueue; -typedef struct dtls1_record_data_st { - unsigned char *packet; - size_t packet_length; - SSL3_BUFFER rbuf; - SSL3_RECORD rrec; -#ifndef OPENSSL_NO_SCTP - struct bio_dgram_sctp_rcvinfo recordinfo; -#endif -} DTLS1_RECORD_DATA; - typedef struct dtls_record_layer_st { /* * The current data and handshake epoch. This is initially |