Commit 0a87d0ac authored by Matt Caswell's avatar Matt Caswell
Browse files

Parse the early_data extension 



We also skip any early_data that subsequently gets sent. Later commits will
process it if we can.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
parent a4f376af

ssl/record/ssl3_record.c

+11 −0
Original line number Diff line number Diff line
@@ -424,6 +424,17 @@ int ssl3_get_record(SSL *s) 
     *    -1: if the padding is invalid

     */

    if (enc_err == 0) {

        if (num_recs == 1 && ossl_statem_skip_early_data(s)) {

            /*

             * We assume this is unreadable early_data - we treat it like an

             * empty record

             */

            thisrr = &rr[0];

            thisrr->length = 0;

            thisrr->read = 1;

            RECORD_LAYER_set_numrpipes(&s->rlayer, 1);

            return 1;

        }

        al = SSL_AD_DECRYPTION_FAILED;

        SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);

        goto f_err;

ssl/ssl_locl.h

+3 −0
Original line number Diff line number Diff line
@@ -1176,6 +1176,9 @@ struct ssl_st { 


        /* Set to one if we have negotiated ETM */

        int use_etm;



        /* Set to 1 if we are expecting to receive early data */

        int expect_early_data;

    } ext;



    /* Parsed form of the ClientHello, kept around across early_cb calls. */

ssl/statem/extensions.c

+2 −1
Original line number Diff line number Diff line
@@ -138,7 +138,8 @@ static const EXTENSION_DEFINITION ext_defs[] = { 
    {

        TLSEXT_TYPE_early_data,

        EXT_CLIENT_HELLO | EXT_TLS1_3_ENCRYPTED_EXTENSIONS,

        NULL, NULL, NULL, NULL, tls_construct_ctos_early_data, NULL

        NULL, tls_parse_ctos_early_data, NULL, NULL,

        tls_construct_ctos_early_data, NULL

    },

#ifndef OPENSSL_NO_EC

    {

ssl/statem/extensions_srvr.c

+13 −0
Original line number Diff line number Diff line
@@ -162,6 +162,19 @@ int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, 
}

#endif



int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context,

                              X509 *x, size_t chainidx, int *al)

{

    if (PACKET_remaining(pkt) != 0) {

        *al = SSL_AD_DECODE_ERROR;

        return 0;

    }



    s->ext.expect_early_data = 1;



    return 1;

}



#ifndef OPENSSL_NO_EC

int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,

                                 X509 *x, size_t chainidx, int *al)

ssl/statem/statem.c

+12 −0
Original line number Diff line number Diff line
@@ -151,6 +151,18 @@ void ossl_statem_set_in_handshake(SSL *s, int inhand) 
        s->statem.in_handshake--;

}



/* Are we in a sensible state to skip over unreadable early data? */

int ossl_statem_skip_early_data(SSL *s)

{

    if (!s->ext.expect_early_data)

        return 0;



    if (s->statem.hand_state != TLS_ST_SW_FINISHED)

        return 0;



    return 1;

}



void ossl_statem_set_hello_verify_done(SSL *s)

{

    s->statem.state = MSG_FLOW_UNINITED;