Commit 8f6567df authored by Matt Caswell's avatar Matt Caswell
Browse files

Don't interleave handshake and other record types in TLSv1.3 



In TLSv1.3 it is illegal to interleave handshake records with non handshake
records.

Fixes #8189

Reviewed-by: default avatarBen Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/8191)

(cherry picked from commit 3d35e3a2)
parent a81cc6e8

crypto/err/openssl.txt

+2 −0
Original line number Diff line number Diff line
@@ -2723,6 +2723,8 @@ SSL_R_MISSING_SRP_PARAM:358:can't find SRP server param 
SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION:209:missing supported groups extension

SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key

SSL_R_MISSING_TMP_ECDH_KEY:311:missing tmp ecdh key

SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA:293:\

	mixed handshake and non handshake data

SSL_R_NOT_ON_RECORD_BOUNDARY:182:not on record boundary

SSL_R_NOT_REPLACING_CERTIFICATE:289:not replacing certificate

SSL_R_NOT_SERVER:284:not server

include/openssl/sslerr.h

+2 −1
Original line number Diff line number Diff line 
/*

 * Generated by util/mkerr.pl DO NOT EDIT

 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.

 * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.

 *

 * Licensed under the OpenSSL license (the "License").  You may not use

 * this file except in compliance with the License.  You can obtain a copy
@@ -596,6 +596,7 @@ int ERR_load_SSL_strings(void); 
# define SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION         209

# define SSL_R_MISSING_TMP_DH_KEY                         171

# define SSL_R_MISSING_TMP_ECDH_KEY                       311

# define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA     293

# define SSL_R_NOT_ON_RECORD_BOUNDARY                     182

# define SSL_R_NOT_REPLACING_CERTIFICATE                  289

# define SSL_R_NOT_SERVER                                 284

ssl/record/rec_layer_s3.c

+8 −0
Original line number Diff line number Diff line
@@ -1315,6 +1315,14 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, 
    } while (num_recs == 0);

    rr = &rr[curr_rec];



    if (s->rlayer.handshake_fragment_len > 0

            && SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE

            && SSL_IS_TLS13(s)) {

        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,

                 SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA);

        return -1;

    }



    /*

     * Reset the count of consecutive warning alerts if we've got a non-empty

     * record that isn't an alert.

ssl/ssl_err.c

+3 −1
Original line number Diff line number Diff line 
/*

 * Generated by util/mkerr.pl DO NOT EDIT

 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.

 * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.

 *

 * Licensed under the OpenSSL license (the "License").  You may not use

 * this file except in compliance with the License.  You can obtain a copy
@@ -965,6 +965,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { 
    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key"},

    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_ECDH_KEY),

    "missing tmp ecdh key"},

    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA),

    "mixed handshake and non handshake data"},

    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_ON_RECORD_BOUNDARY),

    "not on record boundary"},

    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_REPLACING_CERTIFICATE),