1 /*
2 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include "../ssl_local.h"
11 #include "statem_local.h"
12 #include "internal/cryptlib.h"
13
quic_get_message(SSL * s,int * mt)14 int quic_get_message(SSL *s, int *mt)
15 {
16 size_t l;
17 QUIC_DATA *qd = s->quic_input_data_head;
18 uint8_t *p;
19
20 if (qd == NULL) {
21 s->rwstate = SSL_READING;
22 *mt = 0;
23 return 0;
24 }
25
26 if (!ossl_assert(qd->length >= SSL3_HM_HEADER_LENGTH)) {
27 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_LENGTH);
28 *mt = 0;
29 return 0;
30 }
31
32 /* This is where we check for the proper level, not when data is given */
33 if (qd->level != s->quic_read_level) {
34 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED);
35 *mt = 0;
36 return 0;
37 }
38
39 if (!BUF_MEM_grow_clean(s->init_buf, (int)qd->length)) {
40 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_BUF_LIB);
41 *mt = 0;
42 return 0;
43 }
44
45 /* Copy buffered data */
46 memcpy(s->init_buf->data, s->quic_buf->data + qd->start, qd->length);
47 s->init_buf->length = qd->length;
48 s->quic_input_data_head = qd->next;
49 if (s->quic_input_data_head == NULL)
50 s->quic_input_data_tail = NULL;
51 OPENSSL_free(qd);
52
53 s->s3.tmp.message_type = *mt = *(s->init_buf->data);
54 p = (uint8_t*)s->init_buf->data + 1;
55 n2l3(p, l);
56 s->init_num = s->s3.tmp.message_size = l;
57 s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH;
58
59 return 1;
60 }
61
quic_get_message_body(SSL * s,size_t * len)62 int quic_get_message_body(SSL *s, size_t *len)
63 {
64 /* No CCS in QUIC/TLSv1.3? */
65 if (s->s3.tmp.message_type == SSL3_MT_CHANGE_CIPHER_SPEC) {
66 SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_CCS_RECEIVED_EARLY);
67 *len = 0;
68 return 0;
69 }
70 /* No KeyUpdate in QUIC */
71 if (s->s3.tmp.message_type == SSL3_MT_KEY_UPDATE) {
72 SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
73 *len = 0;
74 return 0;
75 }
76
77 /*
78 * If receiving Finished, record MAC of prior handshake messages for
79 * Finished verification.
80 */
81 if (s->s3.tmp.message_type == SSL3_MT_FINISHED && !ssl3_take_mac(s)) {
82 /* SSLfatal() already called */
83 *len = 0;
84 return 0;
85 }
86
87 /*
88 * We defer feeding in the HRR until later. We'll do it as part of
89 * processing the message
90 * The TLsv1.3 handshake transcript stops at the ClientFinished
91 * message.
92 */
93 #define SERVER_HELLO_RANDOM_OFFSET (SSL3_HM_HEADER_LENGTH + 2)
94 /* KeyUpdate and NewSessionTicket do not need to be added */
95 if (s->s3.tmp.message_type != SSL3_MT_NEWSESSION_TICKET
96 && s->s3.tmp.message_type != SSL3_MT_KEY_UPDATE) {
97 if (s->s3.tmp.message_type != SSL3_MT_SERVER_HELLO
98 || s->init_num < SERVER_HELLO_RANDOM_OFFSET + SSL3_RANDOM_SIZE
99 || memcmp(hrrrandom,
100 s->init_buf->data + SERVER_HELLO_RANDOM_OFFSET,
101 SSL3_RANDOM_SIZE) != 0) {
102 if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
103 s->init_num + SSL3_HM_HEADER_LENGTH)) {
104 /* SSLfatal() already called */
105 *len = 0;
106 return 0;
107 }
108 }
109 }
110 if (s->msg_callback)
111 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data,
112 (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, s,
113 s->msg_callback_arg);
114
115 *len = s->init_num;
116 return 1;
117 }
118