diff options
Diffstat (limited to 'deps/openssl/openssl/ssl/record')
| -rw-r--r-- | deps/openssl/openssl/ssl/record/rec_layer_d1.c | 15 | ||||
| -rw-r--r-- | deps/openssl/openssl/ssl/record/rec_layer_s3.c | 10 |
2 files changed, 10 insertions, 15 deletions
diff --git a/deps/openssl/openssl/ssl/record/rec_layer_d1.c b/deps/openssl/openssl/ssl/record/rec_layer_d1.c index 1f9b31969d..cb5d54ef5a 100644 --- a/deps/openssl/openssl/ssl/record/rec_layer_d1.c +++ b/deps/openssl/openssl/ssl/record/rec_layer_d1.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -440,19 +440,6 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, && SSL3_RECORD_get_length(rr) != 0) s->rlayer.alert_count = 0; - if (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE - && SSL3_RECORD_get_type(rr) != SSL3_RT_CHANGE_CIPHER_SPEC - && !SSL_in_init(s) - && (s->d1->next_timeout.tv_sec != 0 - || s->d1->next_timeout.tv_usec != 0)) { - /* - * The timer is still running but we've received something that isn't - * handshake data - so the peer must have finished processing our - * last handshake flight. Stop the timer. - */ - dtls1_stop_timer(s); - } - /* we now have a packet which can be read and processed */ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, diff --git a/deps/openssl/openssl/ssl/record/rec_layer_s3.c b/deps/openssl/openssl/ssl/record/rec_layer_s3.c index 6d495715b2..b2f97ef905 100644 --- a/deps/openssl/openssl/ssl/record/rec_layer_s3.c +++ b/deps/openssl/openssl/ssl/record/rec_layer_s3.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1315,6 +1315,14 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } while (num_recs == 0); rr = &rr[curr_rec]; + if (s->rlayer.handshake_fragment_len > 0 + && SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE + && SSL_IS_TLS13(s)) { + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES, + SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA); + return -1; + } + /* * Reset the count of consecutive warning alerts if we've got a non-empty * record that isn't an alert. |