external/boringssl: Sync to bbfe603519bc54fbc4c8dd87efe1ed385df550b4.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/2d05568a7b7bc62affbd13ea97a81b5829b99794..bbfe603519bc54fbc4c8dd87efe1ed385df550b4
Test: BoringSSL CTS Presubmits.
Change-Id: I78ec99cd34bebca1f864e4daaaedeec6bc1db3f0
diff --git a/src/ssl/s3_pkt.c b/src/ssl/s3_pkt.c
index 2f919ca..c2d30ca 100644
--- a/src/ssl/s3_pkt.c
+++ b/src/ssl/s3_pkt.c
@@ -189,7 +189,7 @@
}
int ssl3_write_app_data(SSL *ssl, const uint8_t *buf, int len) {
- assert(!SSL_in_init(ssl) || SSL_in_false_start(ssl));
+ assert(ssl_can_write(ssl));
unsigned tot, n, nw;
@@ -325,10 +325,11 @@
int ssl3_read_app_data(SSL *ssl, int *out_got_handshake, uint8_t *buf, int len,
int peek) {
- assert(!SSL_in_init(ssl));
- assert(ssl->s3->initial_handshake_complete);
+ assert(ssl_can_read(ssl));
*out_got_handshake = 0;
+ ssl->method->release_current_message(ssl, 0 /* don't free buffer */);
+
SSL3_RECORD *rr = &ssl->s3->rrec;
for (;;) {
@@ -345,6 +346,14 @@
}
if (has_hs_data || rr->type == SSL3_RT_HANDSHAKE) {
+ /* If reading 0-RTT data, reject handshake data. 0-RTT data is terminated
+ * by an alert. */
+ if (SSL_in_init(ssl)) {
+ OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+ return -1;
+ }
+
/* Post-handshake data prior to TLS 1.3 is always renegotiation, which we
* never accept as a server. Otherwise |ssl3_get_message| will send
* |SSL_R_EXCESSIVE_MESSAGE_SIZE|. */
@@ -363,6 +372,24 @@
return -1;
}
+ /* Handle the end_of_early_data alert. */
+ if (rr->type == SSL3_RT_ALERT &&
+ rr->length == 2 &&
+ rr->data[0] == SSL3_AL_WARNING &&
+ rr->data[1] == TLS1_AD_END_OF_EARLY_DATA &&
+ ssl->server &&
+ ssl->s3->hs != NULL &&
+ ssl->s3->hs->can_early_read &&
+ ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
+ /* Consume the record. */
+ rr->length = 0;
+ ssl_read_buffer_discard(ssl);
+ /* Stop accepting early data. */
+ ssl->s3->hs->can_early_read = 0;
+ *out_got_handshake = 1;
+ return -1;
+ }
+
if (rr->type != SSL3_RT_APPLICATION_DATA) {
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);