Fix error in BIO_get_ktls_send() and BIO_get_ktls_recv()

If we were using a different type of BIO than a socket BIO then BIO_get_ktls_send() and BIO_get_ktls_recv() could return the wrong result. The above occurred even if KTLS was disabled at compile time - so we should additionally ensure that those macros do nothing if KTLS is disabled. Finally we make the logic in ssl3_get_record() a little more robust when KTLS has been disabled. [extended tests] Reviewed-by: N Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8793)

Fix error in BIO_get_ktls_send() and BIO_get_ktls_recv()
If we were using a different type of BIO than a socket BIO then BIO_get_ktls_send() and BIO_get_ktls_recv() could return the wrong result. The above occurred even if KTLS was disabled at compile time - so we should additionally ensure that those macros do nothing if KTLS is disabled. Finally we make the logic in ssl3_get_record() a little more robust when KTLS has been disabled. [extended tests] Reviewed-by: N Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8793)
3119ab3c · Matt Caswell · 8450d0c7 · 3119ab3c · 3119ab3c
隐藏空白更改
内联并排

Showing with 13 addition and 6 deletion

include/openssl/bio.h include/openssl/bio.h +11 -4

ssl/record/ssl3_record.c ssl/record/ssl3_record.c +2 -2

未找到文件。
--- a/include/openssl/bio.h
+++ b/include/openssl/bio.h
@@ -152,13 +152,20 @@ extern "C" {
 * # define BIO_CTRL_CLEAR_KTLS_CTRL_MSG           75
 */

-#  define BIO_CTRL_GET_KTLS_SEND                 73
-#  define BIO_CTRL_GET_KTLS_RECV                 76
+# define BIO_CTRL_GET_KTLS_SEND                 73
+# define BIO_CTRL_GET_KTLS_RECV                 76

+# ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
-     BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL)
+     (BIO_method_type(b) == BIO_TYPE_SOCKET \
+      && BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL))
 #  define BIO_get_ktls_recv(b)         \
-     BIO_ctrl(b, BIO_CTRL_GET_KTLS_RECV, 0, NULL)
+     (BIO_method_type(b) == BIO_TYPE_SOCKET \
+      && BIO_ctrl(b, BIO_CTRL_GET_KTLS_RECV, 0, NULL))
+# else
+#  define BIO_get_ktls_send(b)  (0)
+#  define BIO_get_ktls_recv(b)  (0)
+# endif

 /* modifiers */
 # define BIO_FP_READ             0x02

--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -211,9 +211,9 @@ int ssl3_get_record(SSL *s)
                               SSL3_BUFFER_get_len(rbuf), 0,
                               num_recs == 0 ? 1 : 0, &n);
            if (rret <= 0) {
+#ifndef OPENSSL_NO_KTLS
                if (!BIO_get_ktls_recv(s->rbio))
                    return rret;     /* error or non-blocking */
-#ifndef OPENSSL_NO_KTLS
                switch (errno) {
                case EBADMSG:
                    SSLfatal(s, SSL_AD_BAD_RECORD_MAC,
@@ -233,8 +233,8 @@ int ssl3_get_record(SSL *s)
                default:
                    break;
                }
-                return rret;
 #endif
+                return rret;
            }
            RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_BODY);