diff --git a/ChangeLog b/ChangeLog index ae061e8c0..f2e086297 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,8 @@ Bugfix * Fix compile error in timing.c when POLARSSL_NET_C and POLARSSL_SELFTEST are defined but not POLARSSL_HAVE_TIME (found by Stephane Di Vito). * Remove non-existent file from VS projects (found by Peter Vaskovic). + * ssl_read() could return non-application data records on server while + renegotation was pending, and on client when a HelloRequest was received. Changes * Ciphersuites using SHA-256 or SHA-384 now require TLS 1.x (there is no @@ -18,6 +20,8 @@ Changes ambiguous on how to encode some packets with SSL 3.0). * Made buffer size in pk_write_(pub)key_pem() more dynamic, eg smaller if RSA is disabled, larger if POLARSSL_MPI_MAX_SIZE is larger. + * ssl_read() now returns POLARSSL_ERR_NET_WANT_READ rather than + POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE on harmless alerts. = PolarSSL 1.3.8 released 2014-07-11 Security diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ac82dfb25..1d68d965e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4357,9 +4357,10 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len ) SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret ); return( ret ); } - - return( POLARSSL_ERR_NET_WANT_READ ); } + + /* Tell the user to call ssl_read() again */ + return( POLARSSL_ERR_NET_WANT_READ ); } else if( ssl->renegotiation == SSL_RENEGOTIATION_PENDING ) { @@ -4373,7 +4374,15 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len ) return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE ); } } - else if( ssl->in_msgtype != SSL_MSG_APPLICATION_DATA ) + + /* Fatal and closure alerts handled by ssl_read_record() */ + if( ssl->in_msgtype == SSL_MSG_ALERT ) + { + SSL_DEBUG_MSG( 2, ( "ignoring non-fatal non-closure alert" ) ); + return( POLARSSL_ERR_NET_WANT_READ ); + } + + if( ssl->in_msgtype != SSL_MSG_APPLICATION_DATA ) { SSL_DEBUG_MSG( 1, ( "bad application data message" ) ); return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );