Make dtls1.3 changes to dtls1_read_bytes and do_dtls1_write which matches ssl3_read_b...

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22360)

diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index d55887d9aaa2124fba6598cb9ef6dedce5de064e..1fb51d27e95a8f7bcbeea1e8788be8723beaabb9 100644 (file)
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -204,10 +204,13 @@ int dtls1_read_bytes(SSL *s, uint8_t type, uint8_t *recvd_type,
     TLS_RECORD *rr;
     void (*cb) (const SSL *ssl, int type2, int val) = NULL;
     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
+    int is_dtls13;
 
     if (sc == NULL)
         return -1;
 
+    is_dtls13 = SSL_CONNECTION_IS_DTLS13(sc);
+
     if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
          (type != SSL3_RT_HANDSHAKE)) ||
         (peek && (type != SSL3_RT_APPLICATION_DATA))) {
@@ -312,7 +315,8 @@ int dtls1_read_bytes(SSL *s, uint8_t type, uint8_t *recvd_type,
 
     if (type == rr->type
         || (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC
-            && type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) {
+            && type == SSL3_RT_HANDSHAKE && recvd_type != NULL
+            && !is_dtls13)) {
         /*
          * SSL3_RT_APPLICATION_DATA or
          * SSL3_RT_HANDSHAKE or
@@ -405,7 +409,8 @@ int dtls1_read_bytes(SSL *s, uint8_t type, uint8_t *recvd_type,
             cb(s, SSL_CB_READ_ALERT, j);
         }
 
-        if (alert_level == SSL3_AL_WARNING) {
+        if ((!is_dtls13 && alert_level == SSL3_AL_WARNING)
+                || (is_dtls13 && alert_descr == SSL_AD_USER_CANCELLED)) {
             sc->s3.warn_alert = alert_descr;
             if (!ssl_release_record(sc, rr, 0))
                 return -1;
@@ -417,7 +422,13 @@ int dtls1_read_bytes(SSL *s, uint8_t type, uint8_t *recvd_type,
                 return -1;
             }
 
-            if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
+            /*
+            * Apart from close_notify the only other warning alert in DTLSv1.3
+            * is user_cancelled - which we just ignore.
+            */
+            if (is_dtls13 && alert_descr == SSL_AD_USER_CANCELLED) {
+                goto start;
+            } else if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
 #ifndef OPENSSL_NO_SCTP
                 /*
                  * With SCTP and streams the socket may deliver app data
@@ -436,7 +447,7 @@ int dtls1_read_bytes(SSL *s, uint8_t type, uint8_t *recvd_type,
                 sc->shutdown |= SSL_RECEIVED_SHUTDOWN;
                 return 0;
             }
-        } else if (alert_level == SSL3_AL_FATAL) {
+        } else if (alert_level == SSL3_AL_FATAL || is_dtls13) {
             sc->rwstate = SSL_NOTHING;
             sc->s3.fatal_alert = alert_descr;
             SSLfatal_data(sc, SSL_AD_NO_ALERT,
@@ -643,13 +654,15 @@ int do_dtls1_write(SSL_CONNECTION *sc, uint8_t type, const unsigned char *buf,
     }
 
     tmpl.type = type;
+    if (sc->version == DTLS1_3_VERSION)
+        tmpl.version = DTLS1_2_VERSION;
     /*
      * Special case: for hello verify request, client version 1.0 and we
      * haven't decided which version to use yet send back using version 1.0
      * header: otherwise some clients will ignore it.
      */
-    if (s->method->version == DTLS_ANY_VERSION
-            && sc->max_proto_version != DTLS1_BAD_VER)
+    else if (s->method->version == DTLS_ANY_VERSION
+             && sc->max_proto_version != DTLS1_BAD_VER)
         tmpl.version = DTLS1_VERSION;
     else
         tmpl.version = sc->version;