Switch to encrypted records in the TLSv1.3 server.

This adds code to perform key derivation and set the traffic keys once the ServerHello message has been sent, enabling encrypted records. ok beck@ tb@
author: jsing <jsing@openbsd.org> 2020-01-24 04:43:09 +0000
committer: jsing <jsing@openbsd.org> 2020-01-24 04:43:09 +0000
commit: be8ffa848e48af7cb9aae9d1e134f5bcd89137b4 (patch)
tree: 10ec020d1003ab8a5cd267010a534632568b6cbb /lib/libssl/tls13_handshake.c
parent: Enable SSL_ENC_FLAG_SIGALGS on TLSv1_3_enc_data. (diff)
download: wireguard-openbsd-be8ffa848e48af7cb9aae9d1e134f5bcd89137b4.tar.xz
wireguard-openbsd-be8ffa848e48af7cb9aae9d1e134f5bcd89137b4.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/libssl/tls13_handshake.c b/lib/libssl/tls13_handshake.c
index 1157d6ecac2..518073f4a15 100644
--- a/lib/libssl/tls13_handshake.c
+++ b/lib/libssl/tls13_handshake.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls13_handshake.c,v 1.41 2020/01/23 02:24:38 jsing Exp $	*/
+/*	$OpenBSD: tls13_handshake.c,v 1.42 2020/01/24 04:43:09 jsing Exp $	*/
 /*
  * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
@@ -97,6 +97,7 @@ struct tls13_handshake_action state_machine[] = {
 		.handshake_type = TLS13_MT_SERVER_HELLO,
 		.sender = TLS13_HS_SERVER,
 		.send = tls13_server_hello_send,
+		.sent = tls13_server_hello_sent,
 		.recv = tls13_server_hello_recv,
 	},
 	[SERVER_HELLO_RETRY] = {
author	jsing <jsing@openbsd.org>	2020-01-24 04:43:09 +0000
committer	jsing <jsing@openbsd.org>	2020-01-24 04:43:09 +0000
commit	be8ffa848e48af7cb9aae9d1e134f5bcd89137b4 (patch)
tree	10ec020d1003ab8a5cd267010a534632568b6cbb /lib/libssl/tls13_handshake.c
parent	Enable SSL_ENC_FLAG_SIGALGS on TLSv1_3_enc_data. (diff)
download	wireguard-openbsd-be8ffa848e48af7cb9aae9d1e134f5bcd89137b4.tar.xz wireguard-openbsd-be8ffa848e48af7cb9aae9d1e134f5bcd89137b4.zip