diff options
| author |   tb <tb@openbsd.org> | 2020-05-10 17:13:29 +0000 |
|---|---|---|
| committer | tb <tb@openbsd.org> | 2020-05-10 17:13:29 +0000 |
| commit | e0a52b2d4fbf69cfff99e467cc65aed6d347f53e (patch) | |
| tree | fbf9e96537abb7010bf49b2e5c04539f86106c38 /lib/libssl/tls13_handshake.c | |
| parent | Honour SSL_VERIFY_FAIL_IF_NO_PEER_CERT in the TLSv1.3 server. (diff) | |
| download | wireguard-openbsd-e0a52b2d4fbf69cfff99e467cc65aed6d347f53e.tar.xz wireguard-openbsd-e0a52b2d4fbf69cfff99e467cc65aed6d347f53e.zip | |
Send dummy ChangeCipherSpec messages from the TLSv1.3 server
If the client has requested middle box compatibility mode by sending
a non-empty legacy_session_id, the server must send a dummy CCS right
after its first handshake message. This means right after ServerHello
or HelloRetryRequest.
Two important improvements over the backed-out diffr: make sure that
First: client and server can send their dummy CCS at the correct moment
(right before the next flight or right after the current flight).
Second: as jsing noted, we also need to deal with the corner case that
tls13_send_dummy_ccs() can return TLS13_IO_WANT_POLLOUT.
with/ok jsing
Diffstat (limited to 'lib/libssl/tls13_handshake.c')
| -rw-r--r-- | lib/libssl/tls13_handshake.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/lib/libssl/tls13_handshake.c b/lib/libssl/tls13_handshake.c index a09659bffcd..11fc1db9f9c 100644 --- a/lib/libssl/tls13_handshake.c +++ b/lib/libssl/tls13_handshake.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_handshake.c,v 1.61 2020/05/10 16:56:11 jsing Exp $ */ +/* $OpenBSD: tls13_handshake.c,v 1.62 2020/05/10 17:13:29 tb Exp $ */ /* * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org> * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> @@ -102,6 +102,7 @@ static const struct tls13_handshake_action state_machine[] = { .sender = TLS13_HS_SERVER, .send = tls13_server_hello_retry_request_send, .recv = tls13_server_hello_retry_request_recv, + .sent = tls13_server_hello_retry_request_sent, }, [SERVER_ENCRYPTED_EXTENSIONS] = { .handshake_type = TLS13_MT_ENCRYPTED_EXTENSIONS, @@ -391,6 +392,10 @@ tls13_handshake_send_action(struct tls13_ctx *ctx, if ((ret = tls13_send_dummy_ccs(ctx->rl)) != TLS13_IO_SUCCESS) return ret; ctx->send_dummy_ccs = 0; + if (ctx->send_dummy_ccs_after) { + ctx->send_dummy_ccs_after = 0; + return TLS13_IO_SUCCESS; + } } /* If we have no handshake message, we need to build one. */ @@ -428,6 +433,14 @@ tls13_handshake_send_action(struct tls13_ctx *ctx, if (action->sent != NULL && !action->sent(ctx)) return TLS13_IO_FAILURE; + if (ctx->send_dummy_ccs_after) { + ctx->send_dummy_ccs = 1; + if ((ret = tls13_send_dummy_ccs(ctx->rl)) != TLS13_IO_SUCCESS) + return ret; + ctx->send_dummy_ccs = 0; + ctx->send_dummy_ccs_after = 0; + } + return TLS13_IO_SUCCESS; } |