diff options
| author |   tb <tb@openbsd.org> | 2020-01-22 05:06:23 +0000 |
|---|---|---|
| committer | tb <tb@openbsd.org> | 2020-01-22 05:06:23 +0000 |
| commit | 138e3c44917861170a76677532999de39025dd0c (patch) | |
| tree | 3ae103bcaed44ad139c7ab878bdabf167f8e3467 /lib/libssl/tls13_record_layer.c | |
| parent | rm rtfps driver. disabled and man page doesn't inspire much confidence. (diff) | |
| download | wireguard-openbsd-138e3c44917861170a76677532999de39025dd0c.tar.xz wireguard-openbsd-138e3c44917861170a76677532999de39025dd0c.zip | |
After the ClientHello has been sent or received and before the peer's
Finished message has been received, a change cipher spec may be received
and must be ignored. Add a flag to the record layer struct and set it at
the appropriate moments during the handshake so that we will ignore it.
ok jsing
Diffstat (limited to 'lib/libssl/tls13_record_layer.c')
| -rw-r--r-- | lib/libssl/tls13_record_layer.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/lib/libssl/tls13_record_layer.c b/lib/libssl/tls13_record_layer.c index 600990a878a..ef558d52df6 100644 --- a/lib/libssl/tls13_record_layer.c +++ b/lib/libssl/tls13_record_layer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_record_layer.c,v 1.20 2020/01/22 02:39:45 tb Exp $ */ +/* $OpenBSD: tls13_record_layer.c,v 1.21 2020/01/22 05:06:23 tb Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * @@ -29,7 +29,8 @@ static ssize_t tls13_record_layer_write_record(struct tls13_record_layer *rl, struct tls13_record_layer { uint16_t legacy_version; - int change_cipher_spec_seen; + int ccs_allowed; + int ccs_seen; int handshake_completed; int phh; @@ -200,6 +201,12 @@ tls13_record_layer_update_nonce(struct tls13_secret *nonce, } void +tls13_record_layer_allow_ccs(struct tls13_record_layer *rl, int allow) +{ + rl->ccs_allowed = allow; +} + +void tls13_record_layer_set_aead(struct tls13_record_layer *rl, const EVP_AEAD *aead) { @@ -756,8 +763,7 @@ tls13_record_layer_read_record(struct tls13_record_layer *rl) * ignored. */ if (content_type == SSL3_RT_CHANGE_CIPHER_SPEC) { - /* XXX - need to check after ClientHello, before Finished. */ - if (rl->handshake_completed || rl->change_cipher_spec_seen) + if (!rl->ccs_allowed || rl->ccs_seen) return tls13_send_alert(rl, SSL_AD_UNEXPECTED_MESSAGE); if (!tls13_record_content(rl->rrec, &cbs)) return tls13_send_alert(rl, TLS1_AD_DECODE_ERROR); @@ -765,7 +771,7 @@ tls13_record_layer_read_record(struct tls13_record_layer *rl) return tls13_send_alert(rl, TLS1_AD_DECODE_ERROR); if (ccs != 1) return tls13_send_alert(rl, SSL_AD_ILLEGAL_PARAMETER); - rl->change_cipher_spec_seen = 1; + rl->ccs_seen = 1; tls13_record_layer_rrec_free(rl); return TLS13_IO_WANT_POLLIN; } |