diff options
| author |   jsing <jsing@openbsd.org> | 2020-05-09 15:47:11 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2020-05-09 15:47:11 +0000 |
| commit | ef59065f34c38d262514ca2af0d95c4bf1996e48 (patch) | |
| tree | 95c60de481c01a6220d98d8ab4ab4a53a945dc8c /lib/libssl/tls13_record_layer.c | |
| parent | Correct return value check to handle TLS13_IO_EOF case. (diff) | |
| download | wireguard-openbsd-ef59065f34c38d262514ca2af0d95c4bf1996e48.tar.xz wireguard-openbsd-ef59065f34c38d262514ca2af0d95c4bf1996e48.zip | |
Send dummy ChangeCipherSpec messages from the TLSv1.3 client.
When operating in middlebox compatibility mode, the TLSv1.3 client needs
to send a dummy ChangeCipherSpec message immediately before its second
flight of handshake messages (when early data is not offered).
ok tb@
Diffstat (limited to 'lib/libssl/tls13_record_layer.c')
| -rw-r--r-- | lib/libssl/tls13_record_layer.c | 33 |
1 files changed, 30 insertions, 3 deletions
diff --git a/lib/libssl/tls13_record_layer.c b/lib/libssl/tls13_record_layer.c index 6b9be4028cc..ce6327b6941 100644 --- a/lib/libssl/tls13_record_layer.c +++ b/lib/libssl/tls13_record_layer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_record_layer.c,v 1.35 2020/05/09 15:39:18 jsing Exp $ */ +/* $OpenBSD: tls13_record_layer.c,v 1.36 2020/05/09 15:47:11 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * @@ -30,6 +30,7 @@ struct tls13_record_layer { int ccs_allowed; int ccs_seen; + int ccs_sent; int handshake_completed; int legacy_alerts_allowed; int phh; @@ -603,7 +604,14 @@ tls13_record_layer_seal_record_plaintext(struct tls13_record_layer *rl, size_t data_len = 0; CBB cbb, body; - if (rl->aead != NULL) + /* + * Allow dummy CCS messages to be sent in plaintext even when + * record protection has been engaged, as long as the handshake + * has not yet completed. + */ + if (rl->handshake_completed) + return 0; + if (rl->aead != NULL && content_type != SSL3_RT_CHANGE_CIPHER_SPEC) return 0; /* @@ -752,7 +760,7 @@ tls13_record_layer_seal_record(struct tls13_record_layer *rl, if ((rl->wrec = tls13_record_new()) == NULL) return 0; - if (rl->aead == NULL) + if (rl->aead == NULL || content_type == SSL3_RT_CHANGE_CIPHER_SPEC) return tls13_record_layer_seal_record_plaintext(rl, content_type, content, content_len); @@ -1071,6 +1079,25 @@ tls13_record_layer_write(struct tls13_record_layer *rl, uint8_t content_type, return ret; } +static const uint8_t tls13_dummy_ccs[] = { 0x01 }; + +ssize_t +tls13_send_dummy_ccs(struct tls13_record_layer *rl) +{ + ssize_t ret; + + if (rl->ccs_sent) + return TLS13_IO_FAILURE; + + if ((ret = tls13_record_layer_write(rl, SSL3_RT_CHANGE_CIPHER_SPEC, + tls13_dummy_ccs, sizeof(tls13_dummy_ccs))) <= 0) + return ret; + + rl->ccs_sent = 1; + + return TLS13_IO_SUCCESS; +} + ssize_t tls13_read_handshake_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n) { |