After the ClientHello has been sent or received and before the peer's

Finished message has been received, a change cipher spec may be received and must be ignored. Add a flag to the record layer struct and set it at the appropriate moments during the handshake so that we will ignore it. ok jsing
author: tb <> 2020-01-22 05:06:23 +0000
committer: tb <> 2020-01-22 05:06:23 +0000
commit: 0cbc880fa36f08c10caa253c5b025333c684fa2f (patch)
tree: f5dc757ef7c1ccce03be8af3c9c22f746cace496
parent: aa63e39fdcbb655a32b0cd7bf602f7f051f03e52 (diff)
download: openbsd-0cbc880fa36f08c10caa253c5b025333c684fa2f.tar.gz
openbsd-0cbc880fa36f08c10caa253c5b025333c684fa2f.tar.bz2
openbsd-0cbc880fa36f08c10caa253c5b025333c684fa2f.zip
4 files changed, 22 insertions, 8 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index ef4c3de75f..b42167a58a 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.25 2020/01/22 03:20:09 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.26 2020/01/22 05:06:23 tb Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -223,6 +223,7 @@ int
 tls13_client_hello_sent(struct tls13_ctx *ctx)
 {
        tls13_record_layer_set_legacy_version(ctx->rl, TLS1_2_VERSION);
+        tls13_record_layer_allow_ccs(ctx->rl, 1);
        return 1;
 }
@@ -750,6 +751,8 @@ tls13_server_finished_recv(struct tls13_ctx *ctx)
            &secrets->server_application_traffic))
                goto err;
+        tls13_record_layer_allow_ccs(ctx->rl, 0);
        ret = 1;
 err:
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index 1eb05b7100..fc1d6c1889 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.42 2020/01/22 02:39:45 tb Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.43 2020/01/22 05:06:23 tb Exp $ */
 /*
 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -117,6 +117,7 @@ struct tls13_record_layer *tls13_record_layer_new(tls13_read_cb wire_read,
    tls13_phh_recv_cb phh_recv_cb,
    tls13_phh_sent_cb phh_sent_cb, void *cb_arg);
 void tls13_record_layer_free(struct tls13_record_layer *rl);
+void tls13_record_layer_allow_ccs(struct tls13_record_layer *rl, int allow);
 void tls13_record_layer_rbuf(struct tls13_record_layer *rl, CBS *cbs);
 void tls13_record_layer_set_aead(struct tls13_record_layer *rl,
    const EVP_AEAD *aead);
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c
index 600990a878..ef558d52df 100644
--- a/src/lib/libssl/tls13_record_layer.c
+++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_record_layer.c,v 1.20 2020/01/22 02:39:45 tb Exp $ */
+/* $OpenBSD: tls13_record_layer.c,v 1.21 2020/01/22 05:06:23 tb Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -29,7 +29,8 @@ static ssize_t tls13_record_layer_write_record(struct tls13_record_layer *rl,
 struct tls13_record_layer {
        uint16_t legacy_version;
-        int change_cipher_spec_seen;
+        int ccs_allowed;
+        int ccs_seen;
        int handshake_completed;
        int phh;
@@ -200,6 +201,12 @@ tls13_record_layer_update_nonce(struct tls13_secret *nonce,
 }
 void
+tls13_record_layer_allow_ccs(struct tls13_record_layer *rl, int allow)
+{
+        rl->ccs_allowed = allow;
+}
+void
 tls13_record_layer_set_aead(struct tls13_record_layer *rl,
    const EVP_AEAD *aead)
 {
@@ -756,8 +763,7 @@ tls13_record_layer_read_record(struct tls13_record_layer *rl)
         * ignored.
         */
        if (content_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
-                /* XXX - need to check after ClientHello, before Finished. */
+                if (!rl->ccs_allowed || rl->ccs_seen)
-                if (rl->handshake_completed || rl->change_cipher_spec_seen)
                        return tls13_send_alert(rl, SSL_AD_UNEXPECTED_MESSAGE);
                if (!tls13_record_content(rl->rrec, &cbs))
                        return tls13_send_alert(rl, TLS1_AD_DECODE_ERROR);
@@ -765,7 +771,7 @@ tls13_record_layer_read_record(struct tls13_record_layer *rl)
                        return tls13_send_alert(rl, TLS1_AD_DECODE_ERROR);
                if (ccs != 1)
                        return tls13_send_alert(rl, SSL_AD_ILLEGAL_PARAMETER);
-                rl->change_cipher_spec_seen = 1;
+                rl->ccs_seen = 1;
                tls13_record_layer_rrec_free(rl);
                return TLS13_IO_WANT_POLLIN;
        }
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 10d85a62b3..fc3e80ad58 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.4 2020/01/22 02:21:05 beck Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.5 2020/01/22 05:06:23 tb Exp $ */
 /*
 * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -81,6 +81,8 @@ tls13_legacy_accept(SSL *ssl)
 int
 tls13_client_hello_recv(struct tls13_ctx *ctx)
 {
+        tls13_record_layer_allow_ccs(ctx->rl, 1);
        return 0;
 }
@@ -135,6 +137,8 @@ tls13_client_certificate_verify_recv(struct tls13_ctx *ctx)
 int
 tls13_client_finished_recv(struct tls13_ctx *ctx)
 {
+        tls13_record_layer_allow_ccs(ctx->rl, 0);
        return 0;
 }
author	tb <>	2020-01-22 05:06:23 +0000
committer	tb <>	2020-01-22 05:06:23 +0000
commit	0cbc880fa36f08c10caa253c5b025333c684fa2f (patch)
tree	f5dc757ef7c1ccce03be8af3c9c22f746cace496
parent	aa63e39fdcbb655a32b0cd7bf602f7f051f03e52 (diff)
download	openbsd-0cbc880fa36f08c10caa253c5b025333c684fa2f.tar.gz openbsd-0cbc880fa36f08c10caa253c5b025333c684fa2f.tar.bz2 openbsd-0cbc880fa36f08c10caa253c5b025333c684fa2f.zip