diff options
| author | jsing <> | 2022-07-20 06:20:44 +0000 |
|---|---|---|
| committer | jsing <> | 2022-07-20 06:20:44 +0000 |
| commit | 65be960bd3c39cb5e24e7479f7f1dfd10d8c6f69 (patch) | |
| tree | 3ca129217da5fd1ad16dcc2b7a44096fbff7659c | |
| parent | 3a70441f87ce449a93c77659ad4ccc0222fded85 (diff) | |
| download | openbsd-65be960bd3c39cb5e24e7479f7f1dfd10d8c6f69.tar.gz openbsd-65be960bd3c39cb5e24e7479f7f1dfd10d8c6f69.tar.bz2 openbsd-65be960bd3c39cb5e24e7479f7f1dfd10d8c6f69.zip | |
Correct server-side handling of TLSv1.3 key updates.
The existing code updates the correct secret, however then sets it for the
wrong direction. Fix this, while untangling the code and consistenly using
'read' and 'write' rather than 'local' and 'peer'.
ok beck@ tb@
| -rw-r--r-- | src/lib/libssl/tls13_lib.c | 50 |
1 files changed, 30 insertions, 20 deletions
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c index 6522c104d6..8b28bf55a4 100644 --- a/src/lib/libssl/tls13_lib.c +++ b/src/lib/libssl/tls13_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_lib.c,v 1.65 2022/07/17 15:51:06 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_lib.c,v 1.66 2022/07/20 06:20:44 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2019 Bob Beck <beck@openbsd.org> | 4 | * Copyright (c) 2019 Bob Beck <beck@openbsd.org> |
| @@ -215,31 +215,41 @@ tls13_legacy_ocsp_status_recv_cb(void *arg) | |||
| 215 | } | 215 | } |
| 216 | 216 | ||
| 217 | static int | 217 | static int |
| 218 | tls13_phh_update_local_traffic_secret(struct tls13_ctx *ctx) | 218 | tls13_phh_update_read_traffic_secret(struct tls13_ctx *ctx) |
| 219 | { | 219 | { |
| 220 | struct tls13_secrets *secrets = ctx->hs->tls13.secrets; | 220 | struct tls13_secrets *secrets = ctx->hs->tls13.secrets; |
| 221 | struct tls13_secret *secret; | ||
| 221 | 222 | ||
| 222 | if (ctx->mode == TLS13_HS_CLIENT) | 223 | if (ctx->mode == TLS13_HS_CLIENT) { |
| 223 | return (tls13_update_client_traffic_secret(secrets) && | 224 | secret = &secrets->server_application_traffic; |
| 224 | tls13_record_layer_set_write_traffic_key(ctx->rl, | 225 | if (!tls13_update_server_traffic_secret(secrets)) |
| 225 | &secrets->client_application_traffic)); | 226 | return 0; |
| 226 | return (tls13_update_server_traffic_secret(secrets) && | 227 | } else { |
| 227 | tls13_record_layer_set_read_traffic_key(ctx->rl, | 228 | secret = &secrets->client_application_traffic; |
| 228 | &secrets->server_application_traffic)); | 229 | if (!tls13_update_client_traffic_secret(secrets)) |
| 230 | return 0; | ||
| 231 | } | ||
| 232 | |||
| 233 | return tls13_record_layer_set_read_traffic_key(ctx->rl, secret); | ||
| 229 | } | 234 | } |
| 230 | 235 | ||
| 231 | static int | 236 | static int |
| 232 | tls13_phh_update_peer_traffic_secret(struct tls13_ctx *ctx) | 237 | tls13_phh_update_write_traffic_secret(struct tls13_ctx *ctx) |
| 233 | { | 238 | { |
| 234 | struct tls13_secrets *secrets = ctx->hs->tls13.secrets; | 239 | struct tls13_secrets *secrets = ctx->hs->tls13.secrets; |
| 240 | struct tls13_secret *secret; | ||
| 241 | |||
| 242 | if (ctx->mode == TLS13_HS_CLIENT) { | ||
| 243 | secret = &secrets->client_application_traffic; | ||
| 244 | if (!tls13_update_client_traffic_secret(secrets)) | ||
| 245 | return 0; | ||
| 246 | } else { | ||
| 247 | secret = &secrets->server_application_traffic; | ||
| 248 | if (!tls13_update_server_traffic_secret(secrets)) | ||
| 249 | return 0; | ||
| 250 | } | ||
| 235 | 251 | ||
| 236 | if (ctx->mode == TLS13_HS_CLIENT) | 252 | return tls13_record_layer_set_write_traffic_key(ctx->rl, secret); |
| 237 | return (tls13_update_server_traffic_secret(secrets) && | ||
| 238 | tls13_record_layer_set_read_traffic_key(ctx->rl, | ||
| 239 | &secrets->server_application_traffic)); | ||
| 240 | return (tls13_update_client_traffic_secret(secrets) && | ||
| 241 | tls13_record_layer_set_write_traffic_key(ctx->rl, | ||
| 242 | &secrets->client_application_traffic)); | ||
| 243 | } | 253 | } |
| 244 | 254 | ||
| 245 | /* | 255 | /* |
| @@ -285,13 +295,13 @@ tls13_key_update_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
| 285 | goto err; | 295 | goto err; |
| 286 | } | 296 | } |
| 287 | 297 | ||
| 288 | if (!tls13_phh_update_peer_traffic_secret(ctx)) | 298 | if (!tls13_phh_update_read_traffic_secret(ctx)) |
| 289 | goto err; | 299 | goto err; |
| 290 | 300 | ||
| 291 | if (key_update_request == 0) | 301 | if (key_update_request == 0) |
| 292 | return TLS13_IO_SUCCESS; | 302 | return TLS13_IO_SUCCESS; |
| 293 | 303 | ||
| 294 | /* key_update_request == 1 */ | 304 | /* Our peer requested that we update our write traffic keys. */ |
| 295 | if ((hs_msg = tls13_handshake_msg_new()) == NULL) | 305 | if ((hs_msg = tls13_handshake_msg_new()) == NULL) |
| 296 | goto err; | 306 | goto err; |
| 297 | if (!tls13_handshake_msg_start(hs_msg, &cbb_hs, TLS13_MT_KEY_UPDATE)) | 307 | if (!tls13_handshake_msg_start(hs_msg, &cbb_hs, TLS13_MT_KEY_UPDATE)) |
| @@ -322,7 +332,7 @@ tls13_phh_done_cb(void *cb_arg) | |||
| 322 | struct tls13_ctx *ctx = cb_arg; | 332 | struct tls13_ctx *ctx = cb_arg; |
| 323 | 333 | ||
| 324 | if (ctx->key_update_request) { | 334 | if (ctx->key_update_request) { |
| 325 | tls13_phh_update_local_traffic_secret(ctx); | 335 | tls13_phh_update_write_traffic_secret(ctx); |
| 326 | ctx->key_update_request = 0; | 336 | ctx->key_update_request = 0; |
| 327 | } | 337 | } |
| 328 | } | 338 | } |