Correct legacy fallback for TLSv1.3 client.

When falling back to the legacy TLS client, in the case where a server has sent a TLS record that contains more than one handshake message, we also need to stash the unprocessed record data for later processing. Otherwise we end up with missing handshake data. ok beck@ tb@
author: jsing <> 2020-01-21 12:08:04 +0000
committer: jsing <> 2020-01-21 12:08:04 +0000
commit: 6e568c664abbc564bc3a97d549d37155632d79a5 (patch)
tree: ddf5742f7e036ce4aa194b92e0b226d1ae3f9564 /src/lib/libssl/tls13_client.c
parent: 59792af6ba04f21a2d45c97fccc72ac33f22cc48 (diff)
download: openbsd-6e568c664abbc564bc3a97d549d37155632d79a5.tar.gz
openbsd-6e568c664abbc564bc3a97d549d37155632d79a5.tar.bz2
openbsd-6e568c664abbc564bc3a97d549d37155632d79a5.zip
1 files changed, 21 insertions, 7 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index b842cbd39c..4ec29ea956 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.21 2020/01/21 03:40:05 beck Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.22 2020/01/21 12:08:04 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -115,14 +115,28 @@ tls13_use_legacy_client(struct tls13_ctx *ctx)
        if (s->bbio != s->wbio)
                s->wbio = BIO_push(s->bbio, s->wbio);
-        if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs))
+        /* Stash any unprocessed data from the last record. */
-                goto err;
+        tls13_record_layer_rbuf(ctx->rl, &cbs);
+        if (CBS_len(&cbs) > 0) {
+                if (!CBS_write_bytes(&cbs,
+                    S3I(s)->rbuf.buf + SSL3_RT_HEADER_LENGTH,
+                    S3I(s)->rbuf.len - SSL3_RT_HEADER_LENGTH, NULL))
+                        goto err;
-        if (!BUF_MEM_grow_clean(s->internal->init_buf, CBS_len(&cbs) + 4))
+                S3I(s)->rbuf.offset = SSL3_RT_HEADER_LENGTH;
-                goto err;
+                S3I(s)->rbuf.left = CBS_len(&cbs);
+                S3I(s)->rrec.type = SSL3_RT_HANDSHAKE;
+                S3I(s)->rrec.length = CBS_len(&cbs);
+                s->internal->rstate = SSL_ST_READ_BODY;
+                s->internal->packet = S3I(s)->rbuf.buf;
+                s->internal->packet_length = SSL3_RT_HEADER_LENGTH;
+                s->internal->mac_packet = 1;
+        }
-        if (!CBS_write_bytes(&cbs, s->internal->init_buf->data + 4,
+        /* Stash the current handshake message. */
-            s->internal->init_buf->length - 4, NULL))
+        tls13_handshake_msg_data(ctx->hs_msg, &cbs);
+        if (!CBS_write_bytes(&cbs, s->internal->init_buf->data,
+            s->internal->init_buf->length, NULL))
                goto err;
        S3I(s)->tmp.reuse_message = 1;
author	jsing <>	2020-01-21 12:08:04 +0000
committer	jsing <>	2020-01-21 12:08:04 +0000
commit	6e568c664abbc564bc3a97d549d37155632d79a5 (patch)
tree	ddf5742f7e036ce4aa194b92e0b226d1ae3f9564 /src/lib/libssl/tls13_client.c
parent	59792af6ba04f21a2d45c97fccc72ac33f22cc48 (diff)
download	openbsd-6e568c664abbc564bc3a97d549d37155632d79a5.tar.gz openbsd-6e568c664abbc564bc3a97d549d37155632d79a5.tar.bz2 openbsd-6e568c664abbc564bc3a97d549d37155632d79a5.zip