summaryrefslogtreecommitdiff
path: root/src/lib/libssl/tls13_handshake.c
diff options
context:
space:
mode:
authorjsing <>2019-02-25 16:46:17 +0000
committerjsing <>2019-02-25 16:46:17 +0000
commit395120b4a264fb5eaadb4e8296f4d6bec2216b6b (patch)
treecebaae5d5b5ab740d82c2b521bc74611d3160eb0 /src/lib/libssl/tls13_handshake.c
parent320d76ea5cdfa7ca71accff1e8bbc5ee3bf1ac34 (diff)
downloadopenbsd-395120b4a264fb5eaadb4e8296f4d6bec2216b6b.tar.gz
openbsd-395120b4a264fb5eaadb4e8296f4d6bec2216b6b.tar.bz2
openbsd-395120b4a264fb5eaadb4e8296f4d6bec2216b6b.zip
Add a handshake action sent handler and use it for client finished.
The write traffic key needs to be changed to the client application traffic key after the client finished message has been sent. The send handler generates the client finished message, however we cannot switch keys at this stage since the client finished message has not yet been protected by the record layer. ok tb@
Diffstat (limited to 'src/lib/libssl/tls13_handshake.c')
-rw-r--r--src/lib/libssl/tls13_handshake.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c
index aeb490f350..598a7c1666 100644
--- a/src/lib/libssl/tls13_handshake.c
+++ b/src/lib/libssl/tls13_handshake.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_handshake.c,v 1.28 2019/02/14 18:06:35 jsing Exp $ */ 1/* $OpenBSD: tls13_handshake.c,v 1.29 2019/02/25 16:46:17 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org> 3 * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org>
4 * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> 4 * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
@@ -36,6 +36,7 @@ struct tls13_handshake_action {
36 uint8_t preserve_transcript_hash; 36 uint8_t preserve_transcript_hash;
37 37
38 int (*send)(struct tls13_ctx *ctx); 38 int (*send)(struct tls13_ctx *ctx);
39 int (*sent)(struct tls13_ctx *ctx);
39 int (*recv)(struct tls13_ctx *ctx); 40 int (*recv)(struct tls13_ctx *ctx);
40}; 41};
41 42
@@ -93,6 +94,7 @@ struct tls13_handshake_action state_machine[] = {
93 .handshake_type = TLS13_MT_FINISHED, 94 .handshake_type = TLS13_MT_FINISHED,
94 .sender = TLS13_HS_CLIENT, 95 .sender = TLS13_HS_CLIENT,
95 .send = tls13_client_finished_send, 96 .send = tls13_client_finished_send,
97 .sent = tls13_client_finished_sent,
96 .recv = tls13_client_finished_recv, 98 .recv = tls13_client_finished_recv,
97 }, 99 },
98 [CLIENT_KEY_UPDATE] = { 100 [CLIENT_KEY_UPDATE] = {
@@ -347,6 +349,9 @@ tls13_handshake_send_action(struct tls13_ctx *ctx,
347 tls13_handshake_msg_free(ctx->hs_msg); 349 tls13_handshake_msg_free(ctx->hs_msg);
348 ctx->hs_msg = NULL; 350 ctx->hs_msg = NULL;
349 351
352 if (action->sent != NULL && !action->sent(ctx))
353 return TLS13_IO_FAILURE;
354
350 return TLS13_IO_SUCCESS; 355 return TLS13_IO_SUCCESS;
351} 356}
352 357
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-15 23:04:07 +0000