diff options
| author | tb <> | 2020-05-10 17:13:30 +0000 |
|---|---|---|
| committer | tb <> | 2020-05-10 17:13:30 +0000 |
| commit | b8698e11d9883dab7da69566fc2cd28afaf199a8 (patch) | |
| tree | 9b324a09d611e1d490ffe26c5e54d2031501ff81 /src/lib/libssl/tls13_handshake.c | |
| parent | d8a73cb59ee68723f87063e50ae6037929f06a83 (diff) | |
| download | openbsd-b8698e11d9883dab7da69566fc2cd28afaf199a8.tar.gz openbsd-b8698e11d9883dab7da69566fc2cd28afaf199a8.tar.bz2 openbsd-b8698e11d9883dab7da69566fc2cd28afaf199a8.zip | |
Send dummy ChangeCipherSpec messages from the TLSv1.3 server
If the client has requested middle box compatibility mode by sending
a non-empty legacy_session_id, the server must send a dummy CCS right
after its first handshake message. This means right after ServerHello
or HelloRetryRequest.
Two important improvements over the backed-out diffr: make sure that
First: client and server can send their dummy CCS at the correct moment
(right before the next flight or right after the current flight).
Second: as jsing noted, we also need to deal with the corner case that
tls13_send_dummy_ccs() can return TLS13_IO_WANT_POLLOUT.
with/ok jsing
Diffstat (limited to 'src/lib/libssl/tls13_handshake.c')
| -rw-r--r-- | src/lib/libssl/tls13_handshake.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c index a09659bffc..11fc1db9f9 100644 --- a/src/lib/libssl/tls13_handshake.c +++ b/src/lib/libssl/tls13_handshake.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_handshake.c,v 1.61 2020/05/10 16:56:11 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_handshake.c,v 1.62 2020/05/10 17:13:29 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org> | 3 | * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org> |
| 4 | * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> | 4 | * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> |
| @@ -102,6 +102,7 @@ static const struct tls13_handshake_action state_machine[] = { | |||
| 102 | .sender = TLS13_HS_SERVER, | 102 | .sender = TLS13_HS_SERVER, |
| 103 | .send = tls13_server_hello_retry_request_send, | 103 | .send = tls13_server_hello_retry_request_send, |
| 104 | .recv = tls13_server_hello_retry_request_recv, | 104 | .recv = tls13_server_hello_retry_request_recv, |
| 105 | .sent = tls13_server_hello_retry_request_sent, | ||
| 105 | }, | 106 | }, |
| 106 | [SERVER_ENCRYPTED_EXTENSIONS] = { | 107 | [SERVER_ENCRYPTED_EXTENSIONS] = { |
| 107 | .handshake_type = TLS13_MT_ENCRYPTED_EXTENSIONS, | 108 | .handshake_type = TLS13_MT_ENCRYPTED_EXTENSIONS, |
| @@ -391,6 +392,10 @@ tls13_handshake_send_action(struct tls13_ctx *ctx, | |||
| 391 | if ((ret = tls13_send_dummy_ccs(ctx->rl)) != TLS13_IO_SUCCESS) | 392 | if ((ret = tls13_send_dummy_ccs(ctx->rl)) != TLS13_IO_SUCCESS) |
| 392 | return ret; | 393 | return ret; |
| 393 | ctx->send_dummy_ccs = 0; | 394 | ctx->send_dummy_ccs = 0; |
| 395 | if (ctx->send_dummy_ccs_after) { | ||
| 396 | ctx->send_dummy_ccs_after = 0; | ||
| 397 | return TLS13_IO_SUCCESS; | ||
| 398 | } | ||
| 394 | } | 399 | } |
| 395 | 400 | ||
| 396 | /* If we have no handshake message, we need to build one. */ | 401 | /* If we have no handshake message, we need to build one. */ |
| @@ -428,6 +433,14 @@ tls13_handshake_send_action(struct tls13_ctx *ctx, | |||
| 428 | if (action->sent != NULL && !action->sent(ctx)) | 433 | if (action->sent != NULL && !action->sent(ctx)) |
| 429 | return TLS13_IO_FAILURE; | 434 | return TLS13_IO_FAILURE; |
| 430 | 435 | ||
| 436 | if (ctx->send_dummy_ccs_after) { | ||
| 437 | ctx->send_dummy_ccs = 1; | ||
| 438 | if ((ret = tls13_send_dummy_ccs(ctx->rl)) != TLS13_IO_SUCCESS) | ||
| 439 | return ret; | ||
| 440 | ctx->send_dummy_ccs = 0; | ||
| 441 | ctx->send_dummy_ccs_after = 0; | ||
| 442 | } | ||
| 443 | |||
| 431 | return TLS13_IO_SUCCESS; | 444 | return TLS13_IO_SUCCESS; |
| 432 | } | 445 | } |
| 433 | 446 | ||