summaryrefslogtreecommitdiff
path: root/src/lib/libssl/tls13_lib.c
diff options
context:
space:
mode:
authorjsing <>2022-07-20 06:32:24 +0000
committerjsing <>2022-07-20 06:32:24 +0000
commitccb4f685d743447d79e76e1380f93ba28b5b8e1e (patch)
tree71c8f3c98cc3af4e296c929982738339c5534368 /src/lib/libssl/tls13_lib.c
parent65be960bd3c39cb5e24e7479f7f1dfd10d8c6f69 (diff)
downloadopenbsd-ccb4f685d743447d79e76e1380f93ba28b5b8e1e.tar.gz
openbsd-ccb4f685d743447d79e76e1380f93ba28b5b8e1e.tar.bz2
openbsd-ccb4f685d743447d79e76e1380f93ba28b5b8e1e.zip
Remove tls_buffer_set_data() and remove/revise callers.
There is no way that tls_buffer_set_data() can currently work in conjunction with tls_buffer_expand(). This fact is currently hidden by the way that PHH works, which reads the same data from the record layer (which it needs to do anyway, since we may not have all of the handshake message in a single record). Since this is broken, mop it up and change the PHH callback to not provide the record data. ok beck@ tb@
Diffstat (limited to 'src/lib/libssl/tls13_lib.c')
-rw-r--r--src/lib/libssl/tls13_lib.c17
1 files changed, 7 insertions, 10 deletions
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 8b28bf55a4..8d0e030b5a 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_lib.c,v 1.66 2022/07/20 06:20:44 jsing Exp $ */ 1/* $OpenBSD: tls13_lib.c,v 1.67 2022/07/20 06:32:24 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2019 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -338,11 +338,11 @@ tls13_phh_done_cb(void *cb_arg)
338} 338}
339 339
340static ssize_t 340static ssize_t
341tls13_phh_received_cb(void *cb_arg, CBS *cbs) 341tls13_phh_received_cb(void *cb_arg)
342{ 342{
343 ssize_t ret = TLS13_IO_FAILURE; 343 ssize_t ret = TLS13_IO_FAILURE;
344 struct tls13_ctx *ctx = cb_arg; 344 struct tls13_ctx *ctx = cb_arg;
345 CBS phh_cbs; 345 CBS cbs;
346 346
347 if (!tls13_phh_limit_check(ctx)) 347 if (!tls13_phh_limit_check(ctx))
348 return tls13_send_alert(ctx->rl, TLS13_ALERT_UNEXPECTED_MESSAGE); 348 return tls13_send_alert(ctx->rl, TLS13_ALERT_UNEXPECTED_MESSAGE);
@@ -351,19 +351,16 @@ tls13_phh_received_cb(void *cb_arg, CBS *cbs)
351 ((ctx->hs_msg = tls13_handshake_msg_new()) == NULL)) 351 ((ctx->hs_msg = tls13_handshake_msg_new()) == NULL))
352 return TLS13_IO_FAILURE; 352 return TLS13_IO_FAILURE;
353 353
354 if (!tls13_handshake_msg_set_buffer(ctx->hs_msg, cbs)) 354 if ((ret = tls13_handshake_msg_recv(ctx->hs_msg, ctx->rl)) !=
355 return TLS13_IO_FAILURE; 355 TLS13_IO_SUCCESS)
356
357 if ((ret = tls13_handshake_msg_recv(ctx->hs_msg, ctx->rl))
358 != TLS13_IO_SUCCESS)
359 return ret; 356 return ret;
360 357
361 if (!tls13_handshake_msg_content(ctx->hs_msg, &phh_cbs)) 358 if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs))
362 return TLS13_IO_FAILURE; 359 return TLS13_IO_FAILURE;
363 360
364 switch(tls13_handshake_msg_type(ctx->hs_msg)) { 361 switch(tls13_handshake_msg_type(ctx->hs_msg)) {
365 case TLS13_MT_KEY_UPDATE: 362 case TLS13_MT_KEY_UPDATE:
366 ret = tls13_key_update_recv(ctx, &phh_cbs); 363 ret = tls13_key_update_recv(ctx, &cbs);
367 break; 364 break;
368 case TLS13_MT_NEW_SESSION_TICKET: 365 case TLS13_MT_NEW_SESSION_TICKET:
369 /* XXX do nothing for now and ignore this */ 366 /* XXX do nothing for now and ignore this */