diff options
author | jsing <> | 2022-07-20 06:32:24 +0000 |
---|---|---|
committer | jsing <> | 2022-07-20 06:32:24 +0000 |
commit | ccb4f685d743447d79e76e1380f93ba28b5b8e1e (patch) | |
tree | 71c8f3c98cc3af4e296c929982738339c5534368 /src/lib/libssl/tls13_lib.c | |
parent | 65be960bd3c39cb5e24e7479f7f1dfd10d8c6f69 (diff) | |
download | openbsd-ccb4f685d743447d79e76e1380f93ba28b5b8e1e.tar.gz openbsd-ccb4f685d743447d79e76e1380f93ba28b5b8e1e.tar.bz2 openbsd-ccb4f685d743447d79e76e1380f93ba28b5b8e1e.zip |
Remove tls_buffer_set_data() and remove/revise callers.
There is no way that tls_buffer_set_data() can currently work in
conjunction with tls_buffer_expand(). This fact is currently hidden by the
way that PHH works, which reads the same data from the record layer (which
it needs to do anyway, since we may not have all of the handshake message
in a single record).
Since this is broken, mop it up and change the PHH callback to not provide
the record data.
ok beck@ tb@
Diffstat (limited to 'src/lib/libssl/tls13_lib.c')
-rw-r--r-- | src/lib/libssl/tls13_lib.c | 17 |
1 files changed, 7 insertions, 10 deletions
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c index 8b28bf55a4..8d0e030b5a 100644 --- a/src/lib/libssl/tls13_lib.c +++ b/src/lib/libssl/tls13_lib.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: tls13_lib.c,v 1.66 2022/07/20 06:20:44 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_lib.c,v 1.67 2022/07/20 06:32:24 jsing Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
4 | * Copyright (c) 2019 Bob Beck <beck@openbsd.org> | 4 | * Copyright (c) 2019 Bob Beck <beck@openbsd.org> |
@@ -338,11 +338,11 @@ tls13_phh_done_cb(void *cb_arg) | |||
338 | } | 338 | } |
339 | 339 | ||
340 | static ssize_t | 340 | static ssize_t |
341 | tls13_phh_received_cb(void *cb_arg, CBS *cbs) | 341 | tls13_phh_received_cb(void *cb_arg) |
342 | { | 342 | { |
343 | ssize_t ret = TLS13_IO_FAILURE; | 343 | ssize_t ret = TLS13_IO_FAILURE; |
344 | struct tls13_ctx *ctx = cb_arg; | 344 | struct tls13_ctx *ctx = cb_arg; |
345 | CBS phh_cbs; | 345 | CBS cbs; |
346 | 346 | ||
347 | if (!tls13_phh_limit_check(ctx)) | 347 | if (!tls13_phh_limit_check(ctx)) |
348 | return tls13_send_alert(ctx->rl, TLS13_ALERT_UNEXPECTED_MESSAGE); | 348 | return tls13_send_alert(ctx->rl, TLS13_ALERT_UNEXPECTED_MESSAGE); |
@@ -351,19 +351,16 @@ tls13_phh_received_cb(void *cb_arg, CBS *cbs) | |||
351 | ((ctx->hs_msg = tls13_handshake_msg_new()) == NULL)) | 351 | ((ctx->hs_msg = tls13_handshake_msg_new()) == NULL)) |
352 | return TLS13_IO_FAILURE; | 352 | return TLS13_IO_FAILURE; |
353 | 353 | ||
354 | if (!tls13_handshake_msg_set_buffer(ctx->hs_msg, cbs)) | 354 | if ((ret = tls13_handshake_msg_recv(ctx->hs_msg, ctx->rl)) != |
355 | return TLS13_IO_FAILURE; | 355 | TLS13_IO_SUCCESS) |
356 | |||
357 | if ((ret = tls13_handshake_msg_recv(ctx->hs_msg, ctx->rl)) | ||
358 | != TLS13_IO_SUCCESS) | ||
359 | return ret; | 356 | return ret; |
360 | 357 | ||
361 | if (!tls13_handshake_msg_content(ctx->hs_msg, &phh_cbs)) | 358 | if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs)) |
362 | return TLS13_IO_FAILURE; | 359 | return TLS13_IO_FAILURE; |
363 | 360 | ||
364 | switch(tls13_handshake_msg_type(ctx->hs_msg)) { | 361 | switch(tls13_handshake_msg_type(ctx->hs_msg)) { |
365 | case TLS13_MT_KEY_UPDATE: | 362 | case TLS13_MT_KEY_UPDATE: |
366 | ret = tls13_key_update_recv(ctx, &phh_cbs); | 363 | ret = tls13_key_update_recv(ctx, &cbs); |
367 | break; | 364 | break; |
368 | case TLS13_MT_NEW_SESSION_TICKET: | 365 | case TLS13_MT_NEW_SESSION_TICKET: |
369 | /* XXX do nothing for now and ignore this */ | 366 | /* XXX do nothing for now and ignore this */ |