diff options
| author | tb <> | 2020-01-22 05:06:23 +0000 |
|---|---|---|
| committer | tb <> | 2020-01-22 05:06:23 +0000 |
| commit | 0cbc880fa36f08c10caa253c5b025333c684fa2f (patch) | |
| tree | f5dc757ef7c1ccce03be8af3c9c22f746cace496 /src/lib/libssl/tls13_record_layer.c | |
| parent | aa63e39fdcbb655a32b0cd7bf602f7f051f03e52 (diff) | |
| download | openbsd-0cbc880fa36f08c10caa253c5b025333c684fa2f.tar.gz openbsd-0cbc880fa36f08c10caa253c5b025333c684fa2f.tar.bz2 openbsd-0cbc880fa36f08c10caa253c5b025333c684fa2f.zip | |
After the ClientHello has been sent or received and before the peer's
Finished message has been received, a change cipher spec may be received
and must be ignored. Add a flag to the record layer struct and set it at
the appropriate moments during the handshake so that we will ignore it.
ok jsing
Diffstat (limited to 'src/lib/libssl/tls13_record_layer.c')
| -rw-r--r-- | src/lib/libssl/tls13_record_layer.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c index 600990a878..ef558d52df 100644 --- a/src/lib/libssl/tls13_record_layer.c +++ b/src/lib/libssl/tls13_record_layer.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_record_layer.c,v 1.20 2020/01/22 02:39:45 tb Exp $ */ | 1 | /* $OpenBSD: tls13_record_layer.c,v 1.21 2020/01/22 05:06:23 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -29,7 +29,8 @@ static ssize_t tls13_record_layer_write_record(struct tls13_record_layer *rl, | |||
| 29 | 29 | ||
| 30 | struct tls13_record_layer { | 30 | struct tls13_record_layer { |
| 31 | uint16_t legacy_version; | 31 | uint16_t legacy_version; |
| 32 | int change_cipher_spec_seen; | 32 | int ccs_allowed; |
| 33 | int ccs_seen; | ||
| 33 | int handshake_completed; | 34 | int handshake_completed; |
| 34 | int phh; | 35 | int phh; |
| 35 | 36 | ||
| @@ -200,6 +201,12 @@ tls13_record_layer_update_nonce(struct tls13_secret *nonce, | |||
| 200 | } | 201 | } |
| 201 | 202 | ||
| 202 | void | 203 | void |
| 204 | tls13_record_layer_allow_ccs(struct tls13_record_layer *rl, int allow) | ||
| 205 | { | ||
| 206 | rl->ccs_allowed = allow; | ||
| 207 | } | ||
| 208 | |||
| 209 | void | ||
| 203 | tls13_record_layer_set_aead(struct tls13_record_layer *rl, | 210 | tls13_record_layer_set_aead(struct tls13_record_layer *rl, |
| 204 | const EVP_AEAD *aead) | 211 | const EVP_AEAD *aead) |
| 205 | { | 212 | { |
| @@ -756,8 +763,7 @@ tls13_record_layer_read_record(struct tls13_record_layer *rl) | |||
| 756 | * ignored. | 763 | * ignored. |
| 757 | */ | 764 | */ |
| 758 | if (content_type == SSL3_RT_CHANGE_CIPHER_SPEC) { | 765 | if (content_type == SSL3_RT_CHANGE_CIPHER_SPEC) { |
| 759 | /* XXX - need to check after ClientHello, before Finished. */ | 766 | if (!rl->ccs_allowed || rl->ccs_seen) |
| 760 | if (rl->handshake_completed || rl->change_cipher_spec_seen) | ||
| 761 | return tls13_send_alert(rl, SSL_AD_UNEXPECTED_MESSAGE); | 767 | return tls13_send_alert(rl, SSL_AD_UNEXPECTED_MESSAGE); |
| 762 | if (!tls13_record_content(rl->rrec, &cbs)) | 768 | if (!tls13_record_content(rl->rrec, &cbs)) |
| 763 | return tls13_send_alert(rl, TLS1_AD_DECODE_ERROR); | 769 | return tls13_send_alert(rl, TLS1_AD_DECODE_ERROR); |
| @@ -765,7 +771,7 @@ tls13_record_layer_read_record(struct tls13_record_layer *rl) | |||
| 765 | return tls13_send_alert(rl, TLS1_AD_DECODE_ERROR); | 771 | return tls13_send_alert(rl, TLS1_AD_DECODE_ERROR); |
| 766 | if (ccs != 1) | 772 | if (ccs != 1) |
| 767 | return tls13_send_alert(rl, SSL_AD_ILLEGAL_PARAMETER); | 773 | return tls13_send_alert(rl, SSL_AD_ILLEGAL_PARAMETER); |
| 768 | rl->change_cipher_spec_seen = 1; | 774 | rl->ccs_seen = 1; |
| 769 | tls13_record_layer_rrec_free(rl); | 775 | tls13_record_layer_rrec_free(rl); |
| 770 | return TLS13_IO_WANT_POLLIN; | 776 | return TLS13_IO_WANT_POLLIN; |
| 771 | } | 777 | } |