summaryrefslogtreecommitdiff
path: root/src/lib/libssl/tls13_record_layer.c
diff options
context:
space:
mode:
authorjsing <>2020-05-09 15:47:11 +0000
committerjsing <>2020-05-09 15:47:11 +0000
commit99c3d9d6560601ac170c9657a01cf72bd69cfe63 (patch)
tree6e8f214c20026414855c7920faf36b25a965c998 /src/lib/libssl/tls13_record_layer.c
parenta50006cf45926d40abfb52acfd1a5a04779f7ba4 (diff)
downloadopenbsd-99c3d9d6560601ac170c9657a01cf72bd69cfe63.tar.gz
openbsd-99c3d9d6560601ac170c9657a01cf72bd69cfe63.tar.bz2
openbsd-99c3d9d6560601ac170c9657a01cf72bd69cfe63.zip
Send dummy ChangeCipherSpec messages from the TLSv1.3 client.
When operating in middlebox compatibility mode, the TLSv1.3 client needs to send a dummy ChangeCipherSpec message immediately before its second flight of handshake messages (when early data is not offered). ok tb@
Diffstat (limited to 'src/lib/libssl/tls13_record_layer.c')
-rw-r--r--src/lib/libssl/tls13_record_layer.c33
1 files changed, 30 insertions, 3 deletions
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c
index 6b9be4028c..ce6327b694 100644
--- a/src/lib/libssl/tls13_record_layer.c
+++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_record_layer.c,v 1.35 2020/05/09 15:39:18 jsing Exp $ */ 1/* $OpenBSD: tls13_record_layer.c,v 1.36 2020/05/09 15:47:11 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -30,6 +30,7 @@ struct tls13_record_layer {
30 30
31 int ccs_allowed; 31 int ccs_allowed;
32 int ccs_seen; 32 int ccs_seen;
33 int ccs_sent;
33 int handshake_completed; 34 int handshake_completed;
34 int legacy_alerts_allowed; 35 int legacy_alerts_allowed;
35 int phh; 36 int phh;
@@ -603,7 +604,14 @@ tls13_record_layer_seal_record_plaintext(struct tls13_record_layer *rl,
603 size_t data_len = 0; 604 size_t data_len = 0;
604 CBB cbb, body; 605 CBB cbb, body;
605 606
606 if (rl->aead != NULL) 607 /*
608 * Allow dummy CCS messages to be sent in plaintext even when
609 * record protection has been engaged, as long as the handshake
610 * has not yet completed.
611 */
612 if (rl->handshake_completed)
613 return 0;
614 if (rl->aead != NULL && content_type != SSL3_RT_CHANGE_CIPHER_SPEC)
607 return 0; 615 return 0;
608 616
609 /* 617 /*
@@ -752,7 +760,7 @@ tls13_record_layer_seal_record(struct tls13_record_layer *rl,
752 if ((rl->wrec = tls13_record_new()) == NULL) 760 if ((rl->wrec = tls13_record_new()) == NULL)
753 return 0; 761 return 0;
754 762
755 if (rl->aead == NULL) 763 if (rl->aead == NULL || content_type == SSL3_RT_CHANGE_CIPHER_SPEC)
756 return tls13_record_layer_seal_record_plaintext(rl, 764 return tls13_record_layer_seal_record_plaintext(rl,
757 content_type, content, content_len); 765 content_type, content, content_len);
758 766
@@ -1071,6 +1079,25 @@ tls13_record_layer_write(struct tls13_record_layer *rl, uint8_t content_type,
1071 return ret; 1079 return ret;
1072} 1080}
1073 1081
1082static const uint8_t tls13_dummy_ccs[] = { 0x01 };
1083
1084ssize_t
1085tls13_send_dummy_ccs(struct tls13_record_layer *rl)
1086{
1087 ssize_t ret;
1088
1089 if (rl->ccs_sent)
1090 return TLS13_IO_FAILURE;
1091
1092 if ((ret = tls13_record_layer_write(rl, SSL3_RT_CHANGE_CIPHER_SPEC,
1093 tls13_dummy_ccs, sizeof(tls13_dummy_ccs))) <= 0)
1094 return ret;
1095
1096 rl->ccs_sent = 1;
1097
1098 return TLS13_IO_SUCCESS;
1099}
1100
1074ssize_t 1101ssize_t
1075tls13_read_handshake_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n) 1102tls13_read_handshake_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n)
1076{ 1103{
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-16 08:24:03 +0000