diff options
| author | tb <> | 2020-05-10 17:13:30 +0000 |
|---|---|---|
| committer | tb <> | 2020-05-10 17:13:30 +0000 |
| commit | 42977f0c5dfb5d699fb459f527b85ca475cd30aa (patch) | |
| tree | 9b324a09d611e1d490ffe26c5e54d2031501ff81 /src/lib/libssl/tls13_server.c | |
| parent | 986d1aef11f23f35017e61c5933913ff8e189d57 (diff) | |
| download | openbsd-42977f0c5dfb5d699fb459f527b85ca475cd30aa.tar.gz openbsd-42977f0c5dfb5d699fb459f527b85ca475cd30aa.tar.bz2 openbsd-42977f0c5dfb5d699fb459f527b85ca475cd30aa.zip | |
Send dummy ChangeCipherSpec messages from the TLSv1.3 server
If the client has requested middle box compatibility mode by sending
a non-empty legacy_session_id, the server must send a dummy CCS right
after its first handshake message. This means right after ServerHello
or HelloRetryRequest.
Two important improvements over the backed-out diffr: make sure that
First: client and server can send their dummy CCS at the correct moment
(right before the next flight or right after the current flight).
Second: as jsing noted, we also need to deal with the corner case that
tls13_send_dummy_ccs() can return TLS13_IO_WANT_POLLOUT.
with/ok jsing
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/tls13_server.c | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index f96d054500..9616f392e1 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_server.c,v 1.42 2020/05/10 16:59:51 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_server.c,v 1.43 2020/05/10 17:13:30 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> | 4 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> |
| @@ -335,6 +335,20 @@ tls13_server_hello_retry_request_send(struct tls13_ctx *ctx, CBB *cbb) | |||
| 335 | } | 335 | } |
| 336 | 336 | ||
| 337 | int | 337 | int |
| 338 | tls13_server_hello_retry_request_sent(struct tls13_ctx *ctx) | ||
| 339 | { | ||
| 340 | /* | ||
| 341 | * If the client has requested middlebox compatibility mode, | ||
| 342 | * we MUST send a dummy CCS following our first handshake message. | ||
| 343 | * See RFC 8446 Appendix D.4. | ||
| 344 | */ | ||
| 345 | if (ctx->hs->legacy_session_id_len > 0) | ||
| 346 | ctx->send_dummy_ccs_after = 1; | ||
| 347 | |||
| 348 | return 1; | ||
| 349 | } | ||
| 350 | |||
| 351 | int | ||
| 338 | tls13_client_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs) | 352 | tls13_client_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs) |
| 339 | { | 353 | { |
| 340 | SSL *s = ctx->ssl; | 354 | SSL *s = ctx->ssl; |
| @@ -368,6 +382,15 @@ tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb) | |||
| 368 | int | 382 | int |
| 369 | tls13_server_hello_sent(struct tls13_ctx *ctx) | 383 | tls13_server_hello_sent(struct tls13_ctx *ctx) |
| 370 | { | 384 | { |
| 385 | /* | ||
| 386 | * If the client has requested middlebox compatibility mode, | ||
| 387 | * we MUST send a dummy CCS following our first handshake message. | ||
| 388 | * See RFC 8446 Appendix D.4. | ||
| 389 | */ | ||
| 390 | if ((ctx->handshake_stage.hs_type & WITHOUT_HRR) && | ||
| 391 | ctx->hs->legacy_session_id_len > 0) | ||
| 392 | ctx->send_dummy_ccs_after = 1; | ||
| 393 | |||
| 371 | return tls13_server_engage_record_protection(ctx); | 394 | return tls13_server_engage_record_protection(ctx); |
| 372 | } | 395 | } |
| 373 | 396 | ||