summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authorjsing <>2019-11-17 18:27:16 +0000
committerjsing <>2019-11-17 18:27:16 +0000
commit04ffdc947bb92e60658bb1fc09ad47e3d426fb1b (patch)
treec3b8fa457c73b95e8b999d857c5debd796cbf121 /src/lib
parent9bfb28ac67470fc0206f17c957aa89528235f373 (diff)
downloadopenbsd-04ffdc947bb92e60658bb1fc09ad47e3d426fb1b.tar.gz
openbsd-04ffdc947bb92e60658bb1fc09ad47e3d426fb1b.tar.bz2
openbsd-04ffdc947bb92e60658bb1fc09ad47e3d426fb1b.zip
Ensure that we are never operating in plaintext mode once the handshake
is complete, which should never occur. ok beck@
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libssl/tls13_record_layer.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c
index 8208ae508c..5487e005e4 100644
--- a/src/lib/libssl/tls13_record_layer.c
+++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_record_layer.c,v 1.11 2019/11/17 17:20:16 jsing Exp $ */ 1/* $OpenBSD: tls13_record_layer.c,v 1.12 2019/11/17 18:27:16 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -530,6 +530,9 @@ tls13_record_layer_open_record_protected(struct tls13_record_layer *rl)
530static int 530static int
531tls13_record_layer_open_record(struct tls13_record_layer *rl) 531tls13_record_layer_open_record(struct tls13_record_layer *rl)
532{ 532{
533 if (rl->handshake_completed && rl->aead == NULL)
534 return 0;
535
533 if (rl->aead == NULL) 536 if (rl->aead == NULL)
534 return tls13_record_layer_open_record_plaintext(rl); 537 return tls13_record_layer_open_record_plaintext(rl);
535 538
@@ -686,6 +689,9 @@ static int
686tls13_record_layer_seal_record(struct tls13_record_layer *rl, 689tls13_record_layer_seal_record(struct tls13_record_layer *rl,
687 uint8_t content_type, const uint8_t *content, size_t content_len) 690 uint8_t content_type, const uint8_t *content, size_t content_len)
688{ 691{
692 if (rl->handshake_completed && rl->aead == NULL)
693 return 0;
694
689 tls13_record_layer_wrec_free(rl); 695 tls13_record_layer_wrec_free(rl);
690 696
691 if ((rl->wrec = tls13_record_new()) == NULL) 697 if ((rl->wrec = tls13_record_new()) == NULL)
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 08:53:00 +0000