diff options
| -rw-r--r-- | src/lib/libssl/tls13_client.c | 23 | ||||
| -rw-r--r-- | src/lib/libssl/tls13_handshake.c | 7 | ||||
| -rw-r--r-- | src/lib/libssl/tls13_internal.h | 3 |
3 files changed, 22 insertions, 11 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 5071507bbd..728d1a00c8 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_client.c,v 1.11 2019/02/25 16:39:14 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_client.c,v 1.12 2019/02/25 16:46:17 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -687,14 +687,6 @@ tls13_client_finished_send(struct tls13_ctx *ctx) | |||
| 687 | if (!tls13_handshake_msg_finish(ctx->hs_msg)) | 687 | if (!tls13_handshake_msg_finish(ctx->hs_msg)) |
| 688 | goto err; | 688 | goto err; |
| 689 | 689 | ||
| 690 | /* | ||
| 691 | * Any records following the client finished message must be encrypted | ||
| 692 | * using the client application traffic keys. | ||
| 693 | */ | ||
| 694 | if (!tls13_record_layer_set_write_traffic_key(ctx->rl, | ||
| 695 | &secrets->client_application_traffic)) | ||
| 696 | goto err; | ||
| 697 | |||
| 698 | ret = 1; | 690 | ret = 1; |
| 699 | 691 | ||
| 700 | err: | 692 | err: |
| @@ -702,3 +694,16 @@ tls13_client_finished_send(struct tls13_ctx *ctx) | |||
| 702 | 694 | ||
| 703 | return ret; | 695 | return ret; |
| 704 | } | 696 | } |
| 697 | |||
| 698 | int | ||
| 699 | tls13_client_finished_sent(struct tls13_ctx *ctx) | ||
| 700 | { | ||
| 701 | struct tls13_secrets *secrets = ctx->hs->secrets; | ||
| 702 | |||
| 703 | /* | ||
| 704 | * Any records following the client finished message must be encrypted | ||
| 705 | * using the client application traffic keys. | ||
| 706 | */ | ||
| 707 | return tls13_record_layer_set_write_traffic_key(ctx->rl, | ||
| 708 | &secrets->client_application_traffic); | ||
| 709 | } | ||
diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c index aeb490f350..598a7c1666 100644 --- a/src/lib/libssl/tls13_handshake.c +++ b/src/lib/libssl/tls13_handshake.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_handshake.c,v 1.28 2019/02/14 18:06:35 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_handshake.c,v 1.29 2019/02/25 16:46:17 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org> | 3 | * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org> |
| 4 | * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> | 4 | * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> |
| @@ -36,6 +36,7 @@ struct tls13_handshake_action { | |||
| 36 | uint8_t preserve_transcript_hash; | 36 | uint8_t preserve_transcript_hash; |
| 37 | 37 | ||
| 38 | int (*send)(struct tls13_ctx *ctx); | 38 | int (*send)(struct tls13_ctx *ctx); |
| 39 | int (*sent)(struct tls13_ctx *ctx); | ||
| 39 | int (*recv)(struct tls13_ctx *ctx); | 40 | int (*recv)(struct tls13_ctx *ctx); |
| 40 | }; | 41 | }; |
| 41 | 42 | ||
| @@ -93,6 +94,7 @@ struct tls13_handshake_action state_machine[] = { | |||
| 93 | .handshake_type = TLS13_MT_FINISHED, | 94 | .handshake_type = TLS13_MT_FINISHED, |
| 94 | .sender = TLS13_HS_CLIENT, | 95 | .sender = TLS13_HS_CLIENT, |
| 95 | .send = tls13_client_finished_send, | 96 | .send = tls13_client_finished_send, |
| 97 | .sent = tls13_client_finished_sent, | ||
| 96 | .recv = tls13_client_finished_recv, | 98 | .recv = tls13_client_finished_recv, |
| 97 | }, | 99 | }, |
| 98 | [CLIENT_KEY_UPDATE] = { | 100 | [CLIENT_KEY_UPDATE] = { |
| @@ -347,6 +349,9 @@ tls13_handshake_send_action(struct tls13_ctx *ctx, | |||
| 347 | tls13_handshake_msg_free(ctx->hs_msg); | 349 | tls13_handshake_msg_free(ctx->hs_msg); |
| 348 | ctx->hs_msg = NULL; | 350 | ctx->hs_msg = NULL; |
| 349 | 351 | ||
| 352 | if (action->sent != NULL && !action->sent(ctx)) | ||
| 353 | return TLS13_IO_FAILURE; | ||
| 354 | |||
| 350 | return TLS13_IO_SUCCESS; | 355 | return TLS13_IO_SUCCESS; |
| 351 | } | 356 | } |
| 352 | 357 | ||
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h index 0e26d9c01c..b3b510c690 100644 --- a/src/lib/libssl/tls13_internal.h +++ b/src/lib/libssl/tls13_internal.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_internal.h,v 1.21 2019/02/25 14:36:25 inoguchi Exp $ */ | 1 | /* $OpenBSD: tls13_internal.h,v 1.22 2019/02/25 16:46:17 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018 Bob Beck <beck@openbsd.org> |
| 4 | * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> | 4 | * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> |
| @@ -244,6 +244,7 @@ int tls13_client_certificate_verify_send(struct tls13_ctx *ctx); | |||
| 244 | int tls13_client_certificate_verify_recv(struct tls13_ctx *ctx); | 244 | int tls13_client_certificate_verify_recv(struct tls13_ctx *ctx); |
| 245 | int tls13_client_finished_recv(struct tls13_ctx *ctx); | 245 | int tls13_client_finished_recv(struct tls13_ctx *ctx); |
| 246 | int tls13_client_finished_send(struct tls13_ctx *ctx); | 246 | int tls13_client_finished_send(struct tls13_ctx *ctx); |
| 247 | int tls13_client_finished_sent(struct tls13_ctx *ctx); | ||
| 247 | int tls13_client_key_update_send(struct tls13_ctx *ctx); | 248 | int tls13_client_key_update_send(struct tls13_ctx *ctx); |
| 248 | int tls13_client_key_update_recv(struct tls13_ctx *ctx); | 249 | int tls13_client_key_update_recv(struct tls13_ctx *ctx); |
| 249 | int tls13_server_hello_recv(struct tls13_ctx *ctx); | 250 | int tls13_server_hello_recv(struct tls13_ctx *ctx); |