summaryrefslogtreecommitdiff
path: root/src/lib/libssl/tls13_handshake.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/tls13_handshake.c')
-rw-r--r--src/lib/libssl/tls13_handshake.c22
1 files changed, 16 insertions, 6 deletions
diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c
index ca36f879b4..d4d998248d 100644
--- a/src/lib/libssl/tls13_handshake.c
+++ b/src/lib/libssl/tls13_handshake.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_handshake.c,v 1.39 2020/01/22 02:39:45 tb Exp $ */ 1/* $OpenBSD: tls13_handshake.c,v 1.40 2020/01/22 13:10:51 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org> 3 * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org>
4 * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> 4 * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
@@ -32,7 +32,7 @@ struct tls13_handshake_action {
32 32
33 int (*send)(struct tls13_ctx *ctx); 33 int (*send)(struct tls13_ctx *ctx);
34 int (*sent)(struct tls13_ctx *ctx); 34 int (*sent)(struct tls13_ctx *ctx);
35 int (*recv)(struct tls13_ctx *ctx); 35 int (*recv)(struct tls13_ctx *ctx, CBS *cbs);
36}; 36};
37 37
38enum tls13_message_type tls13_handshake_active_state(struct tls13_ctx *ctx); 38enum tls13_message_type tls13_handshake_active_state(struct tls13_ctx *ctx);
@@ -389,11 +389,21 @@ tls13_handshake_recv_action(struct tls13_ctx *ctx,
389 action->handshake_type != TLS13_MT_CERTIFICATE_REQUEST)) 389 action->handshake_type != TLS13_MT_CERTIFICATE_REQUEST))
390 return tls13_send_alert(ctx->rl, SSL_AD_UNEXPECTED_MESSAGE); 390 return tls13_send_alert(ctx->rl, SSL_AD_UNEXPECTED_MESSAGE);
391 391
392 /* XXX provide CBS and check all consumed. */ 392 if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs))
393 return TLS13_IO_FAILURE;
394
393 ret = TLS13_IO_FAILURE; 395 ret = TLS13_IO_FAILURE;
394 if (action->recv(ctx)) 396 if (action->recv(ctx, &cbs)) {
395 ret = TLS13_IO_SUCCESS; 397 if (CBS_len(&cbs) != 0) {
396 else if (ctx->alert) 398 tls13_set_errorx(ctx, TLS13_ERR_TRAILING_DATA, 0,
399 "trailing data in handshake message", NULL);
400 ctx->alert = SSL_AD_DECODE_ERROR;
401 } else {
402 ret = TLS13_IO_SUCCESS;
403 }
404 }
405
406 if (ctx->alert)
397 ret = tls13_send_alert(ctx->rl, ctx->alert); 407 ret = tls13_send_alert(ctx->rl, ctx->alert);
398 408
399 tls13_handshake_msg_free(ctx->hs_msg); 409 tls13_handshake_msg_free(ctx->hs_msg);