diff options
Diffstat (limited to 'src/lib/libssl/tls13_handshake.c')
-rw-r--r-- | src/lib/libssl/tls13_handshake.c | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c index ca36f879b4..d4d998248d 100644 --- a/src/lib/libssl/tls13_handshake.c +++ b/src/lib/libssl/tls13_handshake.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: tls13_handshake.c,v 1.39 2020/01/22 02:39:45 tb Exp $ */ | 1 | /* $OpenBSD: tls13_handshake.c,v 1.40 2020/01/22 13:10:51 jsing Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org> | 3 | * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org> |
4 | * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> | 4 | * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> |
@@ -32,7 +32,7 @@ struct tls13_handshake_action { | |||
32 | 32 | ||
33 | int (*send)(struct tls13_ctx *ctx); | 33 | int (*send)(struct tls13_ctx *ctx); |
34 | int (*sent)(struct tls13_ctx *ctx); | 34 | int (*sent)(struct tls13_ctx *ctx); |
35 | int (*recv)(struct tls13_ctx *ctx); | 35 | int (*recv)(struct tls13_ctx *ctx, CBS *cbs); |
36 | }; | 36 | }; |
37 | 37 | ||
38 | enum tls13_message_type tls13_handshake_active_state(struct tls13_ctx *ctx); | 38 | enum tls13_message_type tls13_handshake_active_state(struct tls13_ctx *ctx); |
@@ -389,11 +389,21 @@ tls13_handshake_recv_action(struct tls13_ctx *ctx, | |||
389 | action->handshake_type != TLS13_MT_CERTIFICATE_REQUEST)) | 389 | action->handshake_type != TLS13_MT_CERTIFICATE_REQUEST)) |
390 | return tls13_send_alert(ctx->rl, SSL_AD_UNEXPECTED_MESSAGE); | 390 | return tls13_send_alert(ctx->rl, SSL_AD_UNEXPECTED_MESSAGE); |
391 | 391 | ||
392 | /* XXX provide CBS and check all consumed. */ | 392 | if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs)) |
393 | return TLS13_IO_FAILURE; | ||
394 | |||
393 | ret = TLS13_IO_FAILURE; | 395 | ret = TLS13_IO_FAILURE; |
394 | if (action->recv(ctx)) | 396 | if (action->recv(ctx, &cbs)) { |
395 | ret = TLS13_IO_SUCCESS; | 397 | if (CBS_len(&cbs) != 0) { |
396 | else if (ctx->alert) | 398 | tls13_set_errorx(ctx, TLS13_ERR_TRAILING_DATA, 0, |
399 | "trailing data in handshake message", NULL); | ||
400 | ctx->alert = SSL_AD_DECODE_ERROR; | ||
401 | } else { | ||
402 | ret = TLS13_IO_SUCCESS; | ||
403 | } | ||
404 | } | ||
405 | |||
406 | if (ctx->alert) | ||
397 | ret = tls13_send_alert(ctx->rl, ctx->alert); | 407 | ret = tls13_send_alert(ctx->rl, ctx->alert); |
398 | 408 | ||
399 | tls13_handshake_msg_free(ctx->hs_msg); | 409 | tls13_handshake_msg_free(ctx->hs_msg); |