summaryrefslogtreecommitdiff
path: root/src/lib/libssl/tls13_record_layer.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/tls13_record_layer.c')
-rw-r--r--src/lib/libssl/tls13_record_layer.c68
1 files changed, 56 insertions, 12 deletions
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c
index 188f56e0b4..feaca53181 100644
--- a/src/lib/libssl/tls13_record_layer.c
+++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_record_layer.c,v 1.15 2019/11/18 02:44:20 jsing Exp $ */ 1/* $OpenBSD: tls13_record_layer.c,v 1.16 2019/11/26 23:46:18 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -30,6 +30,7 @@ static ssize_t tls13_record_layer_write_record(struct tls13_record_layer *rl,
30struct tls13_record_layer { 30struct tls13_record_layer {
31 int change_cipher_spec_seen; 31 int change_cipher_spec_seen;
32 int handshake_completed; 32 int handshake_completed;
33 int phh;
33 34
34 /* 35 /*
35 * Read and/or write channels are closed due to an alert being 36 * Read and/or write channels are closed due to an alert being
@@ -76,8 +77,8 @@ struct tls13_record_layer {
76 77
77 /* Record callbacks. */ 78 /* Record callbacks. */
78 tls13_alert_cb alert_cb; 79 tls13_alert_cb alert_cb;
79 tls13_post_handshake_recv_cb post_handshake_recv_cb; 80 tls13_phh_recv_cb phh_recv_cb;
80 tls13_post_handshake_sent_cb post_handshake_sent_cb; 81 tls13_phh_sent_cb phh_sent_cb;
81 82
82 /* Wire read/write callbacks. */ 83 /* Wire read/write callbacks. */
83 tls13_read_cb wire_read; 84 tls13_read_cb wire_read;
@@ -112,8 +113,8 @@ tls13_record_layer_wrec_free(struct tls13_record_layer *rl)
112struct tls13_record_layer * 113struct tls13_record_layer *
113tls13_record_layer_new(tls13_read_cb wire_read, tls13_write_cb wire_write, 114tls13_record_layer_new(tls13_read_cb wire_read, tls13_write_cb wire_write,
114 tls13_alert_cb alert_cb, 115 tls13_alert_cb alert_cb,
115 tls13_post_handshake_recv_cb post_handshake_recv_cb, 116 tls13_phh_recv_cb phh_recv_cb,
116 tls13_post_handshake_sent_cb post_handshake_sent_cb, 117 tls13_phh_sent_cb phh_sent_cb,
117 void *cb_arg) 118 void *cb_arg)
118{ 119{
119 struct tls13_record_layer *rl; 120 struct tls13_record_layer *rl;
@@ -124,8 +125,8 @@ tls13_record_layer_new(tls13_read_cb wire_read, tls13_write_cb wire_write,
124 rl->wire_read = wire_read; 125 rl->wire_read = wire_read;
125 rl->wire_write = wire_write; 126 rl->wire_write = wire_write;
126 rl->alert_cb = alert_cb; 127 rl->alert_cb = alert_cb;
127 rl->post_handshake_recv_cb = post_handshake_recv_cb; 128 rl->phh_recv_cb = phh_recv_cb;
128 rl->post_handshake_sent_cb = post_handshake_sent_cb; 129 rl->phh_sent_cb = phh_sent_cb;
129 rl->cb_arg = cb_arg; 130 rl->cb_arg = cb_arg;
130 131
131 return rl; 132 return rl;
@@ -304,6 +305,8 @@ tls13_record_layer_send_phh(struct tls13_record_layer *rl)
304 305
305 CBS_init(&rl->phh_cbs, rl->phh_data, rl->phh_len); 306 CBS_init(&rl->phh_cbs, rl->phh_data, rl->phh_len);
306 307
308 rl->phh_sent_cb(rl->cb_arg);
309
307 return TLS13_IO_SUCCESS; 310 return TLS13_IO_SUCCESS;
308} 311}
309 312
@@ -812,6 +815,16 @@ tls13_record_layer_read(struct tls13_record_layer *rl, uint8_t content_type,
812 815
813 /* XXX - need to check record version. */ 816 /* XXX - need to check record version. */
814 } 817 }
818
819 /*
820 * If we are in post handshake handshake mode, we may not see
821 * any record type that isn't a handshake until we are done.
822 */
823 if (rl->phh && rl->rbuf_content_type != SSL3_RT_HANDSHAKE) {
824 /* XXX send unexpected message alert */
825 return TLS13_IO_FAILURE;
826 }
827
815 if (rl->rbuf_content_type != content_type) { 828 if (rl->rbuf_content_type != content_type) {
816 /* 829 /*
817 * Handshake content can appear as post-handshake messages (yup, 830 * Handshake content can appear as post-handshake messages (yup,
@@ -821,15 +834,46 @@ tls13_record_layer_read(struct tls13_record_layer *rl, uint8_t content_type,
821 */ 834 */
822 if (rl->rbuf_content_type == SSL3_RT_HANDSHAKE) { 835 if (rl->rbuf_content_type == SSL3_RT_HANDSHAKE) {
823 if (rl->handshake_completed) { 836 if (rl->handshake_completed) {
824 if (rl->post_handshake_recv_cb != NULL) 837 rl->phh = 1;
825 rl->post_handshake_recv_cb( 838 ret = TLS13_IO_FAILURE;
839
840 /*
841 * The post handshake handshake
842 * receive callback is allowed to
843 * return:
844 *
845 * TLS13_IO_WANT_POLLIN ->
846 * I need more handshake data.
847 *
848 * TLS13_IO_WANT_POLLOUT -> I got the
849 * whole handshake message, and have
850 * enqueued a response
851 *
852 * TLS13_IO_SUCCESS -> I got the whole handshake,
853 * nothing more to do
854 *
855 * TLS13_IO_FAILURE -> something broke.
856 */
857 if (rl->phh_recv_cb != NULL) {
858 ret = rl->phh_recv_cb(
826 rl->cb_arg, &rl->rbuf_cbs); 859 rl->cb_arg, &rl->rbuf_cbs);
860 }
861
827 tls13_record_layer_rbuf_free(rl); 862 tls13_record_layer_rbuf_free(rl);
863
864 if (ret == TLS13_IO_WANT_POLLIN)
865 return ret;
866
828 /* 867 /*
829 * XXX if handshake or alert queued 868 * leave post handshake handshake mode
830 * return POLLOUT 869 * if we do not need more handshake data
831 */ 870 */
832 return TLS13_IO_WANT_POLLIN; 871 rl->phh = 0;
872
873 if (ret == TLS13_IO_SUCCESS)
874 return TLS13_IO_WANT_POLLIN;
875
876 return ret;
833 } 877 }
834 } 878 }
835 879
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-16 06:01:09 +0000