From 395120b4a264fb5eaadb4e8296f4d6bec2216b6b Mon Sep 17 00:00:00 2001 From: jsing <> Date: Mon, 25 Feb 2019 16:46:17 +0000 Subject: Add a handshake action sent handler and use it for client finished. The write traffic key needs to be changed to the client application traffic key after the client finished message has been sent. The send handler generates the client finished message, however we cannot switch keys at this stage since the client finished message has not yet been protected by the record layer. ok tb@ --- src/lib/libssl/tls13_client.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) (limited to 'src/lib/libssl/tls13_client.c') diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 5071507bbd..728d1a00c8 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.11 2019/02/25 16:39:14 jsing Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.12 2019/02/25 16:46:17 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -687,14 +687,6 @@ tls13_client_finished_send(struct tls13_ctx *ctx) if (!tls13_handshake_msg_finish(ctx->hs_msg)) goto err; - /* - * Any records following the client finished message must be encrypted - * using the client application traffic keys. - */ - if (!tls13_record_layer_set_write_traffic_key(ctx->rl, - &secrets->client_application_traffic)) - goto err; - ret = 1; err: @@ -702,3 +694,16 @@ tls13_client_finished_send(struct tls13_ctx *ctx) return ret; } + +int +tls13_client_finished_sent(struct tls13_ctx *ctx) +{ + struct tls13_secrets *secrets = ctx->hs->secrets; + + /* + * Any records following the client finished message must be encrypted + * using the client application traffic keys. + */ + return tls13_record_layer_set_write_traffic_key(ctx->rl, + &secrets->client_application_traffic); +} -- cgit v1.2.3-55-g6feb