From 04ffdc947bb92e60658bb1fc09ad47e3d426fb1b Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sun, 17 Nov 2019 18:27:16 +0000 Subject: Ensure that we are never operating in plaintext mode once the handshake is complete, which should never occur. ok beck@ --- src/lib/libssl/tls13_record_layer.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'src/lib') diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c index 8208ae508c..5487e005e4 100644 --- a/src/lib/libssl/tls13_record_layer.c +++ b/src/lib/libssl/tls13_record_layer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_record_layer.c,v 1.11 2019/11/17 17:20:16 jsing Exp $ */ +/* $OpenBSD: tls13_record_layer.c,v 1.12 2019/11/17 18:27:16 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -530,6 +530,9 @@ tls13_record_layer_open_record_protected(struct tls13_record_layer *rl) static int tls13_record_layer_open_record(struct tls13_record_layer *rl) { + if (rl->handshake_completed && rl->aead == NULL) + return 0; + if (rl->aead == NULL) return tls13_record_layer_open_record_plaintext(rl); @@ -686,6 +689,9 @@ static int tls13_record_layer_seal_record(struct tls13_record_layer *rl, uint8_t content_type, const uint8_t *content, size_t content_len) { + if (rl->handshake_completed && rl->aead == NULL) + return 0; + tls13_record_layer_wrec_free(rl); if ((rl->wrec = tls13_record_new()) == NULL) -- cgit v1.2.3-55-g6feb