From cb97f4527d54b35cc93596c8f1b490f8d328b598 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sat, 19 Jan 2019 04:02:29 +0000 Subject: Add handshake message type checking and special case certificate requests. Check that the handshake message type received matches that required by the state machine. However, thanks to poor state design in the TLSv1.3 RFC, there is no way to know if you're going to receive a certificate request message or not, hence we have to special case it and teach the receive handler how to handle this situation. Discussed at length with beck@ and tb@ during the hackathon. ok tb@ --- src/lib/libssl/tls13_handshake.c | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c index b566ed2298..f322cbe39b 100644 --- a/src/lib/libssl/tls13_handshake.c +++ b/src/lib/libssl/tls13_handshake.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_handshake.c,v 1.9 2019/01/19 03:32:03 jsing Exp $ */ +/* $OpenBSD: tls13_handshake.c,v 1.10 2019/01/19 04:02:29 jsing Exp $ */ /* * Copyright (c) 2018-2019 Theo Buehler * Copyright (c) 2019 Joel Sing @@ -351,6 +351,22 @@ int tls13_handshake_recv_action(struct tls13_ctx *ctx, struct tls13_handshake_action *action) { + uint8_t msg_type; + + msg_type = 0; /* XXX */ + + /* + * In TLSv1.3 there is no way to know if you're going to receive a + * certificate request message or not, hence we have to special case it + * here. The receive handler also knows how to deal with this situation. + */ + if (msg_type != action->handshake_type && + (msg_type != TLS13_MT_CERTIFICATE || + action->handshake_type != TLS13_MT_CERTIFICATE_REQUEST)) { + /* XXX send unexpected message alert */ + return TLS13_IO_FAILURE; + } + return action->recv(ctx); } @@ -482,6 +498,19 @@ tls13_server_certificate_send(struct tls13_ctx *ctx) int tls13_server_certificate_request_recv(struct tls13_ctx *ctx) { + uint8_t msg_type = 0; /* XXX */ + + /* + * Thanks to poor state design in the RFC, this function can be called + * when we actually have a certificate message instead of a certificate + * request... in that case we call the certificate handler after + * switching state, to avoid advancing state. + */ + if (msg_type == TLS13_MT_CERTIFICATE) { + ctx->handshake.hs_type |= WITHOUT_CR; + return tls13_server_certificate_recv(ctx); + } + return 0; } -- cgit v1.2.3-55-g6feb