diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2020-01-22 05:06:24 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2020-01-22 05:06:24 +0000 |
| commit | 99fe12cbd9689580b2f0208476c706c94057674f (patch) | |
| tree | cf5b57b65af560f53055c82bd283cf3e3ed8781b /lib | |
| parent | 47423daf2440fafe1332d91fea5d78f8688c50cf (diff) | |
After the ClientHello has been sent or received and before the peer's
Finished message has been received, a change cipher spec may be received
and must be ignored. Add a flag to the record layer struct and set it at
the appropriate moments during the handshake so that we will ignore it.
ok jsing
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/tls13_client.c | 5 | ||||
| -rw-r--r-- | lib/libssl/tls13_internal.h | 3 | ||||
| -rw-r--r-- | lib/libssl/tls13_record_layer.c | 16 | ||||
| -rw-r--r-- | lib/libssl/tls13_server.c | 6 |
4 files changed, 22 insertions, 8 deletions
diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c index ef4c3de75f4..b42167a58a1 100644 --- a/lib/libssl/tls13_client.c +++ b/lib/libssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.25 2020/01/22 03:20:09 jsing Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.26 2020/01/22 05:06:23 tb Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * @@ -223,6 +223,7 @@ int tls13_client_hello_sent(struct tls13_ctx *ctx) { tls13_record_layer_set_legacy_version(ctx->rl, TLS1_2_VERSION); + tls13_record_layer_allow_ccs(ctx->rl, 1); return 1; } @@ -750,6 +751,8 @@ tls13_server_finished_recv(struct tls13_ctx *ctx) &secrets->server_application_traffic)) goto err; + tls13_record_layer_allow_ccs(ctx->rl, 0); + ret = 1; err: diff --git a/lib/libssl/tls13_internal.h b/lib/libssl/tls13_internal.h index 1eb05b71007..fc1d6c1889f 100644 --- a/lib/libssl/tls13_internal.h +++ b/lib/libssl/tls13_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_internal.h,v 1.42 2020/01/22 02:39:45 tb Exp $ */ +/* $OpenBSD: tls13_internal.h,v 1.43 2020/01/22 05:06:23 tb Exp $ */ /* * Copyright (c) 2018 Bob Beck <beck@openbsd.org> * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> @@ -117,6 +117,7 @@ struct tls13_record_layer *tls13_record_layer_new(tls13_read_cb wire_read, tls13_phh_recv_cb phh_recv_cb, tls13_phh_sent_cb phh_sent_cb, void *cb_arg); void tls13_record_layer_free(struct tls13_record_layer *rl); +void tls13_record_layer_allow_ccs(struct tls13_record_layer *rl, int allow); void tls13_record_layer_rbuf(struct tls13_record_layer *rl, CBS *cbs); void tls13_record_layer_set_aead(struct tls13_record_layer *rl, const EVP_AEAD *aead); diff --git a/lib/libssl/tls13_record_layer.c b/lib/libssl/tls13_record_layer.c index 600990a878a..ef558d52df6 100644 --- a/lib/libssl/tls13_record_layer.c +++ b/lib/libssl/tls13_record_layer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_record_layer.c,v 1.20 2020/01/22 02:39:45 tb Exp $ */ +/* $OpenBSD: tls13_record_layer.c,v 1.21 2020/01/22 05:06:23 tb Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * @@ -29,7 +29,8 @@ static ssize_t tls13_record_layer_write_record(struct tls13_record_layer *rl, struct tls13_record_layer { uint16_t legacy_version; - int change_cipher_spec_seen; + int ccs_allowed; + int ccs_seen; int handshake_completed; int phh; @@ -200,6 +201,12 @@ tls13_record_layer_update_nonce(struct tls13_secret *nonce, } void +tls13_record_layer_allow_ccs(struct tls13_record_layer *rl, int allow) +{ + rl->ccs_allowed = allow; +} + +void tls13_record_layer_set_aead(struct tls13_record_layer *rl, const EVP_AEAD *aead) { @@ -756,8 +763,7 @@ tls13_record_layer_read_record(struct tls13_record_layer *rl) * ignored. */ if (content_type == SSL3_RT_CHANGE_CIPHER_SPEC) { - /* XXX - need to check after ClientHello, before Finished. */ - if (rl->handshake_completed || rl->change_cipher_spec_seen) + if (!rl->ccs_allowed || rl->ccs_seen) return tls13_send_alert(rl, SSL_AD_UNEXPECTED_MESSAGE); if (!tls13_record_content(rl->rrec, &cbs)) return tls13_send_alert(rl, TLS1_AD_DECODE_ERROR); @@ -765,7 +771,7 @@ tls13_record_layer_read_record(struct tls13_record_layer *rl) return tls13_send_alert(rl, TLS1_AD_DECODE_ERROR); if (ccs != 1) return tls13_send_alert(rl, SSL_AD_ILLEGAL_PARAMETER); - rl->change_cipher_spec_seen = 1; + rl->ccs_seen = 1; tls13_record_layer_rrec_free(rl); return TLS13_IO_WANT_POLLIN; } diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c index 10d85a62b3c..fc3e80ad587 100644 --- a/lib/libssl/tls13_server.c +++ b/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.4 2020/01/22 02:21:05 beck Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.5 2020/01/22 05:06:23 tb Exp $ */ /* * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> * @@ -81,6 +81,8 @@ tls13_legacy_accept(SSL *ssl) int tls13_client_hello_recv(struct tls13_ctx *ctx) { + tls13_record_layer_allow_ccs(ctx->rl, 1); + return 0; } @@ -135,6 +137,8 @@ tls13_client_certificate_verify_recv(struct tls13_ctx *ctx) int tls13_client_finished_recv(struct tls13_ctx *ctx) { + tls13_record_layer_allow_ccs(ctx->rl, 0); + return 0; } |