diff options
| -rw-r--r-- | lib/libssl/tls13_handshake.c | 9 | ||||
| -rw-r--r-- | lib/libssl/tls13_internal.h | 3 | ||||
| -rw-r--r-- | lib/libssl/tls13_server.c | 25 |
3 files changed, 34 insertions, 3 deletions
diff --git a/lib/libssl/tls13_handshake.c b/lib/libssl/tls13_handshake.c index 05446380ddb..1825bfbf6c9 100644 --- a/lib/libssl/tls13_handshake.c +++ b/lib/libssl/tls13_handshake.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_handshake.c,v 1.57 2020/05/09 15:47:11 jsing Exp $ */ +/* $OpenBSD: tls13_handshake.c,v 1.58 2020/05/09 16:43:05 tb Exp $ */ /* * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org> * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> @@ -102,6 +102,7 @@ static const struct tls13_handshake_action state_machine[] = { .sender = TLS13_HS_SERVER, .send = tls13_server_hello_retry_request_send, .recv = tls13_server_hello_retry_request_recv, + .sent = tls13_server_hello_retry_request_sent, }, [SERVER_ENCRYPTED_EXTENSIONS] = { .handshake_type = TLS13_MT_ENCRYPTED_EXTENSIONS, @@ -373,6 +374,12 @@ tls13_handshake_send_action(struct tls13_ctx *ctx, if (action->sent != NULL && !action->sent(ctx)) return TLS13_IO_FAILURE; + if (ctx->send_dummy_ccs) { + if ((ret = tls13_send_dummy_ccs(ctx->rl)) != TLS13_IO_SUCCESS) + return ret; + ctx->send_dummy_ccs = 0; + } + return TLS13_IO_SUCCESS; } diff --git a/lib/libssl/tls13_internal.h b/lib/libssl/tls13_internal.h index 438423aaff5..e3aaf634c32 100644 --- a/lib/libssl/tls13_internal.h +++ b/lib/libssl/tls13_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_internal.h,v 1.70 2020/05/09 15:47:11 jsing Exp $ */ +/* $OpenBSD: tls13_internal.h,v 1.71 2020/05/09 16:43:05 tb Exp $ */ /* * Copyright (c) 2018 Bob Beck <beck@openbsd.org> * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> @@ -323,6 +323,7 @@ int tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb); int tls13_server_hello_sent(struct tls13_ctx *ctx); int tls13_server_hello_retry_request_recv(struct tls13_ctx *ctx, CBS *cbs); int tls13_server_hello_retry_request_send(struct tls13_ctx *ctx, CBB *cbb); +int tls13_server_hello_retry_request_sent(struct tls13_ctx *ctx); int tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx, CBS *cbs); int tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx, CBB *cbb); int tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs); diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c index 2fe5428b718..5e2711d4d48 100644 --- a/lib/libssl/tls13_server.c +++ b/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.38 2020/05/09 14:02:24 tb Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.39 2020/05/09 16:43:05 tb Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> * Copyright (c) 2020 Bob Beck <beck@openbsd.org> @@ -335,6 +335,20 @@ tls13_server_hello_retry_request_send(struct tls13_ctx *ctx, CBB *cbb) } int +tls13_server_hello_retry_request_sent(struct tls13_ctx *ctx) +{ + /* + * If the client has requested middlebox compatibility mode, + * we MUST send a dummy CCS following our first handshake message. + * See RFC 8446 Appendix D.4. + */ + if (ctx->hs->legacy_session_id_len > 0) + ctx->send_dummy_ccs = 1; + + return 1; +} + +int tls13_client_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs) { SSL *s = ctx->ssl; @@ -368,6 +382,15 @@ tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb) int tls13_server_hello_sent(struct tls13_ctx *ctx) { + /* + * If the client has requested middlebox compatibility mode, + * we MUST send a dummy CCS following our first handshake message. + * See RFC 8446 Appendix D.4. + */ + if ((ctx->handshake_stage.hs_type & WITHOUT_HRR) && + ctx->hs->legacy_session_id_len > 0) + ctx->send_dummy_ccs = 1; + return tls13_server_engage_record_protection(ctx); } |