summaryrefslogtreecommitdiff
path: root/lib/handshake-tls13.c
diff options
context:
space:
mode:
authorDaiki Ueno <dueno@redhat.com>2018-06-13 17:47:50 +0200
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2018-06-15 11:51:11 +0000
commit35a685b9f0ea284ca2efa53191d7e9d39c12b843 (patch)
tree742bf2719ee0bf3793bf56566d8ef1b906909089 /lib/handshake-tls13.c
parentb92f16ca8410b672fb20e4a58d511b797fbc0d9d (diff)
downloadgnutls-35a685b9f0ea284ca2efa53191d7e9d39c12b843.tar.gz
_gnutls13_handshake_server: send CCS immediately after HRR
In the TLS 1.3 middlebox compatibility mode, CCS follows the first handshake message sent from the server, that is either SH or HRR. Signed-off-by: Daiki Ueno <dueno@redhat.com>
Diffstat (limited to 'lib/handshake-tls13.c')
-rw-r--r--lib/handshake-tls13.c27
1 files changed, 19 insertions, 8 deletions
diff --git a/lib/handshake-tls13.c b/lib/handshake-tls13.c
index 443f9c8f8e..8a8ae52774 100644
--- a/lib/handshake-tls13.c
+++ b/lib/handshake-tls13.c
@@ -288,6 +288,13 @@ int _gnutls13_handshake_server(gnutls_session_t session)
IMED_RET("send hello retry request", ret, 0);
/* fall through */
case STATE92:
+#ifdef TLS13_APPENDIX_D4
+ ret = _gnutls_send_change_cipher_spec(session, AGAIN(STATE92));
+ STATE = STATE92;
+ IMED_RET("send change cipher spec", ret, 0);
+#endif
+ /* fall through */
+ case STATE93:
ret =
_gnutls_recv_handshake(session,
GNUTLS_HANDSHAKE_CLIENT_HELLO,
@@ -296,24 +303,28 @@ int _gnutls13_handshake_server(gnutls_session_t session)
/* this is triggered by post_client_hello, and instructs the
* handshake to proceed but be put on hold */
ret = GNUTLS_E_INTERRUPTED;
- STATE = STATE93; /* hello already parsed -> move to next state */
+ STATE = STATE94; /* hello already parsed -> move to next state */
} else {
- STATE = STATE92;
+ STATE = STATE93;
}
IMED_RET("recv client hello", ret, 0);
/* fall through */
- case STATE93:
- ret = _gnutls_send_server_hello(session, AGAIN(STATE93));
- STATE = STATE93;
+ case STATE94:
+ ret = _gnutls_send_server_hello(session, AGAIN(STATE94));
+ STATE = STATE94;
IMED_RET("send hello", ret, 0);
/* fall through */
case STATE99:
case STATE100:
#ifdef TLS13_APPENDIX_D4
- ret = _gnutls_send_change_cipher_spec(session, AGAIN(STATE100));
- STATE = STATE100;
- IMED_RET("send change cipher spec", ret, 0);
+ /* don't send CCS twice: when HRR has already been
+ * sent, CCS should have followed it (see above) */
+ if (!(session->internals.hsk_flags & HSK_HRR_SENT)) {
+ ret = _gnutls_send_change_cipher_spec(session, AGAIN(STATE100));
+ STATE = STATE100;
+ IMED_RET("send change cipher spec", ret, 0);
+ }
#endif
/* fall through */
case STATE101: