From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 1 Sep 2020 16:59:17 +0000 (+0200)
Subject: tls-peer: Return INVALID_STATE after changing TLS 1.3 keys
X-Git-Tag: 5.9.2rc1~23^2~59
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=00a6280aabc3dacd9737aa2c970f8c997bfd8aab;p=thirdparty%2Fstrongswan.git

tls-peer: Return INVALID_STATE after changing TLS 1.3 keys

Even though we return from build(), we are not actually sending a response,
so we can't return NEED_MORE (would send an invalid ClientHello message) and
if we return SUCCESS, the EAP layer treats this as failure (there is a comment
in eap_authenticator_t about client methods never returning SUCCESS from
process()).  Instead we return INVALID_STATE, which allows tls_t.build() to
exit from the build() loop immediately and send the already generated Finished
message.
---

diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c
index b5d5bef713..002b84c7af 100644
--- a/src/libtls/tls_peer.c
+++ b/src/libtls/tls_peer.c
@@ -1730,7 +1730,7 @@ METHOD(tls_handshake_t, build, status_t,
 				this->crypto->change_cipher(this->crypto, TRUE);
 				this->crypto->change_cipher(this->crypto, FALSE);
 				this->state = STATE_FINISHED_SENT_KEY_SWITCHED;
-				return SUCCESS;
+				return INVALID_STATE;
 			case STATE_KEY_UPDATE_REQUESTED:
 				return send_key_update(this, type, writer);
 			case STATE_KEY_UPDATE_SENT:
@@ -1741,9 +1741,7 @@ METHOD(tls_handshake_t, build, status_t,
 				}
 				this->crypto->change_cipher(this->crypto, FALSE);
 				this->state = STATE_FINISHED_SENT_KEY_SWITCHED;
-				return SUCCESS;
-			case STATE_FINISHED_SENT_KEY_SWITCHED:
-				return SUCCESS;
+				return INVALID_STATE;
 			default:
 				return INVALID_STATE;
 		}