From 00a6280aabc3dacd9737aa2c970f8c997bfd8aab Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 1 Sep 2020 18:59:17 +0200
Subject: [PATCH] tls-peer: Return INVALID_STATE after changing TLS 1.3 keys

Even though we return from build(), we are not actually sending a response,
so we can't return NEED_MORE (would send an invalid ClientHello message) and
if we return SUCCESS, the EAP layer treats this as failure (there is a comment
in eap_authenticator_t about client methods never returning SUCCESS from
process()).  Instead we return INVALID_STATE, which allows tls_t.build() to
exit from the build() loop immediately and send the already generated Finished
message.
---
 src/libtls/tls_peer.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c
index b5d5bef713..002b84c7af 100644
--- a/src/libtls/tls_peer.c
+++ b/src/libtls/tls_peer.c
@@ -1730,7 +1730,7 @@ METHOD(tls_handshake_t, build, status_t,
 				this->crypto->change_cipher(this->crypto, TRUE);
 				this->crypto->change_cipher(this->crypto, FALSE);
 				this->state = STATE_FINISHED_SENT_KEY_SWITCHED;
-				return SUCCESS;
+				return INVALID_STATE;
 			case STATE_KEY_UPDATE_REQUESTED:
 				return send_key_update(this, type, writer);
 			case STATE_KEY_UPDATE_SENT:
@@ -1741,9 +1741,7 @@ METHOD(tls_handshake_t, build, status_t,
 				}
 				this->crypto->change_cipher(this->crypto, FALSE);
 				this->state = STATE_FINISHED_SENT_KEY_SWITCHED;
-				return SUCCESS;
-			case STATE_FINISHED_SENT_KEY_SWITCHED:
-				return SUCCESS;
+				return INVALID_STATE;
 			default:
 				return INVALID_STATE;
 		}
-- 
2.47.3