diff options
| author | Michael Brown <mcb30@ipxe.org> | 2023-03-30 16:57:12 +0100 |
|---|---|---|
| committer | Michael Brown <mcb30@ipxe.org> | 2023-03-30 16:57:12 +0100 |
| commit | 2c6a15d2a350425c0f1f88e0e69cb5e9e2a651e5 (patch) | |
| tree | c9bc10ae5e306212f110b5371c37f87bf49e86a4 | |
| parent | 09e8a154084c57311463408e3f2e412c305a9638 (diff) | |
| download | ipxe-2c6a15d2a350425c0f1f88e0e69cb5e9e2a651e5.zip ipxe-2c6a15d2a350425c0f1f88e0e69cb5e9e2a651e5.tar.gz ipxe-2c6a15d2a350425c0f1f88e0e69cb5e9e2a651e5.tar.bz2 | |
[tls] Clean up change cipher spec record handling
Define and use data structures and constants for the (single-byte)
change cipher spec records.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
| -rw-r--r-- | src/include/ipxe/tls.h | 3 | ||||
| -rw-r--r-- | src/net/tls.c | 19 |
2 files changed, 18 insertions, 4 deletions
diff --git a/src/include/ipxe/tls.h b/src/include/ipxe/tls.h index 6fcb69b..99c7be0 100644 --- a/src/include/ipxe/tls.h +++ b/src/include/ipxe/tls.h @@ -52,6 +52,9 @@ struct tls_header { /** Change cipher content type */ #define TLS_TYPE_CHANGE_CIPHER 20 +/** Change cipher spec magic byte */ +#define TLS_CHANGE_CIPHER_SPEC 1 + /** Alert content type */ #define TLS_TYPE_ALERT 21 diff --git a/src/net/tls.c b/src/net/tls.c index 8996296..e0231b1 100644 --- a/src/net/tls.c +++ b/src/net/tls.c @@ -1682,9 +1682,14 @@ static int tls_send_certificate_verify ( struct tls_connection *tls ) { * @ret rc Return status code */ static int tls_send_change_cipher ( struct tls_connection *tls ) { - static const uint8_t change_cipher[1] = { 1 }; + static const struct { + uint8_t spec; + } __attribute__ (( packed )) change_cipher = { + .spec = TLS_CHANGE_CIPHER_SPEC, + }; + return tls_send_plaintext ( tls, TLS_TYPE_CHANGE_CIPHER, - change_cipher, sizeof ( change_cipher ) ); + &change_cipher, sizeof ( change_cipher ) ); } /** @@ -1737,14 +1742,20 @@ static int tls_send_finished ( struct tls_connection *tls ) { */ static int tls_new_change_cipher ( struct tls_connection *tls, const void *data, size_t len ) { + const struct { + uint8_t spec; + } __attribute__ (( packed )) *change_cipher = data; int rc; - if ( ( len != 1 ) || ( *( ( uint8_t * ) data ) != 1 ) ) { + /* Sanity check */ + if ( ( sizeof ( *change_cipher ) != len ) || + ( change_cipher->spec != TLS_CHANGE_CIPHER_SPEC ) ) { DBGC ( tls, "TLS %p received invalid Change Cipher\n", tls ); - DBGC_HD ( tls, data, len ); + DBGC_HD ( tls, change_cipher, len ); return -EINVAL_CHANGE_CIPHER; } + /* Change receive cipher spec */ if ( ( rc = tls_change_cipher ( tls, &tls->rx_cipherspec_pending, &tls->rx_cipherspec ) ) != 0 ) { DBGC ( tls, "TLS %p could not activate RX cipher: %s\n", |