diff options
Diffstat (limited to 'lib/ssl/src/tls_record_1_3.erl')
-rw-r--r-- | lib/ssl/src/tls_record_1_3.erl | 39 |
1 files changed, 33 insertions, 6 deletions
diff --git a/lib/ssl/src/tls_record_1_3.erl b/lib/ssl/src/tls_record_1_3.erl index ff198a09bf..d424336187 100644 --- a/lib/ssl/src/tls_record_1_3.erl +++ b/lib/ssl/src/tls_record_1_3.erl @@ -111,21 +111,32 @@ decode_cipher_text(#ssl_tls{type = ?OPAQUE_TYPE, cipher_type = ?AEAD, bulk_cipher_algorithm = BulkCipherAlgo} - } = ReadState0} = ConnnectionStates0) -> + } = ReadState0} = ConnectionStates0) -> AAD = start_additional_data(), CipherS1 = ssl_cipher:nonce_seed(<<?UINT64(Seq)>>, CipherS0), case decipher_aead(BulkCipherAlgo, CipherS1, AAD, CipherFragment) of {PlainFragment, CipherS1} -> - ConnnectionStates = - ConnnectionStates0#{current_read => + ConnectionStates = + ConnectionStates0#{current_read => ReadState0#{cipher_state => CipherS1, sequence_number => Seq + 1}}, - decode_inner_plaintext(PlainFragment, ConnnectionStates); + decode_inner_plaintext(PlainFragment, ConnectionStates); #alert{} = Alert -> Alert end; +decode_cipher_text(#ssl_tls{type = Type, + version = ?LEGACY_VERSION, + fragment = CipherFragment}, + #{current_read := + #{security_parameters := + #security_parameters{ + cipher_suite = ?TLS_NULL_WITH_NULL_NULL} + }} = ConnnectionStates0) -> + {#ssl_tls{type = Type, + version = {3,4}, %% Internally use real version + fragment = CipherFragment}, ConnnectionStates0}; decode_cipher_text(#ssl_tls{type = Type}, _) -> - %% Version mismatch is already asserted + %% Version mismatch is already asserted ?ALERT_REC(?FATAL, ?BAD_RECORD_MAC, {record_typ_mismatch, Type}). %%-------------------------------------------------------------------- @@ -169,7 +180,23 @@ encode_plain_text(#inner_plaintext{ AAD = start_additional_data(), CipherS1 = ssl_cipher:nonce_seed(<<?UINT64(Seq)>>, CipherS0), {Encoded, WriteState} = cipher_aead(PlainText, WriteState0#{cipher_state => CipherS1}, AAD), - {#tls_cipher_text{encoded_record = Encoded}, WriteState}; + {#tls_cipher_text{opaque_type = Type, + legacy_version = {3,3}, + encoded_record = Encoded}, WriteState}; +encode_plain_text(#inner_plaintext{ + content = Data, + type = Type + }, #{security_parameters := + #security_parameters{ + cipher_suite = ?TLS_NULL_WITH_NULL_NULL} + } = WriteState0) -> + %% RFC8446 - 5.1. Record Layer + %% When record protection has not yet been engaged, TLSPlaintext + %% structures are written directly onto the wire. + {#tls_cipher_text{opaque_type = Type, + legacy_version = {3,3}, + encoded_record = Data}, WriteState0}; + encode_plain_text(_, CS) -> exit({cs, CS}). |