From cc3fe1461ef20d8cb61d6a0c60d6e79f2f1ec773 Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Mon, 20 Jan 2020 22:49:10 -0800 Subject: [PATCH] Fixed TLS 1.3 state machine. --- microstack/ILibAsyncSocket.c | 4 +++- microstack/ILibCrypto.c | 5 +++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/microstack/ILibAsyncSocket.c b/microstack/ILibAsyncSocket.c index f4f2a23..d05e9a1 100644 --- a/microstack/ILibAsyncSocket.c +++ b/microstack/ILibAsyncSocket.c @@ -1215,7 +1215,9 @@ void ILibProcessAsyncSocket(struct ILibAsyncSocketModule *Reader, int pendingRea } SSL_TRACE2("SSL_handshake()"); } - else + + // Even if we get completed the TLS handshake, we must still read if data remains, this is possible with TLS 1.3 + if ((Reader->TLSHandshakeCompleted == 1) && (Reader->readBioBuffer->length > 0)) { SSL_TRACE1("SSL_read()"); while ((j = SSL_read(Reader->ssl, Reader->buffer + Reader->EndPointer, Reader->MallocSize - Reader->EndPointer))>0) diff --git a/microstack/ILibCrypto.c b/microstack/ILibCrypto.c index d9a5315..b36c68f 100644 --- a/microstack/ILibCrypto.c +++ b/microstack/ILibCrypto.c @@ -1085,12 +1085,13 @@ void __fastcall util_savekeys(SSL* ssl) { if (ssl == NULL) return; if (SSL_get_client_random(ssl, clientRandom, 32) != 32) return; if (SSL_get_server_random(ssl, serverRandom, 32) != 32) return; - if (SSL_SESSION_get_master_key(SSL_get_session(ssl), sessionSecret, 48) != 48) return; + len = SSL_SESSION_get_master_key(SSL_get_session(ssl), sessionSecret, 48); + if (len <= 0) return; // Convert the randoms and key into hex util_tohex(clientRandom, 32, clientRandomHex); util_tohex(serverRandom, 32, serverRandomHex); - util_tohex(sessionSecret, 48, sessionSecretHex); + util_tohex(sessionSecret, len, sessionSecretHex); // Append the client random and key to the log file. len = snprintf(text, 1000, "CLIENT_RANDOM %s %s\r\nCLIENT_RANDOM %s %s\r\n", clientRandomHex, sessionSecretHex, serverRandomHex, sessionSecretHex);