Add some internal consistency checks to the handshake state handling.

Fix the tls13_handshake_advance_state_machine() return value, which inadvertantly got flipped in an earlier commit. Also move this function to a more suitable location. ok tb@
author: jsing <> 2019-01-20 02:57:16 +0000
committer: jsing <> 2019-01-20 02:57:16 +0000
commit: b05e94746a653cd4b83bc444092de90f90e0ea88 (patch)
tree: 898b24ffa901db1a0e40faebcccb781d740463e0
parent: 3b92b80575a2a6534616ef86463ebb3c68dc1f62 (diff)
download: openbsd-b05e94746a653cd4b83bc444092de90f90e0ea88.tar.gz
openbsd-b05e94746a653cd4b83bc444092de90f90e0ea88.tar.bz2
openbsd-b05e94746a653cd4b83bc444092de90f90e0ea88.zip
1 files changed, 23 insertions, 9 deletions
diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c
index 7798093def..9110c601c6 100644
--- a/src/lib/libssl/tls13_handshake.c
+++ b/src/lib/libssl/tls13_handshake.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_handshake.c,v 1.11 2019/01/20 02:08:05 tb Exp $ */
+/*      $OpenBSD: tls13_handshake.c,v 1.12 2019/01/20 02:57:16 jsing Exp $      */
 /*
 * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org>
 * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
@@ -30,7 +30,7 @@
 /* Indexing into the state machine */
 struct tls13_handshake {
        uint8_t                 hs_type;
-        int                     message_number;
+        uint8_t                 message_number;
 };
 struct tls13_ctx {
@@ -259,10 +259,18 @@ static enum tls13_message_type handshakes[][TLS13_NUM_MESSAGE_TYPES] = {
        },
 };
+#define NUM_HANDSHAKES (sizeof(handshakes) / sizeof(handshakes[0]))
 enum tls13_message_type
 tls13_handshake_active_state(struct tls13_ctx *ctx)
 {
        struct tls13_handshake hs = ctx->handshake;
+        if (hs.hs_type >= NUM_HANDSHAKES)
+                return INVALID;
+        if (hs.message_number >= TLS13_NUM_MESSAGE_TYPES)
+                return INVALID;
        return handshakes[hs.hs_type][hs.message_number];
 }
@@ -270,10 +278,23 @@ struct tls13_handshake_action *
 tls13_handshake_active_action(struct tls13_ctx *ctx)
 {
        enum tls13_message_type mt = tls13_handshake_active_state(ctx);
+        if (mt == INVALID)
+                return NULL;
        return &state_machine[mt];
 }
 int
+tls13_handshake_advance_state_machine(struct tls13_ctx *ctx)
+{
+        if (++ctx->handshake.message_number >= TLS13_NUM_MESSAGE_TYPES)
+                return 0;
+        return 1;
+}
+int
 tls13_connect(struct tls13_ctx *ctx)
 {
        struct tls13_handshake_action *action;
@@ -332,13 +353,6 @@ tls13_accept(struct tls13_ctx *ctx)
 }
 int
-tls13_handshake_advance_state_machine(struct tls13_ctx *ctx)
-{
-        ctx->handshake.message_number++;
-        return 0;
-}
-int
 tls13_handshake_send_action(struct tls13_ctx *ctx,
    struct tls13_handshake_action *action)
 {
author	jsing <>	2019-01-20 02:57:16 +0000
committer	jsing <>	2019-01-20 02:57:16 +0000
commit	b05e94746a653cd4b83bc444092de90f90e0ea88 (patch)
tree	898b24ffa901db1a0e40faebcccb781d740463e0
parent	3b92b80575a2a6534616ef86463ebb3c68dc1f62 (diff)
download	openbsd-b05e94746a653cd4b83bc444092de90f90e0ea88.tar.gz openbsd-b05e94746a653cd4b83bc444092de90f90e0ea88.tar.bz2 openbsd-b05e94746a653cd4b83bc444092de90f90e0ea88.zip