diff options
| author | jsing <> | 2019-01-21 10:44:08 +0000 |
|---|---|---|
| committer | jsing <> | 2019-01-21 10:44:08 +0000 |
| commit | dacdef0bd14d3205fd8b9a76fa9f8f2d56946ce4 (patch) | |
| tree | 2d62fadb51ad002be7e5cba46dd5f6f31c36c111 | |
| parent | 99fe8b99380227d1dceddd13bd867d7abb47184e (diff) | |
| download | openbsd-dacdef0bd14d3205fd8b9a76fa9f8f2d56946ce4.tar.gz openbsd-dacdef0bd14d3205fd8b9a76fa9f8f2d56946ce4.tar.bz2 openbsd-dacdef0bd14d3205fd8b9a76fa9f8f2d56946ce4.zip | |
The main handshake loop can be shared between client and server.
Pull the shared code up into a function and call it from tls13_connect()
and tls13_accept() instead of duplicating it.
"Yes, please!" tb@
| -rw-r--r-- | src/lib/libssl/tls13_handshake.c | 40 | ||||
| -rw-r--r-- | src/lib/libssl/tls13_internal.h | 4 |
2 files changed, 15 insertions, 29 deletions
diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c index 92780bb2f2..9e17fd1351 100644 --- a/src/lib/libssl/tls13_handshake.c +++ b/src/lib/libssl/tls13_handshake.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_handshake.c,v 1.15 2019/01/21 06:58:44 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_handshake.c,v 1.16 2019/01/21 10:44:08 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org> | 3 | * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org> |
| 4 | * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> | 4 | * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> |
| @@ -286,13 +286,11 @@ tls13_handshake_advance_state_machine(struct tls13_ctx *ctx) | |||
| 286 | } | 286 | } |
| 287 | 287 | ||
| 288 | int | 288 | int |
| 289 | tls13_connect(struct tls13_ctx *ctx) | 289 | tls13_handshake_perform(struct tls13_ctx *ctx) |
| 290 | { | 290 | { |
| 291 | struct tls13_handshake_action *action; | 291 | struct tls13_handshake_action *action; |
| 292 | int ret; | 292 | int ret; |
| 293 | 293 | ||
| 294 | ctx->mode = TLS13_HS_CLIENT; | ||
| 295 | |||
| 296 | for (;;) { | 294 | for (;;) { |
| 297 | if ((action = tls13_handshake_active_action(ctx)) == NULL) | 295 | if ((action = tls13_handshake_active_action(ctx)) == NULL) |
| 298 | return TLS13_IO_FAILURE; | 296 | return TLS13_IO_FAILURE; |
| @@ -300,7 +298,7 @@ tls13_connect(struct tls13_ctx *ctx) | |||
| 300 | if (action->handshake_complete) | 298 | if (action->handshake_complete) |
| 301 | return TLS13_IO_SUCCESS; | 299 | return TLS13_IO_SUCCESS; |
| 302 | 300 | ||
| 303 | if (action->sender == TLS13_HS_CLIENT) { | 301 | if (action->sender == ctx->mode) { |
| 304 | if ((ret = tls13_handshake_send_action(ctx, action)) <= 0) | 302 | if ((ret = tls13_handshake_send_action(ctx, action)) <= 0) |
| 305 | return ret; | 303 | return ret; |
| 306 | } else { | 304 | } else { |
| @@ -314,33 +312,19 @@ tls13_connect(struct tls13_ctx *ctx) | |||
| 314 | } | 312 | } |
| 315 | 313 | ||
| 316 | int | 314 | int |
| 317 | tls13_accept(struct tls13_ctx *ctx) | 315 | tls13_connect(struct tls13_ctx *ctx) |
| 318 | { | 316 | { |
| 319 | struct tls13_handshake_action *action; | 317 | ctx->mode = TLS13_HS_CLIENT; |
| 320 | int ret; | ||
| 321 | |||
| 322 | ctx->mode = TLS13_HS_SERVER; | ||
| 323 | |||
| 324 | for (;;) { | ||
| 325 | if ((action = tls13_handshake_active_action(ctx)) == NULL) | ||
| 326 | return TLS13_IO_FAILURE; | ||
| 327 | |||
| 328 | if (action->handshake_complete) | ||
| 329 | return TLS13_IO_SUCCESS; | ||
| 330 | 318 | ||
| 331 | if (action->sender == TLS13_HS_SERVER) { | 319 | return tls13_handshake_perform(ctx); |
| 332 | if ((ret = tls13_handshake_send_action(ctx, action)) <= 0) | 320 | } |
| 333 | return ret; | ||
| 334 | } else { | ||
| 335 | if ((ret = tls13_handshake_recv_action(ctx, action)) <= 0) | ||
| 336 | return ret; | ||
| 337 | } | ||
| 338 | 321 | ||
| 339 | if (!tls13_handshake_advance_state_machine(ctx)) | 322 | int |
| 340 | return TLS13_IO_FAILURE; | 323 | tls13_accept(struct tls13_ctx *ctx) |
| 341 | } | 324 | { |
| 325 | ctx->mode = TLS13_HS_SERVER; | ||
| 342 | 326 | ||
| 343 | return 1; | 327 | return tls13_handshake_perform(ctx); |
| 344 | } | 328 | } |
| 345 | 329 | ||
| 346 | int | 330 | int |
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h index 03fdab7e53..03de0fc40e 100644 --- a/src/lib/libssl/tls13_internal.h +++ b/src/lib/libssl/tls13_internal.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_internal.h,v 1.12 2019/01/21 09:10:58 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_internal.h,v 1.13 2019/01/21 10:44:08 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018 Bob Beck <beck@openbsd.org> |
| 4 | * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> | 4 | * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> |
| @@ -186,6 +186,8 @@ int tls13_legacy_write_bytes(SSL *ssl, int type, const void *buf, int len); | |||
| 186 | #define TLS13_MT_KEY_UPDATE 24 | 186 | #define TLS13_MT_KEY_UPDATE 24 |
| 187 | #define TLS13_MT_MESSAGE_HASH 254 | 187 | #define TLS13_MT_MESSAGE_HASH 254 |
| 188 | 188 | ||
| 189 | int tls13_handshake_perform(struct tls13_ctx *ctx); | ||
| 190 | |||
| 189 | int tls13_client_hello_send(struct tls13_ctx *ctx); | 191 | int tls13_client_hello_send(struct tls13_ctx *ctx); |
| 190 | int tls13_client_hello_recv(struct tls13_ctx *ctx); | 192 | int tls13_client_hello_recv(struct tls13_ctx *ctx); |
| 191 | int tls13_client_hello_retry_send(struct tls13_ctx *ctx); | 193 | int tls13_client_hello_retry_send(struct tls13_ctx *ctx); |