Implement handling of Certificate and CertificateVerify messages.

This allows the TLS 1.3 client to process the certificates that the server
has sent and verify that the server has possession of the private key.

ok tb@

1 files changed, 1 insertions, 30 deletions

diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c
index 8d5b0e3516..3ebf1e9d73 100644
--- a/src/lib/libssl/tls13_handshake.c
+++ b/src/lib/libssl/tls13_handshake.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_handshake.c,v 1.25 2019/02/10 13:04:29 jsing Exp $      */
+/*      $OpenBSD: tls13_handshake.c,v 1.26 2019/02/11 17:48:15 jsing Exp $      */
 /*
  * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
@@ -491,35 +491,12 @@ tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx)
 }
 
 int
-tls13_server_certificate_recv(struct tls13_ctx *ctx)
-{
-        return 0;
-}
-
-int
 tls13_server_certificate_send(struct tls13_ctx *ctx)
 {
         return 0;
 }
 
 int
-tls13_server_certificate_request_recv(struct tls13_ctx *ctx)
-{
-        /*
-         * Thanks to poor state design in the RFC, this function can be called
-         * when we actually have a certificate message instead of a certificate
-         * request... in that case we call the certificate handler after
-         * switching state, to avoid advancing state.
-         */
-        if (tls13_handshake_msg_type(ctx->hs_msg) == TLS13_MT_CERTIFICATE) {
-                ctx->handshake_stage.hs_type |= WITHOUT_CR;
-                return tls13_server_certificate_recv(ctx);
-        }
-
-        return 0;
-}
-
-int
 tls13_server_certificate_request_send(struct tls13_ctx *ctx)
 {
         return 0;
@@ -532,12 +509,6 @@ tls13_server_certificate_verify_send(struct tls13_ctx *ctx)
 }
 
 int
-tls13_server_certificate_verify_recv(struct tls13_ctx *ctx)
-{
-        return 0;
-}
-
-int
 tls13_server_finished_recv(struct tls13_ctx *ctx)
 {
         return 0;