diff options
| author | jsing <> | 2020-04-22 17:05:07 +0000 |
|---|---|---|
| committer | jsing <> | 2020-04-22 17:05:07 +0000 |
| commit | c18a60d45888295bb8cf344e076d84ef817a65a5 (patch) | |
| tree | c7a924ebca094d3b2e25924b18e7bcf1cf4da7b7 /src/lib/libssl/tls13_handshake.c | |
| parent | c430432c2ef1ea560124b642f581c3e1ddb24f69 (diff) | |
| download | openbsd-c18a60d45888295bb8cf344e076d84ef817a65a5.tar.gz openbsd-c18a60d45888295bb8cf344e076d84ef817a65a5.tar.bz2 openbsd-c18a60d45888295bb8cf344e076d84ef817a65a5.zip | |
Improve TLSv1.3 state machine for HelloRetryRequest handling.
The state machine currently handles the HelloRetryRequest case by using
WITH_HRR - in other words, we're explicitly indicating when we transition
to the alternate path. The problem here is that we do not know if we're
going to receive a ServerHello or a HelloRetryRequest until we process
the message. This means that the ServerHello processing code has to handle
both types of messages.
The state machine and associated processing code becomes cleaner if we flip
this around so that we assume we are going to receive a HelloRetryRequest
and upon discovering that it is not, trigger WITHOUT_HRR and hand off to
the ServerHello processing function. In particular, this makes the logic
much more straight forward on the server side, when adding support for HRR.
With feedback from tb@
ok tb@
Diffstat (limited to 'src/lib/libssl/tls13_handshake.c')
| -rw-r--r-- | src/lib/libssl/tls13_handshake.c | 34 |
1 files changed, 18 insertions, 16 deletions
diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c index 51585d31ba..86046144de 100644 --- a/src/lib/libssl/tls13_handshake.c +++ b/src/lib/libssl/tls13_handshake.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_handshake.c,v 1.52 2020/03/10 17:15:02 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_handshake.c,v 1.53 2020/04/22 17:05:07 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org> | 3 | * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org> |
| 4 | * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> | 4 | * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> |
| @@ -96,11 +96,11 @@ struct tls13_handshake_action state_machine[] = { | |||
| 96 | .sent = tls13_server_hello_sent, | 96 | .sent = tls13_server_hello_sent, |
| 97 | .recv = tls13_server_hello_recv, | 97 | .recv = tls13_server_hello_recv, |
| 98 | }, | 98 | }, |
| 99 | [SERVER_HELLO_RETRY] = { | 99 | [SERVER_HELLO_RETRY_REQUEST] = { |
| 100 | .handshake_type = TLS13_MT_SERVER_HELLO, | 100 | .handshake_type = TLS13_MT_SERVER_HELLO, |
| 101 | .sender = TLS13_HS_SERVER, | 101 | .sender = TLS13_HS_SERVER, |
| 102 | .send = tls13_server_hello_retry_send, | 102 | .send = tls13_server_hello_retry_request_send, |
| 103 | .recv = tls13_server_hello_retry_recv, | 103 | .recv = tls13_server_hello_retry_request_recv, |
| 104 | }, | 104 | }, |
| 105 | [SERVER_ENCRYPTED_EXTENSIONS] = { | 105 | [SERVER_ENCRYPTED_EXTENSIONS] = { |
| 106 | .handshake_type = TLS13_MT_ENCRYPTED_EXTENSIONS, | 106 | .handshake_type = TLS13_MT_ENCRYPTED_EXTENSIONS, |
| @@ -145,10 +145,14 @@ struct tls13_handshake_action state_machine[] = { | |||
| 145 | enum tls13_message_type handshakes[][TLS13_NUM_MESSAGE_TYPES] = { | 145 | enum tls13_message_type handshakes[][TLS13_NUM_MESSAGE_TYPES] = { |
| 146 | [INITIAL] = { | 146 | [INITIAL] = { |
| 147 | CLIENT_HELLO, | 147 | CLIENT_HELLO, |
| 148 | SERVER_HELLO_RETRY_REQUEST, | ||
| 149 | CLIENT_HELLO_RETRY, | ||
| 148 | SERVER_HELLO, | 150 | SERVER_HELLO, |
| 149 | }, | 151 | }, |
| 150 | [NEGOTIATED] = { | 152 | [NEGOTIATED] = { |
| 151 | CLIENT_HELLO, | 153 | CLIENT_HELLO, |
| 154 | SERVER_HELLO_RETRY_REQUEST, | ||
| 155 | CLIENT_HELLO_RETRY, | ||
| 152 | SERVER_HELLO, | 156 | SERVER_HELLO, |
| 153 | SERVER_ENCRYPTED_EXTENSIONS, | 157 | SERVER_ENCRYPTED_EXTENSIONS, |
| 154 | SERVER_CERTIFICATE_REQUEST, | 158 | SERVER_CERTIFICATE_REQUEST, |
| @@ -159,11 +163,9 @@ enum tls13_message_type handshakes[][TLS13_NUM_MESSAGE_TYPES] = { | |||
| 159 | CLIENT_FINISHED, | 163 | CLIENT_FINISHED, |
| 160 | APPLICATION_DATA, | 164 | APPLICATION_DATA, |
| 161 | }, | 165 | }, |
| 162 | [NEGOTIATED | WITH_HRR] = { | 166 | [NEGOTIATED | WITHOUT_HRR] = { |
| 163 | CLIENT_HELLO, | 167 | CLIENT_HELLO, |
| 164 | SERVER_HELLO, | 168 | SERVER_HELLO, |
| 165 | CLIENT_HELLO_RETRY, | ||
| 166 | SERVER_HELLO_RETRY, | ||
| 167 | SERVER_ENCRYPTED_EXTENSIONS, | 169 | SERVER_ENCRYPTED_EXTENSIONS, |
| 168 | SERVER_CERTIFICATE_REQUEST, | 170 | SERVER_CERTIFICATE_REQUEST, |
| 169 | SERVER_CERTIFICATE, | 171 | SERVER_CERTIFICATE, |
| @@ -175,6 +177,8 @@ enum tls13_message_type handshakes[][TLS13_NUM_MESSAGE_TYPES] = { | |||
| 175 | }, | 177 | }, |
| 176 | [NEGOTIATED | WITHOUT_CR] = { | 178 | [NEGOTIATED | WITHOUT_CR] = { |
| 177 | CLIENT_HELLO, | 179 | CLIENT_HELLO, |
| 180 | SERVER_HELLO_RETRY_REQUEST, | ||
| 181 | CLIENT_HELLO_RETRY, | ||
| 178 | SERVER_HELLO, | 182 | SERVER_HELLO, |
| 179 | SERVER_ENCRYPTED_EXTENSIONS, | 183 | SERVER_ENCRYPTED_EXTENSIONS, |
| 180 | SERVER_CERTIFICATE, | 184 | SERVER_CERTIFICATE, |
| @@ -183,11 +187,9 @@ enum tls13_message_type handshakes[][TLS13_NUM_MESSAGE_TYPES] = { | |||
| 183 | CLIENT_FINISHED, | 187 | CLIENT_FINISHED, |
| 184 | APPLICATION_DATA, | 188 | APPLICATION_DATA, |
| 185 | }, | 189 | }, |
| 186 | [NEGOTIATED | WITH_HRR | WITHOUT_CR] = { | 190 | [NEGOTIATED | WITHOUT_HRR | WITHOUT_CR] = { |
| 187 | CLIENT_HELLO, | 191 | CLIENT_HELLO, |
| 188 | SERVER_HELLO, | 192 | SERVER_HELLO, |
| 189 | CLIENT_HELLO_RETRY, | ||
| 190 | SERVER_HELLO_RETRY, | ||
| 191 | SERVER_ENCRYPTED_EXTENSIONS, | 193 | SERVER_ENCRYPTED_EXTENSIONS, |
| 192 | SERVER_CERTIFICATE, | 194 | SERVER_CERTIFICATE, |
| 193 | SERVER_CERTIFICATE_VERIFY, | 195 | SERVER_CERTIFICATE_VERIFY, |
| @@ -197,17 +199,17 @@ enum tls13_message_type handshakes[][TLS13_NUM_MESSAGE_TYPES] = { | |||
| 197 | }, | 199 | }, |
| 198 | [NEGOTIATED | WITH_PSK] = { | 200 | [NEGOTIATED | WITH_PSK] = { |
| 199 | CLIENT_HELLO, | 201 | CLIENT_HELLO, |
| 202 | SERVER_HELLO_RETRY_REQUEST, | ||
| 203 | CLIENT_HELLO_RETRY, | ||
| 200 | SERVER_HELLO, | 204 | SERVER_HELLO, |
| 201 | SERVER_ENCRYPTED_EXTENSIONS, | 205 | SERVER_ENCRYPTED_EXTENSIONS, |
| 202 | SERVER_FINISHED, | 206 | SERVER_FINISHED, |
| 203 | CLIENT_FINISHED, | 207 | CLIENT_FINISHED, |
| 204 | APPLICATION_DATA, | 208 | APPLICATION_DATA, |
| 205 | }, | 209 | }, |
| 206 | [NEGOTIATED | WITH_HRR | WITH_PSK] = { | 210 | [NEGOTIATED | WITHOUT_HRR | WITH_PSK] = { |
| 207 | CLIENT_HELLO, | 211 | CLIENT_HELLO, |
| 208 | SERVER_HELLO, | 212 | SERVER_HELLO, |
| 209 | CLIENT_HELLO_RETRY, | ||
| 210 | SERVER_HELLO_RETRY, | ||
| 211 | SERVER_ENCRYPTED_EXTENSIONS, | 213 | SERVER_ENCRYPTED_EXTENSIONS, |
| 212 | SERVER_FINISHED, | 214 | SERVER_FINISHED, |
| 213 | CLIENT_FINISHED, | 215 | CLIENT_FINISHED, |
| @@ -215,6 +217,8 @@ enum tls13_message_type handshakes[][TLS13_NUM_MESSAGE_TYPES] = { | |||
| 215 | }, | 217 | }, |
| 216 | [NEGOTIATED | WITH_CCV] = { | 218 | [NEGOTIATED | WITH_CCV] = { |
| 217 | CLIENT_HELLO, | 219 | CLIENT_HELLO, |
| 220 | SERVER_HELLO_RETRY_REQUEST, | ||
| 221 | CLIENT_HELLO_RETRY, | ||
| 218 | SERVER_HELLO, | 222 | SERVER_HELLO, |
| 219 | SERVER_ENCRYPTED_EXTENSIONS, | 223 | SERVER_ENCRYPTED_EXTENSIONS, |
| 220 | SERVER_CERTIFICATE_REQUEST, | 224 | SERVER_CERTIFICATE_REQUEST, |
| @@ -226,11 +230,9 @@ enum tls13_message_type handshakes[][TLS13_NUM_MESSAGE_TYPES] = { | |||
| 226 | CLIENT_FINISHED, | 230 | CLIENT_FINISHED, |
| 227 | APPLICATION_DATA, | 231 | APPLICATION_DATA, |
| 228 | }, | 232 | }, |
| 229 | [NEGOTIATED | WITH_HRR | WITH_CCV] = { | 233 | [NEGOTIATED | WITHOUT_HRR | WITH_CCV] = { |
| 230 | CLIENT_HELLO, | 234 | CLIENT_HELLO, |
| 231 | SERVER_HELLO, | 235 | SERVER_HELLO, |
| 232 | CLIENT_HELLO_RETRY, | ||
| 233 | SERVER_HELLO_RETRY, | ||
| 234 | SERVER_ENCRYPTED_EXTENSIONS, | 236 | SERVER_ENCRYPTED_EXTENSIONS, |
| 235 | SERVER_CERTIFICATE_REQUEST, | 237 | SERVER_CERTIFICATE_REQUEST, |
| 236 | SERVER_CERTIFICATE, | 238 | SERVER_CERTIFICATE, |