diff options
Diffstat (limited to 'src/lib/libssl/tls13_handshake.c')
| -rw-r--r-- | src/lib/libssl/tls13_handshake.c | 58 |
1 files changed, 28 insertions, 30 deletions
diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c index df832e0569..c2ec287f73 100644 --- a/src/lib/libssl/tls13_handshake.c +++ b/src/lib/libssl/tls13_handshake.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_handshake.c,v 1.4 2018/11/09 23:54:57 tb Exp $ */ | 1 | /* $OpenBSD: tls13_handshake.c,v 1.5 2018/11/10 00:38:31 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> | 3 | * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> |
| 4 | * | 4 | * |
| @@ -38,8 +38,6 @@ struct tls13_handshake { | |||
| 38 | 38 | ||
| 39 | struct tls13_ctx { | 39 | struct tls13_ctx { |
| 40 | uint8_t mode; | 40 | uint8_t mode; |
| 41 | #define TLS13_HS_MODE_CLIENT 0 | ||
| 42 | #define TLS13_HS_MODE_SERVER 1 | ||
| 43 | struct tls13_handshake handshake; | 41 | struct tls13_handshake handshake; |
| 44 | }; | 42 | }; |
| 45 | 43 | ||
| @@ -48,9 +46,9 @@ struct tls13_handshake_action { | |||
| 48 | uint8_t handshake_type; | 46 | uint8_t handshake_type; |
| 49 | 47 | ||
| 50 | uint8_t sender; | 48 | uint8_t sender; |
| 51 | #define TLS13_HS_CLIENT_SENDS 1 | 49 | #define TLS13_HS_CLIENT 1 |
| 52 | #define TLS13_HS_SERVER_SENDS 2 | 50 | #define TLS13_HS_SERVER 2 |
| 53 | #define TLS13_HS_BOTH_SEND (TLS13_HS_CLIENT_SENDS | TLS13_HS_SERVER_SENDS) | 51 | #define TLS13_HS_BOTH (TLS13_HS_CLIENT | TLS13_HS_SERVER) |
| 54 | 52 | ||
| 55 | int (*send)(struct tls13_ctx *ctx); | 53 | int (*send)(struct tls13_ctx *ctx); |
| 56 | int (*recv)(struct tls13_ctx *ctx); | 54 | int (*recv)(struct tls13_ctx *ctx); |
| @@ -91,119 +89,119 @@ struct tls13_handshake_action state_machine[] = { | |||
| 91 | [CLIENT_HELLO] = { | 89 | [CLIENT_HELLO] = { |
| 92 | .record_type = TLS13_HANDSHAKE, | 90 | .record_type = TLS13_HANDSHAKE, |
| 93 | .handshake_type = TLS13_MT_CLIENT_HELLO, | 91 | .handshake_type = TLS13_MT_CLIENT_HELLO, |
| 94 | .sender = TLS13_HS_CLIENT_SENDS, | 92 | .sender = TLS13_HS_CLIENT, |
| 95 | .send = tls13_client_hello_send, | 93 | .send = tls13_client_hello_send, |
| 96 | .recv = tls13_client_hello_recv, | 94 | .recv = tls13_client_hello_recv, |
| 97 | }, | 95 | }, |
| 98 | [CLIENT_HELLO_RETRY] = { | 96 | [CLIENT_HELLO_RETRY] = { |
| 99 | .record_type = TLS13_HANDSHAKE, | 97 | .record_type = TLS13_HANDSHAKE, |
| 100 | .handshake_type = TLS13_MT_CLIENT_HELLO, | 98 | .handshake_type = TLS13_MT_CLIENT_HELLO, |
| 101 | .sender = TLS13_HS_CLIENT_SENDS, | 99 | .sender = TLS13_HS_CLIENT, |
| 102 | .send = tls13_client_hello_retry_send, | 100 | .send = tls13_client_hello_retry_send, |
| 103 | .recv = tls13_client_hello_retry_recv, | 101 | .recv = tls13_client_hello_retry_recv, |
| 104 | }, | 102 | }, |
| 105 | [CLIENT_END_OF_EARLY_DATA] = { | 103 | [CLIENT_END_OF_EARLY_DATA] = { |
| 106 | .record_type = TLS13_HANDSHAKE, | 104 | .record_type = TLS13_HANDSHAKE, |
| 107 | .handshake_type = TLS13_MT_END_OF_EARLY_DATA, | 105 | .handshake_type = TLS13_MT_END_OF_EARLY_DATA, |
| 108 | .sender = TLS13_HS_CLIENT_SENDS, | 106 | .sender = TLS13_HS_CLIENT, |
| 109 | .send = tls13_client_end_of_early_data_send, | 107 | .send = tls13_client_end_of_early_data_send, |
| 110 | .recv = tls13_client_end_of_early_data_recv, | 108 | .recv = tls13_client_end_of_early_data_recv, |
| 111 | }, | 109 | }, |
| 112 | [CLIENT_CERTIFICATE] = { | 110 | [CLIENT_CERTIFICATE] = { |
| 113 | .record_type = TLS13_HANDSHAKE, | 111 | .record_type = TLS13_HANDSHAKE, |
| 114 | .handshake_type = TLS13_MT_CERTIFICATE, | 112 | .handshake_type = TLS13_MT_CERTIFICATE, |
| 115 | .sender = TLS13_HS_CLIENT_SENDS, | 113 | .sender = TLS13_HS_CLIENT, |
| 116 | .send = tls13_client_certificate_send, | 114 | .send = tls13_client_certificate_send, |
| 117 | .recv = tls13_client_certificate_recv, | 115 | .recv = tls13_client_certificate_recv, |
| 118 | }, | 116 | }, |
| 119 | [CLIENT_CERTIFICATE_VERIFY] = { | 117 | [CLIENT_CERTIFICATE_VERIFY] = { |
| 120 | .record_type = TLS13_HANDSHAKE, | 118 | .record_type = TLS13_HANDSHAKE, |
| 121 | .handshake_type = TLS13_MT_CERTIFICATE_VERIFY, | 119 | .handshake_type = TLS13_MT_CERTIFICATE_VERIFY, |
| 122 | .sender = TLS13_HS_CLIENT_SENDS, | 120 | .sender = TLS13_HS_CLIENT, |
| 123 | .send = tls13_client_certificate_verify_send, | 121 | .send = tls13_client_certificate_verify_send, |
| 124 | .recv = tls13_client_certificate_verify_recv, | 122 | .recv = tls13_client_certificate_verify_recv, |
| 125 | }, | 123 | }, |
| 126 | [CLIENT_FINISHED] = { | 124 | [CLIENT_FINISHED] = { |
| 127 | .record_type = TLS13_HANDSHAKE, | 125 | .record_type = TLS13_HANDSHAKE, |
| 128 | .handshake_type = TLS13_MT_FINISHED, | 126 | .handshake_type = TLS13_MT_FINISHED, |
| 129 | .sender = TLS13_HS_CLIENT_SENDS, | 127 | .sender = TLS13_HS_CLIENT, |
| 130 | .send = tls13_client_finished_send, | 128 | .send = tls13_client_finished_send, |
| 131 | .recv = tls13_client_finished_recv, | 129 | .recv = tls13_client_finished_recv, |
| 132 | }, | 130 | }, |
| 133 | [CLIENT_KEY_UPDATE] = { | 131 | [CLIENT_KEY_UPDATE] = { |
| 134 | .record_type = TLS13_HANDSHAKE, | 132 | .record_type = TLS13_HANDSHAKE, |
| 135 | .handshake_type = TLS13_MT_KEY_UPDATE, | 133 | .handshake_type = TLS13_MT_KEY_UPDATE, |
| 136 | .sender = TLS13_HS_CLIENT_SENDS, | 134 | .sender = TLS13_HS_CLIENT, |
| 137 | .send = tls13_client_key_update_send, | 135 | .send = tls13_client_key_update_send, |
| 138 | .recv = tls13_client_key_update_recv, | 136 | .recv = tls13_client_key_update_recv, |
| 139 | }, | 137 | }, |
| 140 | [SERVER_HELLO] = { | 138 | [SERVER_HELLO] = { |
| 141 | .record_type = TLS13_HANDSHAKE, | 139 | .record_type = TLS13_HANDSHAKE, |
| 142 | .handshake_type = TLS13_MT_SERVER_HELLO, | 140 | .handshake_type = TLS13_MT_SERVER_HELLO, |
| 143 | .sender = TLS13_HS_SERVER_SENDS, | 141 | .sender = TLS13_HS_SERVER, |
| 144 | .send = tls13_server_hello_send, | 142 | .send = tls13_server_hello_send, |
| 145 | .recv = tls13_server_hello_recv, | 143 | .recv = tls13_server_hello_recv, |
| 146 | }, | 144 | }, |
| 147 | [SERVER_NEW_SESSION_TICKET] = { | 145 | [SERVER_NEW_SESSION_TICKET] = { |
| 148 | .record_type = TLS13_HANDSHAKE, | 146 | .record_type = TLS13_HANDSHAKE, |
| 149 | .handshake_type = TLS13_MT_NEW_SESSION_TICKET, | 147 | .handshake_type = TLS13_MT_NEW_SESSION_TICKET, |
| 150 | .sender = TLS13_HS_SERVER_SENDS, | 148 | .sender = TLS13_HS_SERVER, |
| 151 | .send = tls13_server_new_session_ticket_send, | 149 | .send = tls13_server_new_session_ticket_send, |
| 152 | .recv = tls13_server_new_session_ticket_recv, | 150 | .recv = tls13_server_new_session_ticket_recv, |
| 153 | }, | 151 | }, |
| 154 | [SERVER_ENCRYPTED_EXTENSIONS] = { | 152 | [SERVER_ENCRYPTED_EXTENSIONS] = { |
| 155 | .record_type = TLS13_HANDSHAKE, | 153 | .record_type = TLS13_HANDSHAKE, |
| 156 | .handshake_type = TLS13_MT_ENCRYPTED_EXTENSIONS, | 154 | .handshake_type = TLS13_MT_ENCRYPTED_EXTENSIONS, |
| 157 | .sender = TLS13_HS_SERVER_SENDS, | 155 | .sender = TLS13_HS_SERVER, |
| 158 | .send = tls13_server_encrypted_extensions_send, | 156 | .send = tls13_server_encrypted_extensions_send, |
| 159 | .recv = tls13_server_encrypted_extensions_recv, | 157 | .recv = tls13_server_encrypted_extensions_recv, |
| 160 | }, | 158 | }, |
| 161 | [SERVER_CERTIFICATE] = { | 159 | [SERVER_CERTIFICATE] = { |
| 162 | .record_type = TLS13_HANDSHAKE, | 160 | .record_type = TLS13_HANDSHAKE, |
| 163 | .handshake_type = TLS13_MT_CERTIFICATE, | 161 | .handshake_type = TLS13_MT_CERTIFICATE, |
| 164 | .sender = TLS13_HS_SERVER_SENDS, | 162 | .sender = TLS13_HS_SERVER, |
| 165 | .send = tls13_server_certificate_send, | 163 | .send = tls13_server_certificate_send, |
| 166 | .recv = tls13_server_certificate_recv, | 164 | .recv = tls13_server_certificate_recv, |
| 167 | }, | 165 | }, |
| 168 | [SERVER_CERTIFICATE_REQUEST] = { | 166 | [SERVER_CERTIFICATE_REQUEST] = { |
| 169 | .record_type = TLS13_HANDSHAKE, | 167 | .record_type = TLS13_HANDSHAKE, |
| 170 | .handshake_type = TLS13_MT_CERTIFICATE, | 168 | .handshake_type = TLS13_MT_CERTIFICATE, |
| 171 | .sender = TLS13_HS_SERVER_SENDS, | 169 | .sender = TLS13_HS_SERVER, |
| 172 | .send = tls13_server_certificate_request_send, | 170 | .send = tls13_server_certificate_request_send, |
| 173 | .recv = tls13_server_certificate_request_recv, | 171 | .recv = tls13_server_certificate_request_recv, |
| 174 | }, | 172 | }, |
| 175 | [SERVER_CERTIFICATE_VERIFY] = { | 173 | [SERVER_CERTIFICATE_VERIFY] = { |
| 176 | .record_type = TLS13_HANDSHAKE, | 174 | .record_type = TLS13_HANDSHAKE, |
| 177 | .handshake_type = TLS13_MT_CERTIFICATE_VERIFY, | 175 | .handshake_type = TLS13_MT_CERTIFICATE_VERIFY, |
| 178 | .sender = TLS13_HS_SERVER_SENDS, | 176 | .sender = TLS13_HS_SERVER, |
| 179 | .send = tls13_server_certificate_verify_send, | 177 | .send = tls13_server_certificate_verify_send, |
| 180 | .recv = tls13_server_certificate_verify_recv, | 178 | .recv = tls13_server_certificate_verify_recv, |
| 181 | }, | 179 | }, |
| 182 | [SERVER_FINISHED] = { | 180 | [SERVER_FINISHED] = { |
| 183 | .record_type = TLS13_HANDSHAKE, | 181 | .record_type = TLS13_HANDSHAKE, |
| 184 | .handshake_type = TLS13_MT_FINISHED, | 182 | .handshake_type = TLS13_MT_FINISHED, |
| 185 | .sender = TLS13_HS_SERVER_SENDS, | 183 | .sender = TLS13_HS_SERVER, |
| 186 | .send = tls13_server_finished_send, | 184 | .send = tls13_server_finished_send, |
| 187 | .recv = tls13_server_finished_recv, | 185 | .recv = tls13_server_finished_recv, |
| 188 | }, | 186 | }, |
| 189 | [SERVER_KEY_UPDATE] = { | 187 | [SERVER_KEY_UPDATE] = { |
| 190 | .record_type = TLS13_HANDSHAKE, | 188 | .record_type = TLS13_HANDSHAKE, |
| 191 | .handshake_type = TLS13_MT_KEY_UPDATE, | 189 | .handshake_type = TLS13_MT_KEY_UPDATE, |
| 192 | .sender = TLS13_HS_SERVER_SENDS, | 190 | .sender = TLS13_HS_SERVER, |
| 193 | .send = tls13_server_key_update_send, | 191 | .send = tls13_server_key_update_send, |
| 194 | .recv = tls13_server_key_update_recv, | 192 | .recv = tls13_server_key_update_recv, |
| 195 | }, | 193 | }, |
| 196 | [SERVER_MESSAGE_HASH] = { | 194 | [SERVER_MESSAGE_HASH] = { |
| 197 | .record_type = TLS13_HANDSHAKE, | 195 | .record_type = TLS13_HANDSHAKE, |
| 198 | .handshake_type = TLS13_MT_MESSAGE_HASH, | 196 | .handshake_type = TLS13_MT_MESSAGE_HASH, |
| 199 | .sender = TLS13_HS_SERVER_SENDS, | 197 | .sender = TLS13_HS_SERVER, |
| 200 | .send = tls13_server_message_hash_send, | 198 | .send = tls13_server_message_hash_send, |
| 201 | .recv = tls13_server_message_hash_recv, | 199 | .recv = tls13_server_message_hash_recv, |
| 202 | }, | 200 | }, |
| 203 | [APPLICATION_DATA] = { | 201 | [APPLICATION_DATA] = { |
| 204 | .record_type = TLS13_APPLICATION_DATA, | 202 | .record_type = TLS13_APPLICATION_DATA, |
| 205 | .handshake_type = 0, | 203 | .handshake_type = 0, |
| 206 | .sender = TLS13_HS_BOTH_SEND, | 204 | .sender = TLS13_HS_BOTH, |
| 207 | .send = NULL, | 205 | .send = NULL, |
| 208 | .recv = NULL, | 206 | .recv = NULL, |
| 209 | }, | 207 | }, |
| @@ -294,10 +292,10 @@ tls13_handshake_get_sender(struct tls13_ctx *ctx) | |||
| 294 | int | 292 | int |
| 295 | tls13_connect(struct tls13_ctx *ctx) | 293 | tls13_connect(struct tls13_ctx *ctx) |
| 296 | { | 294 | { |
| 297 | ctx->mode = TLS13_HS_MODE_CLIENT; | 295 | ctx->mode = TLS13_HS_CLIENT; |
| 298 | 296 | ||
| 299 | while (tls13_handshake_get_sender(ctx) != TLS13_HS_BOTH_SEND) { | 297 | while (tls13_handshake_get_sender(ctx) != TLS13_HS_BOTH) { |
| 300 | if (tls13_handshake_get_sender(ctx) == TLS13_HS_CLIENT_SENDS) { | 298 | if (tls13_handshake_get_sender(ctx) == TLS13_HS_CLIENT) { |
| 301 | if (!tls13_handshake_send_action(ctx)) | 299 | if (!tls13_handshake_send_action(ctx)) |
| 302 | return 0; | 300 | return 0; |
| 303 | } else { | 301 | } else { |
| @@ -314,10 +312,10 @@ tls13_connect(struct tls13_ctx *ctx) | |||
| 314 | int | 312 | int |
| 315 | tls13_accept(struct tls13_ctx *ctx) | 313 | tls13_accept(struct tls13_ctx *ctx) |
| 316 | { | 314 | { |
| 317 | ctx->mode = TLS13_HS_MODE_SERVER; | 315 | ctx->mode = TLS13_HS_SERVER; |
| 318 | 316 | ||
| 319 | while (tls13_handshake_get_sender(ctx) != TLS13_HS_BOTH_SEND) { | 317 | while (tls13_handshake_get_sender(ctx) != TLS13_HS_BOTH) { |
| 320 | if (tls13_handshake_get_sender(ctx) == TLS13_HS_SERVER_SENDS) { | 318 | if (tls13_handshake_get_sender(ctx) == TLS13_HS_SERVER) { |
| 321 | if (!tls13_handshake_send_action(ctx)) | 319 | if (!tls13_handshake_send_action(ctx)) |
| 322 | return 0; | 320 | return 0; |
| 323 | } else { | 321 | } else { |
| @@ -334,7 +332,7 @@ tls13_accept(struct tls13_ctx *ctx) | |||
| 334 | int | 332 | int |
| 335 | tls13_handshake_advance_state_machine(struct tls13_ctx *ctx) | 333 | tls13_handshake_advance_state_machine(struct tls13_ctx *ctx) |
| 336 | { | 334 | { |
| 337 | if (tls13_handshake_get_sender(ctx) == TLS13_HS_BOTH_SEND) | 335 | if (tls13_handshake_get_sender(ctx) == TLS13_HS_BOTH) |
| 338 | return 0; | 336 | return 0; |
| 339 | ctx->handshake.message_number++; | 337 | ctx->handshake.message_number++; |
| 340 | return 1; | 338 | return 1; |