3 files changed, 607 insertions, 4 deletions
diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile
index 762ca0d18d..3969b453a5 100644
--- a/src/lib/libssl/Makefile
+++ b/src/lib/libssl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.41 2018/11/07 19:43:12 beck Exp $
+# $OpenBSD: Makefile,v 1.42 2018/11/08 23:54:59 tb Exp $
 .include <bsd.own.mk>
 .ifndef NOMAN
@@ -34,7 +34,7 @@ SRCS= \
        ssl_asn1.c ssl_txt.c ssl_algs.c \
        bio_ssl.c ssl_err.c ssl_methods.c \
        ssl_packet.c ssl_tlsext.c ssl_versions.c pqueue.c ssl_init.c \
-        tls13_key_schedule.c
+        tls13_handshake.c tls13_key_schedule.c
 SRCS+=  s3_cbc.c
 SRCS+=  bs_ber.c bs_cbb.c bs_cbs.c
diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c
new file mode 100644
index 0000000000..e383d969f3
--- /dev/null
+++ b/src/lib/libssl/tls13_handshake.c
@@ -0,0 +1,538 @@
+/*      $OpenBSD: tls13_handshake.c,v 1.1 2018/11/08 23:54:59 tb Exp $  */
+/*
+ * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <stddef.h>
+#include "tls13_internal.h"
+/* Based on RFC 8446 and inspired by s2n's TLS 1.2 state machine. */
+/* Record types */
+#define TLS13_HANDSHAKE         1
+#define TLS13_APPLICATION_DATA  2
+/* Indexing into the state machine */
+struct tls13_handshake {
+        uint8_t                 hs_type;
+#define INITIAL                         0x00
+#define NEGOTIATED                      0x01
+#define WITH_CERT_REQ                   0x02
+#define WITH_HELLO_RET_REQ              0x04
+#define WITH_PSK                        0x08
+        int                     message_number;
+};
+struct tls13_ctx {
+        uint8_t                 mode;
+#define TLS13_HS_MODE_CLIENT    0
+#define TLS13_HS_MODE_SERVER    1
+        struct tls13_handshake  handshake;
+};
+struct tls13_handshake_action {
+        uint8_t                 record_type;
+        uint8_t                 handshake_type;
+        uint8_t                 writer;
+#define TLS13_HS_CLIENT_WRITES  1
+#define TLS13_HS_SERVER_WRITES  2
+#define TLS13_HS_BOTH_WRITE     (TLS13_HS_CLIENT_WRITES|TLS13_HS_SERVER_WRITES)
+        int                     (*handler[2])(struct tls13_ctx *ctx);
+};
+enum tls13_message_type tls13_handshake_active_state(struct tls13_ctx *ctx);
+int tls13_handshake_get_writer(struct tls13_ctx *ctx);
+int tls13_advance_state_machine(struct tls13_ctx *ctx);
+int tls13_connect(struct tls13_ctx *ctx);
+int tls13_accept(struct tls13_ctx *ctx);
+int tls13_handshake_advance_state_machine(struct tls13_ctx *ctx);
+int tls13_handshake_write_action(struct tls13_ctx *ctx);
+int tls13_handshake_read_action(struct tls13_ctx *ctx);
+enum tls13_message_type {
+        CLIENT_HELLO,
+        CLIENT_HELLO_RETRY,
+        CLIENT_END_OF_EARLY_DATA,
+        CLIENT_CERTIFICATE,
+        CLIENT_CERTIFICATE_VERIFY,
+        CLIENT_FINISHED,
+        CLIENT_KEY_UPDATE,
+        SERVER_HELLO,
+        SERVER_NEW_SESSION_TICKET,
+        SERVER_ENCRYPTED_EXTENSIONS,
+        SERVER_CERTIFICATE,
+        SERVER_CERTIFICATE_VERIFY,
+        SERVER_CERTIFICATE_REQUEST,
+        SERVER_FINISHED,
+        SERVER_KEY_UPDATE,
+        SERVER_MESSAGE_HASH,
+        APPLICATION_DATA,
+};
+struct tls13_handshake_action state_machine[] = {
+        [CLIENT_HELLO] = {
+                TLS13_HANDSHAKE,
+                TLS13_MT_CLIENT_HELLO,
+                TLS13_HS_CLIENT_WRITES,
+                {tls13_client_hello_send, tls13_client_hello_recv},
+        },
+        [CLIENT_HELLO_RETRY] = {
+                TLS13_HANDSHAKE,
+                TLS13_MT_CLIENT_HELLO,
+                TLS13_HS_CLIENT_WRITES,
+                {tls13_client_hello_retry_send, tls13_client_hello_retry_recv},
+        },
+        [CLIENT_END_OF_EARLY_DATA] = {
+                TLS13_HANDSHAKE,
+                TLS13_MT_END_OF_EARLY_DATA,
+                TLS13_HS_CLIENT_WRITES,
+                {tls13_client_end_of_early_data_send,
+                    tls13_client_end_of_early_data_recv},
+        },
+        [CLIENT_CERTIFICATE] = {
+                TLS13_HANDSHAKE,
+                TLS13_MT_CERTIFICATE,
+                TLS13_HS_CLIENT_WRITES,
+                {tls13_client_certificate_send,
+                    tls13_client_certificate_recv},
+        },
+        [CLIENT_CERTIFICATE_VERIFY] = {
+                TLS13_HANDSHAKE,
+                TLS13_MT_CERTIFICATE_VERIFY,
+                TLS13_HS_CLIENT_WRITES,
+                {tls13_client_certificate_verify_send,
+                    tls13_client_certificate_verify_recv},
+        },
+        [CLIENT_FINISHED] = {
+                TLS13_HANDSHAKE,
+                TLS13_MT_FINISHED,
+                TLS13_HS_CLIENT_WRITES,
+                {tls13_client_finished_recv, tls13_client_finished_send}
+        },
+        [CLIENT_KEY_UPDATE] = {
+                TLS13_HANDSHAKE,
+                TLS13_MT_KEY_UPDATE,
+                TLS13_HS_CLIENT_WRITES,
+                {tls13_client_key_update_send, tls13_client_key_update_recv},
+        },
+        [SERVER_HELLO] = {
+                TLS13_HANDSHAKE,
+                TLS13_MT_SERVER_HELLO,
+                TLS13_HS_SERVER_WRITES,
+                {tls13_server_hello_recv, tls13_server_hello_send},
+        },
+        [SERVER_NEW_SESSION_TICKET] = {
+                TLS13_HANDSHAKE,
+                TLS13_MT_NEW_SESSION_TICKET,
+                TLS13_HS_SERVER_WRITES,
+                {tls13_server_new_session_ticket_recv,
+                    tls13_server_new_session_ticket_send},
+        },
+        [SERVER_ENCRYPTED_EXTENSIONS] = {
+                TLS13_HANDSHAKE,
+                TLS13_MT_ENCRYPTED_EXTENSIONS,
+                TLS13_HS_SERVER_WRITES,
+                {tls13_server_encrypted_extensions_recv,
+                    tls13_server_encrypted_extensions_send},
+        },
+        [SERVER_CERTIFICATE] = {
+                TLS13_HANDSHAKE,
+                TLS13_MT_CERTIFICATE,
+                TLS13_HS_SERVER_WRITES,
+                {tls13_server_certificate_recv, tls13_server_certificate_send},
+        },
+        [SERVER_CERTIFICATE_REQUEST] = {
+                TLS13_HANDSHAKE,
+                TLS13_MT_CERTIFICATE,
+                TLS13_HS_SERVER_WRITES,
+                {tls13_server_certificate_request_recv,
+                    tls13_server_certificate_request_send},
+        },
+        [SERVER_CERTIFICATE_VERIFY] = {
+                TLS13_HANDSHAKE,
+                TLS13_MT_CERTIFICATE_VERIFY,
+                TLS13_HS_SERVER_WRITES,
+                {tls13_server_certificate_verify_send,
+                    tls13_server_certificate_verify_recv},
+        },
+        [SERVER_FINISHED] = {
+                TLS13_HANDSHAKE,
+                TLS13_MT_FINISHED,
+                TLS13_HS_SERVER_WRITES,
+                {tls13_server_finished_recv, tls13_server_finished_send}
+        },
+        [SERVER_KEY_UPDATE] = {
+                TLS13_HANDSHAKE,
+                TLS13_MT_KEY_UPDATE,
+                TLS13_HS_SERVER_WRITES,
+                {tls13_server_key_update_recv, tls13_server_key_update_send},
+        },
+        [SERVER_MESSAGE_HASH] = {
+                TLS13_HANDSHAKE,
+                TLS13_MT_MESSAGE_HASH,
+                TLS13_HS_SERVER_WRITES,
+                {tls13_server_message_hash_recv,
+                    tls13_server_message_hash_send},
+        },
+        [APPLICATION_DATA] = {
+                TLS13_APPLICATION_DATA,
+                0,
+                TLS13_HS_BOTH_WRITE,
+                {NULL, NULL},
+        },
+};
+static enum tls13_message_type handshakes[][16] = {
+        [INITIAL] = {
+                CLIENT_HELLO,
+                SERVER_HELLO,
+        },
+        [NEGOTIATED] = {
+                CLIENT_HELLO,
+                SERVER_HELLO, 
+                SERVER_ENCRYPTED_EXTENSIONS,
+                SERVER_CERTIFICATE,
+                SERVER_CERTIFICATE_VERIFY,
+                SERVER_FINISHED,
+                CLIENT_FINISHED,
+                APPLICATION_DATA,
+        },
+        [NEGOTIATED | WITH_HELLO_RET_REQ] = {
+                CLIENT_HELLO,
+                SERVER_HELLO, 
+                CLIENT_HELLO_RETRY,
+                SERVER_ENCRYPTED_EXTENSIONS,
+                SERVER_CERTIFICATE,
+                SERVER_CERTIFICATE_VERIFY,
+                SERVER_FINISHED,
+                CLIENT_FINISHED,
+                APPLICATION_DATA,
+        },
+        [NEGOTIATED | WITH_CERT_REQ] = {
+                CLIENT_HELLO,
+                SERVER_HELLO, 
+                SERVER_ENCRYPTED_EXTENSIONS,
+                SERVER_CERTIFICATE_REQUEST,
+                SERVER_CERTIFICATE,
+                SERVER_CERTIFICATE_VERIFY,
+                SERVER_FINISHED,
+                CLIENT_FINISHED,
+                APPLICATION_DATA,
+        },
+        [NEGOTIATED | WITH_HELLO_RET_REQ | WITH_CERT_REQ] = {
+                CLIENT_HELLO,
+                SERVER_HELLO, 
+                CLIENT_HELLO_RETRY,
+                SERVER_ENCRYPTED_EXTENSIONS,
+                SERVER_CERTIFICATE_REQUEST,
+                SERVER_CERTIFICATE,
+                SERVER_CERTIFICATE_VERIFY,
+                SERVER_FINISHED,
+                CLIENT_FINISHED,
+                APPLICATION_DATA,
+        },
+        [NEGOTIATED | WITH_PSK] = {
+                CLIENT_HELLO,
+                SERVER_HELLO,
+                SERVER_ENCRYPTED_EXTENSIONS,
+                SERVER_FINISHED,
+                CLIENT_FINISHED,
+                APPLICATION_DATA,
+        },
+        [NEGOTIATED | WITH_HELLO_RET_REQ | WITH_PSK] = {
+                CLIENT_HELLO,
+                SERVER_HELLO,
+                CLIENT_HELLO_RETRY,
+                SERVER_ENCRYPTED_EXTENSIONS,
+                SERVER_FINISHED,
+                CLIENT_FINISHED,
+                APPLICATION_DATA,
+        },
+};
+enum tls13_message_type
+tls13_handshake_active_state(struct tls13_ctx *ctx)
+{
+        struct tls13_handshake hs = ctx->handshake;
+        return handshakes[hs.hs_type][hs.message_number];
+}
+int
+tls13_handshake_get_writer(struct tls13_ctx *ctx)
+{
+        enum tls13_message_type mt = tls13_handshake_active_state(ctx);
+        return state_machine[mt].writer;
+}
+int
+tls13_connect(struct tls13_ctx *ctx)
+{
+        ctx->mode = TLS13_HS_MODE_CLIENT;
+        
+        while (tls13_handshake_get_writer(ctx) != TLS13_HS_BOTH_WRITE) {
+                if (tls13_handshake_get_writer(ctx) == TLS13_HS_MODE_CLIENT) {
+                        if (!tls13_handshake_write_action(ctx))
+                                return 0;
+                } else {
+                        if (!tls13_handshake_read_action(ctx))
+                                return 0;
+                }
+                if (!tls13_handshake_advance_state_machine(ctx))
+                        return 0;
+        }
+        return 1;
+}
+int
+tls13_accept(struct tls13_ctx *ctx)
+{
+        ctx->mode = TLS13_HS_MODE_SERVER;
+        while (tls13_handshake_get_writer(ctx) != TLS13_HS_BOTH_WRITE) {
+                if (tls13_handshake_get_writer(ctx) == TLS13_HS_MODE_CLIENT) {
+                        if (!tls13_handshake_write_action(ctx))
+                                return 0;
+                } else {
+                        if (!tls13_handshake_read_action(ctx))
+                                return 0;
+                }
+                if (!tls13_handshake_advance_state_machine(ctx))
+                        return 0;
+        }
+        return 1;
+}
+int
+tls13_advance_state_machine(struct tls13_ctx *ctx)
+{
+        if (tls13_handshake_get_writer(ctx) == TLS13_HS_BOTH_WRITE)
+                return 0;
+        ctx->handshake.message_number++;
+        return 1;
+}
+int
+tls13_handshake_write_action(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_handshake_read_action(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_client_hello_send(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_client_hello_recv(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_client_hello_retry_send(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_client_hello_retry_recv(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_client_end_of_early_data_send(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_client_end_of_early_data_recv(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_client_certificate_send(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_client_certificate_recv(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_client_certificate_verify_send(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_client_certificate_verify_recv(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_client_finished_recv(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_client_finished_send(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_client_key_update_send(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_client_key_update_recv(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_server_hello_recv(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_server_hello_send(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_server_new_session_ticket_recv(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_server_new_session_ticket_send(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_server_certificate_recv(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_server_certificate_send(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_server_certificate_request_recv(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_server_certificate_request_send(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_server_certificate_verify_send(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_server_certificate_verify_recv(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_server_finished_recv(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_server_finished_send(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_server_key_update_recv(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_server_key_update_send(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_server_message_hash_recv(struct tls13_ctx *ctx)
+{
+        return 1;
+}
+int
+tls13_server_message_hash_send(struct tls13_ctx *ctx)
+{
+        return 1;
+}
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index 6172ac25c9..0c48c87c89 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,5 +1,7 @@
-/* $OpenBSD: tls13_internal.h,v 1.2 2018/11/08 20:38:25 tb Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.3 2018/11/08 23:54:59 tb Exp $ */
-/* Copyright (c) 2018, Bob Beck <beck@openbsd.org>
+/*
+ * Copyright (c) 2018, Bob Beck <beck@openbsd.org>
+ * Copyright (c) 2018, Theo Buehler <tb@openbsd.org>
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
@@ -58,3 +60,66 @@ int tls13_derive_handshake_secrets(struct tls13_secrets *secrets,
    const struct tls13_secret *context);
 int tls13_derive_application_secrets(struct tls13_secrets *secrets,
    const EVP_MD *digest, const struct tls13_secret *context);
+struct tls13_ctx;
+/*
+ * RFC 8446, Section B.3
+ *
+ * Values listed as "_RESERVED" were used in previous versions of TLS and are
+ * listed here for completeness.  TLS 1.3 implementations MUST NOT send them but
+ * might receive them from older TLS implementations.
+ */
+#define TLS13_MT_HELLO_REQUEST_RESERVED         0
+#define TLS13_MT_CLIENT_HELLO                   1
+#define TLS13_MT_SERVER_HELLO                   2
+#define TLS13_MT_HELLO_VERIFY_REQUEST_RESERVED  3
+#define TLS13_MT_NEW_SESSION_TICKET             4
+#define TLS13_MT_END_OF_EARLY_DATA              5
+#define TLS13_MT_HELLO_RETRY_REQUEST_RESERVED   6
+#define TLS13_MT_ENCRYPTED_EXTENSIONS           8
+#define TLS13_MT_CERTIFICATE                    11
+#define TLS13_MT_SERVER_KEY_EXCHANGE_RESERVED   12
+#define TLS13_MT_CERTIFICATE_REQUEST            13
+#define TLS13_MT_SERVER_HELLO_DONE_RESERVED     14
+#define TLS13_MT_CERTIFICATE_VERIFY             15
+#define TLS13_MT_CLIENT_KEY_EXCHANGE_RESERVED   16
+#define TLS13_MT_FINISHED                       20
+#define TLS13_MT_CERTIFICATE_URL_RESERVED       21
+#define TLS13_MT_CERTIFICATE_STATUS_RESERVED    22
+#define TLS13_MT_SUPPLEMENTAL_DATA_RESERVED     23
+#define TLS13_MT_KEY_UPDATE                     24
+#define TLS13_MT_MESSAGE_HASH                   254
+int tls13_client_hello_send(struct tls13_ctx *ctx);
+int tls13_client_hello_recv(struct tls13_ctx *ctx);
+int tls13_client_hello_retry_send(struct tls13_ctx *ctx);
+int tls13_client_hello_retry_recv(struct tls13_ctx *ctx);
+int tls13_client_end_of_early_data_send(struct tls13_ctx *ctx);
+int tls13_client_end_of_early_data_recv(struct tls13_ctx *ctx);
+int tls13_client_certificate_send(struct tls13_ctx *ctx);
+int tls13_client_certificate_recv(struct tls13_ctx *ctx);
+int tls13_client_certificate_verify_send(struct tls13_ctx *ctx);
+int tls13_client_certificate_verify_recv(struct tls13_ctx *ctx);
+int tls13_client_finished_recv(struct tls13_ctx *ctx);
+int tls13_client_finished_send(struct tls13_ctx *ctx);
+int tls13_client_key_update_send(struct tls13_ctx *ctx);
+int tls13_client_key_update_recv(struct tls13_ctx *ctx);
+int tls13_server_hello_recv(struct tls13_ctx *ctx);
+int tls13_server_hello_send(struct tls13_ctx *ctx);
+int tls13_server_new_session_ticket_recv(struct tls13_ctx *ctx);
+int tls13_server_new_session_ticket_send(struct tls13_ctx *ctx);
+int tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx);
+int tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx);
+int tls13_server_certificate_recv(struct tls13_ctx *ctx);
+int tls13_server_certificate_send(struct tls13_ctx *ctx);
+int tls13_server_certificate_request_recv(struct tls13_ctx *ctx);
+int tls13_server_certificate_request_send(struct tls13_ctx *ctx);
+int tls13_server_certificate_verify_send(struct tls13_ctx *ctx);
+int tls13_server_certificate_verify_recv(struct tls13_ctx *ctx);
+int tls13_server_finished_recv(struct tls13_ctx *ctx);
+int tls13_server_finished_send(struct tls13_ctx *ctx);
+int tls13_server_key_update_recv(struct tls13_ctx *ctx);
+int tls13_server_key_update_send(struct tls13_ctx *ctx);
+int tls13_server_message_hash_recv(struct tls13_ctx *ctx);
+int tls13_server_message_hash_send(struct tls13_ctx *ctx);

diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile index 762ca0d18d..3969b453a5 100644 --- a/src/lib/libssl/Makefile +++ b/src/lib/libssl/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.41 2018/11/07 19:43:12 beck Exp $	1	# $OpenBSD: Makefile,v 1.42 2018/11/08 23:54:59 tb Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4	.ifndef NOMAN	4	.ifndef NOMAN
@@ -34,7 +34,7 @@ SRCS= \
34	ssl_asn1.c ssl_txt.c ssl_algs.c \	34	ssl_asn1.c ssl_txt.c ssl_algs.c \
35	bio_ssl.c ssl_err.c ssl_methods.c \	35	bio_ssl.c ssl_err.c ssl_methods.c \
36	ssl_packet.c ssl_tlsext.c ssl_versions.c pqueue.c ssl_init.c \	36	ssl_packet.c ssl_tlsext.c ssl_versions.c pqueue.c ssl_init.c \
37	tls13_key_schedule.c	37	tls13_handshake.c tls13_key_schedule.c
38	SRCS+= s3_cbc.c	38	SRCS+= s3_cbc.c
39	SRCS+= bs_ber.c bs_cbb.c bs_cbs.c	39	SRCS+= bs_ber.c bs_cbb.c bs_cbs.c
40		40


diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c new file mode 100644 index 0000000000..e383d969f3 --- /dev/null +++ b/src/lib/libssl/tls13_handshake.c
@@ -0,0 +1,538 @@
		1	/* $OpenBSD: tls13_handshake.c,v 1.1 2018/11/08 23:54:59 tb Exp $ */
		2	/*
		3	* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
		4	*
		5	* Permission to use, copy, modify, and distribute this software for any
		6	* purpose with or without fee is hereby granted, provided that the above
		7	* copyright notice and this permission notice appear in all copies.
		8	*
		9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	*/
		17
		18	#include <stddef.h>
		19
		20	#include "tls13_internal.h"
		21
		22	/* Based on RFC 8446 and inspired by s2n's TLS 1.2 state machine. */
		23
		24	/* Record types */
		25	#define TLS13_HANDSHAKE 1
		26	#define TLS13_APPLICATION_DATA 2
		27
		28	/* Indexing into the state machine */
		29	struct tls13_handshake {
		30	uint8_t hs_type;
		31	#define INITIAL 0x00
		32	#define NEGOTIATED 0x01
		33	#define WITH_CERT_REQ 0x02
		34	#define WITH_HELLO_RET_REQ 0x04
		35	#define WITH_PSK 0x08
		36	int message_number;
		37	};
		38
		39	struct tls13_ctx {
		40	uint8_t mode;
		41	#define TLS13_HS_MODE_CLIENT 0
		42	#define TLS13_HS_MODE_SERVER 1
		43	struct tls13_handshake handshake;
		44	};
		45
		46	struct tls13_handshake_action {
		47	uint8_t record_type;
		48	uint8_t handshake_type;
		49
		50	uint8_t writer;
		51	#define TLS13_HS_CLIENT_WRITES 1
		52	#define TLS13_HS_SERVER_WRITES 2
		53	#define TLS13_HS_BOTH_WRITE (TLS13_HS_CLIENT_WRITES\|TLS13_HS_SERVER_WRITES)
		54
		55	int (handler[2])(struct tls13_ctx ctx);
		56	};
		57
		58	enum tls13_message_type tls13_handshake_active_state(struct tls13_ctx *ctx);
		59	int tls13_handshake_get_writer(struct tls13_ctx *ctx);
		60
		61	int tls13_advance_state_machine(struct tls13_ctx *ctx);
		62
		63	int tls13_connect(struct tls13_ctx *ctx);
		64	int tls13_accept(struct tls13_ctx *ctx);
		65
		66	int tls13_handshake_advance_state_machine(struct tls13_ctx *ctx);
		67
		68	int tls13_handshake_write_action(struct tls13_ctx *ctx);
		69	int tls13_handshake_read_action(struct tls13_ctx *ctx);
		70
		71	enum tls13_message_type {
		72	CLIENT_HELLO,
		73	CLIENT_HELLO_RETRY,
		74	CLIENT_END_OF_EARLY_DATA,
		75	CLIENT_CERTIFICATE,
		76	CLIENT_CERTIFICATE_VERIFY,
		77	CLIENT_FINISHED,
		78	CLIENT_KEY_UPDATE,
		79	SERVER_HELLO,
		80	SERVER_NEW_SESSION_TICKET,
		81	SERVER_ENCRYPTED_EXTENSIONS,
		82	SERVER_CERTIFICATE,
		83	SERVER_CERTIFICATE_VERIFY,
		84	SERVER_CERTIFICATE_REQUEST,
		85	SERVER_FINISHED,
		86	SERVER_KEY_UPDATE,
		87	SERVER_MESSAGE_HASH,
		88	APPLICATION_DATA,
		89	};
		90
		91	struct tls13_handshake_action state_machine[] = {
		92	[CLIENT_HELLO] = {
		93	TLS13_HANDSHAKE,
		94	TLS13_MT_CLIENT_HELLO,
		95	TLS13_HS_CLIENT_WRITES,
		96	{tls13_client_hello_send, tls13_client_hello_recv},
		97	},
		98	[CLIENT_HELLO_RETRY] = {
		99	TLS13_HANDSHAKE,
		100	TLS13_MT_CLIENT_HELLO,
		101	TLS13_HS_CLIENT_WRITES,
		102	{tls13_client_hello_retry_send, tls13_client_hello_retry_recv},
		103	},
		104	[CLIENT_END_OF_EARLY_DATA] = {
		105	TLS13_HANDSHAKE,
		106	TLS13_MT_END_OF_EARLY_DATA,
		107	TLS13_HS_CLIENT_WRITES,
		108	{tls13_client_end_of_early_data_send,
		109	tls13_client_end_of_early_data_recv},
		110	},
		111	[CLIENT_CERTIFICATE] = {
		112	TLS13_HANDSHAKE,
		113	TLS13_MT_CERTIFICATE,
		114	TLS13_HS_CLIENT_WRITES,
		115	{tls13_client_certificate_send,
		116	tls13_client_certificate_recv},
		117	},
		118	[CLIENT_CERTIFICATE_VERIFY] = {
		119	TLS13_HANDSHAKE,
		120	TLS13_MT_CERTIFICATE_VERIFY,
		121	TLS13_HS_CLIENT_WRITES,
		122	{tls13_client_certificate_verify_send,
		123	tls13_client_certificate_verify_recv},
		124	},
		125	[CLIENT_FINISHED] = {
		126	TLS13_HANDSHAKE,
		127	TLS13_MT_FINISHED,
		128	TLS13_HS_CLIENT_WRITES,
		129	{tls13_client_finished_recv, tls13_client_finished_send}
		130	},
		131	[CLIENT_KEY_UPDATE] = {
		132	TLS13_HANDSHAKE,
		133	TLS13_MT_KEY_UPDATE,
		134	TLS13_HS_CLIENT_WRITES,
		135	{tls13_client_key_update_send, tls13_client_key_update_recv},
		136	},
		137	[SERVER_HELLO] = {
		138	TLS13_HANDSHAKE,
		139	TLS13_MT_SERVER_HELLO,
		140	TLS13_HS_SERVER_WRITES,
		141	{tls13_server_hello_recv, tls13_server_hello_send},
		142	},
		143	[SERVER_NEW_SESSION_TICKET] = {
		144	TLS13_HANDSHAKE,
		145	TLS13_MT_NEW_SESSION_TICKET,
		146	TLS13_HS_SERVER_WRITES,
		147	{tls13_server_new_session_ticket_recv,
		148	tls13_server_new_session_ticket_send},
		149	},
		150	[SERVER_ENCRYPTED_EXTENSIONS] = {
		151	TLS13_HANDSHAKE,
		152	TLS13_MT_ENCRYPTED_EXTENSIONS,
		153	TLS13_HS_SERVER_WRITES,
		154	{tls13_server_encrypted_extensions_recv,
		155	tls13_server_encrypted_extensions_send},
		156	},
		157	[SERVER_CERTIFICATE] = {
		158	TLS13_HANDSHAKE,
		159	TLS13_MT_CERTIFICATE,
		160	TLS13_HS_SERVER_WRITES,
		161	{tls13_server_certificate_recv, tls13_server_certificate_send},
		162	},
		163	[SERVER_CERTIFICATE_REQUEST] = {
		164	TLS13_HANDSHAKE,
		165	TLS13_MT_CERTIFICATE,
		166	TLS13_HS_SERVER_WRITES,
		167	{tls13_server_certificate_request_recv,
		168	tls13_server_certificate_request_send},
		169	},
		170	[SERVER_CERTIFICATE_VERIFY] = {
		171	TLS13_HANDSHAKE,
		172	TLS13_MT_CERTIFICATE_VERIFY,
		173	TLS13_HS_SERVER_WRITES,
		174	{tls13_server_certificate_verify_send,
		175	tls13_server_certificate_verify_recv},
		176	},
		177	[SERVER_FINISHED] = {
		178	TLS13_HANDSHAKE,
		179	TLS13_MT_FINISHED,
		180	TLS13_HS_SERVER_WRITES,
		181	{tls13_server_finished_recv, tls13_server_finished_send}
		182	},
		183	[SERVER_KEY_UPDATE] = {
		184	TLS13_HANDSHAKE,
		185	TLS13_MT_KEY_UPDATE,
		186	TLS13_HS_SERVER_WRITES,
		187	{tls13_server_key_update_recv, tls13_server_key_update_send},
		188	},
		189	[SERVER_MESSAGE_HASH] = {
		190	TLS13_HANDSHAKE,
		191	TLS13_MT_MESSAGE_HASH,
		192	TLS13_HS_SERVER_WRITES,
		193	{tls13_server_message_hash_recv,
		194	tls13_server_message_hash_send},
		195	},
		196	[APPLICATION_DATA] = {
		197	TLS13_APPLICATION_DATA,
		198	0,
		199	TLS13_HS_BOTH_WRITE,
		200	{NULL, NULL},
		201	},
		202	};
		203
		204	static enum tls13_message_type handshakes[][16] = {
		205	[INITIAL] = {
		206	CLIENT_HELLO,
		207	SERVER_HELLO,
		208	},
		209	[NEGOTIATED] = {
		210	CLIENT_HELLO,
		211	SERVER_HELLO,
		212	SERVER_ENCRYPTED_EXTENSIONS,
		213	SERVER_CERTIFICATE,
		214	SERVER_CERTIFICATE_VERIFY,
		215	SERVER_FINISHED,
		216	CLIENT_FINISHED,
		217	APPLICATION_DATA,
		218	},
		219	[NEGOTIATED \| WITH_HELLO_RET_REQ] = {
		220	CLIENT_HELLO,
		221	SERVER_HELLO,
		222	CLIENT_HELLO_RETRY,
		223	SERVER_ENCRYPTED_EXTENSIONS,
		224	SERVER_CERTIFICATE,
		225	SERVER_CERTIFICATE_VERIFY,
		226	SERVER_FINISHED,
		227	CLIENT_FINISHED,
		228	APPLICATION_DATA,
		229	},
		230	[NEGOTIATED \| WITH_CERT_REQ] = {
		231	CLIENT_HELLO,
		232	SERVER_HELLO,
		233	SERVER_ENCRYPTED_EXTENSIONS,
		234	SERVER_CERTIFICATE_REQUEST,
		235	SERVER_CERTIFICATE,
		236	SERVER_CERTIFICATE_VERIFY,
		237	SERVER_FINISHED,
		238	CLIENT_FINISHED,
		239	APPLICATION_DATA,
		240	},
		241	[NEGOTIATED \| WITH_HELLO_RET_REQ \| WITH_CERT_REQ] = {
		242	CLIENT_HELLO,
		243	SERVER_HELLO,
		244	CLIENT_HELLO_RETRY,
		245	SERVER_ENCRYPTED_EXTENSIONS,
		246	SERVER_CERTIFICATE_REQUEST,
		247	SERVER_CERTIFICATE,
		248	SERVER_CERTIFICATE_VERIFY,
		249	SERVER_FINISHED,
		250	CLIENT_FINISHED,
		251	APPLICATION_DATA,
		252	},
		253	[NEGOTIATED \| WITH_PSK] = {
		254	CLIENT_HELLO,
		255	SERVER_HELLO,
		256	SERVER_ENCRYPTED_EXTENSIONS,
		257	SERVER_FINISHED,
		258	CLIENT_FINISHED,
		259	APPLICATION_DATA,
		260	},
		261	[NEGOTIATED \| WITH_HELLO_RET_REQ \| WITH_PSK] = {
		262	CLIENT_HELLO,
		263	SERVER_HELLO,
		264	CLIENT_HELLO_RETRY,
		265	SERVER_ENCRYPTED_EXTENSIONS,
		266	SERVER_FINISHED,
		267	CLIENT_FINISHED,
		268	APPLICATION_DATA,
		269	},
		270	};
		271
		272	enum tls13_message_type
		273	tls13_handshake_active_state(struct tls13_ctx *ctx)
		274	{
		275	struct tls13_handshake hs = ctx->handshake;
		276	return handshakes[hs.hs_type][hs.message_number];
		277	}
		278
		279	int
		280	tls13_handshake_get_writer(struct tls13_ctx *ctx)
		281	{
		282	enum tls13_message_type mt = tls13_handshake_active_state(ctx);
		283	return state_machine[mt].writer;
		284	}
		285
		286	int
		287	tls13_connect(struct tls13_ctx *ctx)
		288	{
		289	ctx->mode = TLS13_HS_MODE_CLIENT;
		290
		291	while (tls13_handshake_get_writer(ctx) != TLS13_HS_BOTH_WRITE) {
		292	if (tls13_handshake_get_writer(ctx) == TLS13_HS_MODE_CLIENT) {
		293	if (!tls13_handshake_write_action(ctx))
		294	return 0;
		295	} else {
		296	if (!tls13_handshake_read_action(ctx))
		297	return 0;
		298	}
		299	if (!tls13_handshake_advance_state_machine(ctx))
		300	return 0;
		301	}
		302
		303	return 1;
		304	}
		305
		306	int
		307	tls13_accept(struct tls13_ctx *ctx)
		308	{
		309	ctx->mode = TLS13_HS_MODE_SERVER;
		310
		311	while (tls13_handshake_get_writer(ctx) != TLS13_HS_BOTH_WRITE) {
		312	if (tls13_handshake_get_writer(ctx) == TLS13_HS_MODE_CLIENT) {
		313	if (!tls13_handshake_write_action(ctx))
		314	return 0;
		315	} else {
		316	if (!tls13_handshake_read_action(ctx))
		317	return 0;
		318	}
		319	if (!tls13_handshake_advance_state_machine(ctx))
		320	return 0;
		321	}
		322
		323	return 1;
		324	}
		325
		326	int
		327	tls13_advance_state_machine(struct tls13_ctx *ctx)
		328	{
		329	if (tls13_handshake_get_writer(ctx) == TLS13_HS_BOTH_WRITE)
		330	return 0;
		331	ctx->handshake.message_number++;
		332	return 1;
		333	}
		334
		335	int
		336	tls13_handshake_write_action(struct tls13_ctx *ctx)
		337	{
		338	return 1;
		339	}
		340
		341	int
		342	tls13_handshake_read_action(struct tls13_ctx *ctx)
		343	{
		344	return 1;
		345	}
		346
		347	int
		348	tls13_client_hello_send(struct tls13_ctx *ctx)
		349	{
		350	return 1;
		351	}
		352
		353	int
		354	tls13_client_hello_recv(struct tls13_ctx *ctx)
		355	{
		356	return 1;
		357	}
		358
		359	int
		360	tls13_client_hello_retry_send(struct tls13_ctx *ctx)
		361	{
		362	return 1;
		363	}
		364
		365	int
		366	tls13_client_hello_retry_recv(struct tls13_ctx *ctx)
		367	{
		368	return 1;
		369	}
		370
		371
		372	int
		373	tls13_client_end_of_early_data_send(struct tls13_ctx *ctx)
		374	{
		375	return 1;
		376	}
		377
		378	int
		379	tls13_client_end_of_early_data_recv(struct tls13_ctx *ctx)
		380	{
		381	return 1;
		382	}
		383
		384	int
		385	tls13_client_certificate_send(struct tls13_ctx *ctx)
		386	{
		387	return 1;
		388	}
		389
		390	int
		391	tls13_client_certificate_recv(struct tls13_ctx *ctx)
		392	{
		393	return 1;
		394	}
		395
		396	int
		397	tls13_client_certificate_verify_send(struct tls13_ctx *ctx)
		398	{
		399	return 1;
		400	}
		401
		402	int
		403	tls13_client_certificate_verify_recv(struct tls13_ctx *ctx)
		404	{
		405	return 1;
		406	}
		407
		408	int
		409	tls13_client_finished_recv(struct tls13_ctx *ctx)
		410	{
		411	return 1;
		412	}
		413
		414	int
		415	tls13_client_finished_send(struct tls13_ctx *ctx)
		416	{
		417	return 1;
		418	}
		419
		420	int
		421	tls13_client_key_update_send(struct tls13_ctx *ctx)
		422	{
		423	return 1;
		424	}
		425
		426	int
		427	tls13_client_key_update_recv(struct tls13_ctx *ctx)
		428	{
		429	return 1;
		430	}
		431
		432	int
		433	tls13_server_hello_recv(struct tls13_ctx *ctx)
		434	{
		435	return 1;
		436	}
		437
		438	int
		439	tls13_server_hello_send(struct tls13_ctx *ctx)
		440	{
		441	return 1;
		442	}
		443
		444	int
		445	tls13_server_new_session_ticket_recv(struct tls13_ctx *ctx)
		446	{
		447	return 1;
		448	}
		449
		450	int
		451	tls13_server_new_session_ticket_send(struct tls13_ctx *ctx)
		452	{
		453	return 1;
		454	}
		455
		456	int
		457	tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx)
		458	{
		459	return 1;
		460	}
		461
		462	int
		463	tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx)
		464	{
		465	return 1;
		466	}
		467
		468	int
		469	tls13_server_certificate_recv(struct tls13_ctx *ctx)
		470	{
		471	return 1;
		472	}
		473
		474	int
		475	tls13_server_certificate_send(struct tls13_ctx *ctx)
		476	{
		477	return 1;
		478	}
		479
		480	int
		481	tls13_server_certificate_request_recv(struct tls13_ctx *ctx)
		482	{
		483	return 1;
		484	}
		485
		486	int
		487	tls13_server_certificate_request_send(struct tls13_ctx *ctx)
		488	{
		489	return 1;
		490	}
		491
		492	int
		493	tls13_server_certificate_verify_send(struct tls13_ctx *ctx)
		494	{
		495	return 1;
		496	}
		497
		498	int
		499	tls13_server_certificate_verify_recv(struct tls13_ctx *ctx)
		500	{
		501	return 1;
		502	}
		503
		504	int
		505	tls13_server_finished_recv(struct tls13_ctx *ctx)
		506	{
		507	return 1;
		508	}
		509
		510	int
		511	tls13_server_finished_send(struct tls13_ctx *ctx)
		512	{
		513	return 1;
		514	}
		515
		516	int
		517	tls13_server_key_update_recv(struct tls13_ctx *ctx)
		518	{
		519	return 1;
		520	}
		521
		522	int
		523	tls13_server_key_update_send(struct tls13_ctx *ctx)
		524	{
		525	return 1;
		526	}
		527
		528	int
		529	tls13_server_message_hash_recv(struct tls13_ctx *ctx)
		530	{
		531	return 1;
		532	}
		533
		534	int
		535	tls13_server_message_hash_send(struct tls13_ctx *ctx)
		536	{
		537	return 1;
		538	}


diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h index 6172ac25c9..0c48c87c89 100644 --- a/src/lib/libssl/tls13_internal.h +++ b/src/lib/libssl/tls13_internal.h
@@ -1,5 +1,7 @@
1	/* $OpenBSD: tls13_internal.h,v 1.2 2018/11/08 20:38:25 tb Exp $ */	1	/* $OpenBSD: tls13_internal.h,v 1.3 2018/11/08 23:54:59 tb Exp $ */
2	/* Copyright (c) 2018, Bob Beck <beck@openbsd.org>	2	/*
		3	* Copyright (c) 2018, Bob Beck <beck@openbsd.org>
		4	* Copyright (c) 2018, Theo Buehler <tb@openbsd.org>
3	*	5	*
4	* Permission to use, copy, modify, and/or distribute this software for any	6	* Permission to use, copy, modify, and/or distribute this software for any
5	* purpose with or without fee is hereby granted, provided that the above	7	* purpose with or without fee is hereby granted, provided that the above
@@ -58,3 +60,66 @@ int tls13_derive_handshake_secrets(struct tls13_secrets *secrets,
58	const struct tls13_secret *context);	60	const struct tls13_secret *context);
59	int tls13_derive_application_secrets(struct tls13_secrets *secrets,	61	int tls13_derive_application_secrets(struct tls13_secrets *secrets,
60	const EVP_MD digest, const struct tls13_secret context);	62	const EVP_MD digest, const struct tls13_secret context);
		63
		64	struct tls13_ctx;
		65
		66	/*
		67	* RFC 8446, Section B.3
		68	*
		69	* Values listed as "_RESERVED" were used in previous versions of TLS and are
		70	* listed here for completeness. TLS 1.3 implementations MUST NOT send them but
		71	* might receive them from older TLS implementations.
		72	*/
		73	#define TLS13_MT_HELLO_REQUEST_RESERVED 0
		74	#define TLS13_MT_CLIENT_HELLO 1
		75	#define TLS13_MT_SERVER_HELLO 2
		76	#define TLS13_MT_HELLO_VERIFY_REQUEST_RESERVED 3
		77	#define TLS13_MT_NEW_SESSION_TICKET 4
		78	#define TLS13_MT_END_OF_EARLY_DATA 5
		79	#define TLS13_MT_HELLO_RETRY_REQUEST_RESERVED 6
		80	#define TLS13_MT_ENCRYPTED_EXTENSIONS 8
		81	#define TLS13_MT_CERTIFICATE 11
		82	#define TLS13_MT_SERVER_KEY_EXCHANGE_RESERVED 12
		83	#define TLS13_MT_CERTIFICATE_REQUEST 13
		84	#define TLS13_MT_SERVER_HELLO_DONE_RESERVED 14
		85	#define TLS13_MT_CERTIFICATE_VERIFY 15
		86	#define TLS13_MT_CLIENT_KEY_EXCHANGE_RESERVED 16
		87	#define TLS13_MT_FINISHED 20
		88	#define TLS13_MT_CERTIFICATE_URL_RESERVED 21
		89	#define TLS13_MT_CERTIFICATE_STATUS_RESERVED 22
		90	#define TLS13_MT_SUPPLEMENTAL_DATA_RESERVED 23
		91	#define TLS13_MT_KEY_UPDATE 24
		92	#define TLS13_MT_MESSAGE_HASH 254
		93
		94	int tls13_client_hello_send(struct tls13_ctx *ctx);
		95	int tls13_client_hello_recv(struct tls13_ctx *ctx);
		96	int tls13_client_hello_retry_send(struct tls13_ctx *ctx);
		97	int tls13_client_hello_retry_recv(struct tls13_ctx *ctx);
		98	int tls13_client_end_of_early_data_send(struct tls13_ctx *ctx);
		99	int tls13_client_end_of_early_data_recv(struct tls13_ctx *ctx);
		100	int tls13_client_certificate_send(struct tls13_ctx *ctx);
		101	int tls13_client_certificate_recv(struct tls13_ctx *ctx);
		102	int tls13_client_certificate_verify_send(struct tls13_ctx *ctx);
		103	int tls13_client_certificate_verify_recv(struct tls13_ctx *ctx);
		104	int tls13_client_finished_recv(struct tls13_ctx *ctx);
		105	int tls13_client_finished_send(struct tls13_ctx *ctx);
		106	int tls13_client_key_update_send(struct tls13_ctx *ctx);
		107	int tls13_client_key_update_recv(struct tls13_ctx *ctx);
		108	int tls13_server_hello_recv(struct tls13_ctx *ctx);
		109	int tls13_server_hello_send(struct tls13_ctx *ctx);
		110	int tls13_server_new_session_ticket_recv(struct tls13_ctx *ctx);
		111	int tls13_server_new_session_ticket_send(struct tls13_ctx *ctx);
		112	int tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx);
		113	int tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx);
		114	int tls13_server_certificate_recv(struct tls13_ctx *ctx);
		115	int tls13_server_certificate_send(struct tls13_ctx *ctx);
		116	int tls13_server_certificate_request_recv(struct tls13_ctx *ctx);
		117	int tls13_server_certificate_request_send(struct tls13_ctx *ctx);
		118	int tls13_server_certificate_verify_send(struct tls13_ctx *ctx);
		119	int tls13_server_certificate_verify_recv(struct tls13_ctx *ctx);
		120	int tls13_server_finished_recv(struct tls13_ctx *ctx);
		121	int tls13_server_finished_send(struct tls13_ctx *ctx);
		122	int tls13_server_key_update_recv(struct tls13_ctx *ctx);
		123	int tls13_server_key_update_send(struct tls13_ctx *ctx);
		124	int tls13_server_message_hash_recv(struct tls13_ctx *ctx);
		125	int tls13_server_message_hash_send(struct tls13_ctx *ctx);