From 55bc1fb8c12e9ebee84e4f4cd679dc16b3000b2c Mon Sep 17 00:00:00 2001
From: tb <>
Date: Fri, 5 Apr 2019 20:23:38 +0000
Subject: By design, our state machine is a DAG contrary to the state machine
 in the spec. To avoid the obvious loop in the RFC's state machine, we added a
 CLIENT_HELLO_RETRY state which is a second ClientHello with special rules. 
 There is, however, no state to react to this second client hello. This adds a
 matching SERVER_HELLO_RETRY state to the handshakes table.

This means in particular that the WITH_HRR state cannot be set in
tls13_server_hello_recv(), so remove this now dead check.

ok jsing
---
 src/lib/libssl/tls13_handshake.c | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

(limited to 'src/lib/libssl/tls13_handshake.c')

diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c
index fd49e03adc..542410bd39 100644
--- a/src/lib/libssl/tls13_handshake.c
+++ b/src/lib/libssl/tls13_handshake.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls13_handshake.c,v 1.34 2019/04/05 05:13:12 tb Exp $	*/
+/*	$OpenBSD: tls13_handshake.c,v 1.35 2019/04/05 20:23:38 tb Exp $	*/
 /*
  * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
@@ -98,6 +98,12 @@ struct tls13_handshake_action state_machine[] = {
 		.send = tls13_server_hello_send,
 		.recv = tls13_server_hello_recv,
 	},
+	[SERVER_HELLO_RETRY] = {
+		.handshake_type = TLS13_MT_SERVER_HELLO,
+		.sender = TLS13_HS_SERVER,
+		.send = tls13_server_hello_retry_send,
+		.recv = tls13_server_hello_retry_recv,
+	},
 	[SERVER_ENCRYPTED_EXTENSIONS] = {
 		.handshake_type = TLS13_MT_ENCRYPTED_EXTENSIONS,
 		.sender = TLS13_HS_SERVER,
@@ -156,6 +162,7 @@ enum tls13_message_type handshakes[][TLS13_NUM_MESSAGE_TYPES] = {
 		CLIENT_HELLO,
 		SERVER_HELLO,
 		CLIENT_HELLO_RETRY,
+		SERVER_HELLO_RETRY,
 		SERVER_ENCRYPTED_EXTENSIONS,
 		SERVER_CERTIFICATE_REQUEST,
 		SERVER_CERTIFICATE,
@@ -179,6 +186,7 @@ enum tls13_message_type handshakes[][TLS13_NUM_MESSAGE_TYPES] = {
 		CLIENT_HELLO,
 		SERVER_HELLO,
 		CLIENT_HELLO_RETRY,
+		SERVER_HELLO_RETRY,
 		SERVER_ENCRYPTED_EXTENSIONS,
 		SERVER_CERTIFICATE,
 		SERVER_CERTIFICATE_VERIFY,
@@ -198,6 +206,7 @@ enum tls13_message_type handshakes[][TLS13_NUM_MESSAGE_TYPES] = {
 		CLIENT_HELLO,
 		SERVER_HELLO,
 		CLIENT_HELLO_RETRY,
+		SERVER_HELLO_RETRY,
 		SERVER_ENCRYPTED_EXTENSIONS,
 		SERVER_FINISHED,
 		CLIENT_FINISHED,
@@ -220,6 +229,7 @@ enum tls13_message_type handshakes[][TLS13_NUM_MESSAGE_TYPES] = {
 		CLIENT_HELLO,
 		SERVER_HELLO,
 		CLIENT_HELLO_RETRY,
+		SERVER_HELLO_RETRY,
 		SERVER_ENCRYPTED_EXTENSIONS,
 		SERVER_CERTIFICATE_REQUEST,
 		SERVER_CERTIFICATE,
@@ -403,6 +413,12 @@ tls13_client_hello_retry_send(struct tls13_ctx *ctx)
 	return 0;
 }
 
+int
+tls13_server_hello_retry_recv(struct tls13_ctx *ctx)
+{
+        return 0;
+}
+
 int
 tls13_client_hello_retry_recv(struct tls13_ctx *ctx)
 {
@@ -472,6 +488,12 @@ tls13_server_hello_send(struct tls13_ctx *ctx)
 	return 0;
 }
 
+int
+tls13_server_hello_retry_send(struct tls13_ctx *ctx)
+{
+	return 0;
+}
+
 int
 tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx)
 {
-- 
cgit v1.2.3-55-g6feb