From 55bc1fb8c12e9ebee84e4f4cd679dc16b3000b2c Mon Sep 17 00:00:00 2001 From: tb <> Date: Fri, 5 Apr 2019 20:23:38 +0000 Subject: By design, our state machine is a DAG contrary to the state machine in the spec. To avoid the obvious loop in the RFC's state machine, we added a CLIENT_HELLO_RETRY state which is a second ClientHello with special rules. There is, however, no state to react to this second client hello. This adds a matching SERVER_HELLO_RETRY state to the handshakes table. This means in particular that the WITH_HRR state cannot be set in tls13_server_hello_recv(), so remove this now dead check. ok jsing --- src/lib/libssl/tls13_internal.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/lib/libssl/tls13_internal.h') diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h index c9ef37a39f..1d7a7eb699 100644 --- a/src/lib/libssl/tls13_internal.h +++ b/src/lib/libssl/tls13_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_internal.h,v 1.27 2019/04/04 16:53:57 jsing Exp $ */ +/* $OpenBSD: tls13_internal.h,v 1.28 2019/04/05 20:23:38 tb Exp $ */ /* * Copyright (c) 2018 Bob Beck * Copyright (c) 2018 Theo Buehler @@ -229,6 +229,8 @@ int tls13_client_key_update_send(struct tls13_ctx *ctx); int tls13_client_key_update_recv(struct tls13_ctx *ctx); int tls13_server_hello_recv(struct tls13_ctx *ctx); int tls13_server_hello_send(struct tls13_ctx *ctx); +int tls13_server_hello_retry_recv(struct tls13_ctx *ctx); +int tls13_server_hello_retry_send(struct tls13_ctx *ctx); int tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx); int tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx); int tls13_server_certificate_recv(struct tls13_ctx *ctx); -- cgit v1.2.3-55-g6feb