From c18a60d45888295bb8cf344e076d84ef817a65a5 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Wed, 22 Apr 2020 17:05:07 +0000 Subject: Improve TLSv1.3 state machine for HelloRetryRequest handling. The state machine currently handles the HelloRetryRequest case by using WITH_HRR - in other words, we're explicitly indicating when we transition to the alternate path. The problem here is that we do not know if we're going to receive a ServerHello or a HelloRetryRequest until we process the message. This means that the ServerHello processing code has to handle both types of messages. The state machine and associated processing code becomes cleaner if we flip this around so that we assume we are going to receive a HelloRetryRequest and upon discovering that it is not, trigger WITHOUT_HRR and hand off to the ServerHello processing function. In particular, this makes the logic much more straight forward on the server side, when adding support for HRR. With feedback from tb@ ok tb@ --- src/lib/libssl/tls13_server.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'src/lib/libssl/tls13_server.c') diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index f3d21a7477..9bc4cb6170 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.30 2020/04/21 17:06:16 jsing Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.31 2020/04/22 17:05:07 jsing Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing * Copyright (c) 2020 Bob Beck @@ -280,11 +280,11 @@ tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs) return 1; /* - * If no matching key share was provided, we need to send a - * HelloRetryRequest, if matching security parameters exist. + * If a matching key share was provided, we do not need to + * send a HelloRetryRequest. */ - if (ctx->hs->key_share == NULL) - ctx->handshake_stage.hs_type |= WITH_HRR; + if (ctx->hs->key_share != NULL) + ctx->handshake_stage.hs_type |= WITHOUT_HRR; /* XXX - check this is the correct point */ tls13_record_layer_allow_ccs(ctx->rl, 1); @@ -608,7 +608,7 @@ tls13_server_hello_sent(struct tls13_ctx *ctx) } int -tls13_server_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb) +tls13_server_hello_retry_request_send(struct tls13_ctx *ctx, CBB *cbb) { return 0; } -- cgit v1.2.3-55-g6feb