From bde3ac13e78ee3960e9e0340d4af51a79ada0aa6 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Mon, 21 Jan 2019 13:13:46 +0000 Subject: Wire up the handshake message send and recv actions. This means that we actually receive and send handshake messages to and from the record layer. ok tb@ --- src/lib/libssl/tls13_handshake.c | 43 +++++++++++++++++++++++++++++++++++++--- src/lib/libssl/tls13_internal.h | 5 ++++- 2 files changed, 44 insertions(+), 4 deletions(-) (limited to 'src/lib/libssl') diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c index 9e17fd1351..78f5611b70 100644 --- a/src/lib/libssl/tls13_handshake.c +++ b/src/lib/libssl/tls13_handshake.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_handshake.c,v 1.16 2019/01/21 10:44:08 jsing Exp $ */ +/* $OpenBSD: tls13_handshake.c,v 1.17 2019/01/21 13:13:46 jsing Exp $ */ /* * Copyright (c) 2018-2019 Theo Buehler * Copyright (c) 2019 Joel Sing @@ -18,6 +18,7 @@ #include +#include "ssl_locl.h" #include "tls13_handshake.h" #include "tls13_internal.h" @@ -331,7 +332,30 @@ int tls13_handshake_send_action(struct tls13_ctx *ctx, struct tls13_handshake_action *action) { - return action->send(ctx); + ssize_t ret; + CBS cbs; + + /* If we have no handshake message, we need to build one. */ + if (ctx->hs_msg == NULL) { + if ((ctx->hs_msg = tls13_handshake_msg_new()) == NULL) + return TLS13_IO_FAILURE; + + /* XXX - provide CBB. */ + if (!action->send(ctx)) + return TLS13_IO_FAILURE; + } + + if ((ret = tls13_handshake_msg_send(ctx->hs_msg, ctx->rl)) <= 0) + return ret; + + tls13_handshake_msg_data(ctx->hs_msg, &cbs); + if (!tls1_transcript_record(ctx->ssl, CBS_data(&cbs), CBS_len(&cbs))) + return TLS13_IO_FAILURE; + + tls13_handshake_msg_free(ctx->hs_msg); + ctx->hs_msg = NULL; + + return TLS13_IO_SUCCESS; } int @@ -339,14 +363,27 @@ tls13_handshake_recv_action(struct tls13_ctx *ctx, struct tls13_handshake_action *action) { uint8_t msg_type; + ssize_t ret; + CBS cbs; - msg_type = 0; /* XXX */ + if (ctx->hs_msg == NULL) { + if ((ctx->hs_msg = tls13_handshake_msg_new()) == NULL) + return TLS13_IO_FAILURE; + } + + if ((ret = tls13_handshake_msg_recv(ctx->hs_msg, ctx->rl)) <= 0) + return ret; + + tls13_handshake_msg_data(ctx->hs_msg, &cbs); + if (!tls1_transcript_record(ctx->ssl, CBS_data(&cbs), CBS_len(&cbs))) + return TLS13_IO_FAILURE; /* * In TLSv1.3 there is no way to know if you're going to receive a * certificate request message or not, hence we have to special case it * here. The receive handler also knows how to deal with this situation. */ + msg_type = tls13_handshake_msg_type(ctx->hs_msg); if (msg_type != action->handshake_type && (msg_type != TLS13_MT_CERTIFICATE || action->handshake_type != TLS13_MT_CERTIFICATE_REQUEST)) { diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h index 03de0fc40e..6ddce37ca3 100644 --- a/src/lib/libssl/tls13_internal.h +++ b/src/lib/libssl/tls13_internal.h @@ -1,7 +1,8 @@ -/* $OpenBSD: tls13_internal.h,v 1.13 2019/01/21 10:44:08 jsing Exp $ */ +/* $OpenBSD: tls13_internal.h,v 1.14 2019/01/21 13:13:46 jsing Exp $ */ /* * Copyright (c) 2018 Bob Beck * Copyright (c) 2018 Theo Buehler + * Copyright (c) 2018, 2019 Joel Sing * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -146,7 +147,9 @@ struct tls13_ctx { SSL *ssl; uint8_t mode; struct tls13_handshake_stage handshake_stage; + struct tls13_record_layer *rl; + struct tls13_handshake_msg *hs_msg; }; /* -- cgit v1.2.3-55-g6feb