summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2019-01-18 06:51:30 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2019-01-18 06:51:30 +0000
commitcd982a7bc3bf6a935a3f1f2b735e20a344805f02 (patch)
tree12db3189ca503dd086e25eab12b6f967337ed43c /lib
parent67816b769cad851e2641b3f55489606edcb73bba (diff)
Expose some symbols in a new tls13_handshake.h for regression testing.
Update the handshake state tables and flag names according to the design decisions and naming conventions in the hackroom. Garbage collect some things that turn out not to belong here. ok jsing
Diffstat (limited to 'lib')
-rw-r--r--lib/libssl/tls13_handshake.c132
-rw-r--r--lib/libssl/tls13_handshake.h52
-rw-r--r--lib/libssl/tls13_internal.h8
3 files changed, 93 insertions, 99 deletions
diff --git a/lib/libssl/tls13_handshake.c b/lib/libssl/tls13_handshake.c
index 930e6e4be2f..77e59f19307 100644
--- a/lib/libssl/tls13_handshake.c
+++ b/lib/libssl/tls13_handshake.c
@@ -1,6 +1,7 @@
-/* $OpenBSD: tls13_handshake.c,v 1.7 2018/11/11 06:49:35 beck Exp $ */
+/* $OpenBSD: tls13_handshake.c,v 1.8 2019/01/18 06:51:29 tb Exp $ */
/*
- * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
+ * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org>
+ * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -17,6 +18,7 @@
#include <stddef.h>
+#include "tls13_handshake.h"
#include "tls13_internal.h"
/* Based on RFC 8446 and inspired by s2n's TLS 1.2 state machine. */
@@ -28,11 +30,6 @@
/* Indexing into the state machine */
struct tls13_handshake {
uint8_t hs_type;
-#define INITIAL 0x00
-#define NEGOTIATED 0x01
-#define WITH_CERT_REQ 0x02
-#define WITH_HELLO_RET_REQ 0x04
-#define WITH_PSK 0x08
int message_number;
};
@@ -66,27 +63,6 @@ int tls13_handshake_send_action(struct tls13_ctx *ctx,
int tls13_handshake_recv_action(struct tls13_ctx *ctx,
struct tls13_handshake_action *action);
-enum tls13_message_type {
- INVALID,
- CLIENT_HELLO,
- CLIENT_HELLO_RETRY,
- CLIENT_END_OF_EARLY_DATA,
- CLIENT_CERTIFICATE,
- CLIENT_CERTIFICATE_VERIFY,
- CLIENT_FINISHED,
- CLIENT_KEY_UPDATE,
- SERVER_HELLO,
- SERVER_NEW_SESSION_TICKET,
- SERVER_ENCRYPTED_EXTENSIONS,
- SERVER_CERTIFICATE,
- SERVER_CERTIFICATE_VERIFY,
- SERVER_CERTIFICATE_REQUEST,
- SERVER_FINISHED,
- SERVER_KEY_UPDATE,
- SERVER_MESSAGE_HASH,
- APPLICATION_DATA,
-};
-
struct tls13_handshake_action state_machine[] = {
[CLIENT_HELLO] = {
.record_type = TLS13_HANDSHAKE,
@@ -144,13 +120,6 @@ struct tls13_handshake_action state_machine[] = {
.send = tls13_server_hello_send,
.recv = tls13_server_hello_recv,
},
- [SERVER_NEW_SESSION_TICKET] = {
- .record_type = TLS13_HANDSHAKE,
- .handshake_type = TLS13_MT_NEW_SESSION_TICKET,
- .sender = TLS13_HS_SERVER,
- .send = tls13_server_new_session_ticket_send,
- .recv = tls13_server_new_session_ticket_recv,
- },
[SERVER_ENCRYPTED_EXTENSIONS] = {
.record_type = TLS13_HANDSHAKE,
.handshake_type = TLS13_MT_ENCRYPTED_EXTENSIONS,
@@ -186,20 +155,6 @@ struct tls13_handshake_action state_machine[] = {
.send = tls13_server_finished_send,
.recv = tls13_server_finished_recv,
},
- [SERVER_KEY_UPDATE] = {
- .record_type = TLS13_HANDSHAKE,
- .handshake_type = TLS13_MT_KEY_UPDATE,
- .sender = TLS13_HS_SERVER,
- .send = tls13_server_key_update_send,
- .recv = tls13_server_key_update_recv,
- },
- [SERVER_MESSAGE_HASH] = {
- .record_type = TLS13_HANDSHAKE,
- .handshake_type = TLS13_MT_MESSAGE_HASH,
- .sender = TLS13_HS_SERVER,
- .send = tls13_server_message_hash_send,
- .recv = tls13_server_message_hash_recv,
- },
[APPLICATION_DATA] = {
.record_type = TLS13_APPLICATION_DATA,
.handshake_type = 0,
@@ -209,7 +164,7 @@ struct tls13_handshake_action state_machine[] = {
},
};
-static enum tls13_message_type handshakes[][16] = {
+static enum tls13_message_type handshakes[][TLS13_NUM_MESSAGE_TYPES] = {
[INITIAL] = {
CLIENT_HELLO,
SERVER_HELLO,
@@ -218,16 +173,30 @@ static enum tls13_message_type handshakes[][16] = {
CLIENT_HELLO,
SERVER_HELLO,
SERVER_ENCRYPTED_EXTENSIONS,
+ SERVER_CERTIFICATE_REQUEST,
SERVER_CERTIFICATE,
SERVER_CERTIFICATE_VERIFY,
SERVER_FINISHED,
+ CLIENT_CERTIFICATE,
CLIENT_FINISHED,
APPLICATION_DATA,
},
- [NEGOTIATED | WITH_HELLO_RET_REQ] = {
+ [NEGOTIATED | WITH_CCV] = {
+ CLIENT_HELLO,
+ SERVER_HELLO,
+ SERVER_ENCRYPTED_EXTENSIONS,
+ SERVER_CERTIFICATE_REQUEST,
+ SERVER_CERTIFICATE,
+ SERVER_CERTIFICATE_VERIFY,
+ SERVER_FINISHED,
+ CLIENT_CERTIFICATE,
+ CLIENT_CERTIFICATE_VERIFY,
+ CLIENT_FINISHED,
+ APPLICATION_DATA,
+ },
+ [NEGOTIATED | WITHOUT_CR] = {
CLIENT_HELLO,
SERVER_HELLO,
- CLIENT_HELLO_RETRY,
SERVER_ENCRYPTED_EXTENSIONS,
SERVER_CERTIFICATE,
SERVER_CERTIFICATE_VERIFY,
@@ -235,18 +204,28 @@ static enum tls13_message_type handshakes[][16] = {
CLIENT_FINISHED,
APPLICATION_DATA,
},
- [NEGOTIATED | WITH_CERT_REQ] = {
+ [NEGOTIATED | WITH_PSK] = {
CLIENT_HELLO,
SERVER_HELLO,
SERVER_ENCRYPTED_EXTENSIONS,
+ SERVER_FINISHED,
+ CLIENT_FINISHED,
+ APPLICATION_DATA,
+ },
+ [NEGOTIATED | WITH_HRR] = {
+ CLIENT_HELLO,
+ SERVER_HELLO,
+ CLIENT_HELLO_RETRY,
+ SERVER_ENCRYPTED_EXTENSIONS,
SERVER_CERTIFICATE_REQUEST,
SERVER_CERTIFICATE,
SERVER_CERTIFICATE_VERIFY,
SERVER_FINISHED,
+ CLIENT_CERTIFICATE,
CLIENT_FINISHED,
APPLICATION_DATA,
},
- [NEGOTIATED | WITH_HELLO_RET_REQ | WITH_CERT_REQ] = {
+ [NEGOTIATED | WITH_HRR | WITH_CCV] = {
CLIENT_HELLO,
SERVER_HELLO,
CLIENT_HELLO_RETRY,
@@ -255,18 +234,23 @@ static enum tls13_message_type handshakes[][16] = {
SERVER_CERTIFICATE,
SERVER_CERTIFICATE_VERIFY,
SERVER_FINISHED,
+ CLIENT_CERTIFICATE,
+ CLIENT_CERTIFICATE_VERIFY,
CLIENT_FINISHED,
APPLICATION_DATA,
},
- [NEGOTIATED | WITH_PSK] = {
+ [NEGOTIATED | WITH_HRR | WITHOUT_CR] = {
CLIENT_HELLO,
SERVER_HELLO,
+ CLIENT_HELLO_RETRY,
SERVER_ENCRYPTED_EXTENSIONS,
+ SERVER_CERTIFICATE,
+ SERVER_CERTIFICATE_VERIFY,
SERVER_FINISHED,
CLIENT_FINISHED,
APPLICATION_DATA,
},
- [NEGOTIATED | WITH_HELLO_RET_REQ | WITH_PSK] = {
+ [NEGOTIATED | WITH_HRR | WITH_PSK] = {
CLIENT_HELLO,
SERVER_HELLO,
CLIENT_HELLO_RETRY,
@@ -470,18 +454,6 @@ tls13_server_hello_send(struct tls13_ctx *ctx)
}
int
-tls13_server_new_session_ticket_recv(struct tls13_ctx *ctx)
-{
- return 1;
-}
-
-int
-tls13_server_new_session_ticket_send(struct tls13_ctx *ctx)
-{
- return 1;
-}
-
-int
tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx)
{
return 1;
@@ -540,27 +512,3 @@ tls13_server_finished_send(struct tls13_ctx *ctx)
{
return 1;
}
-
-int
-tls13_server_key_update_recv(struct tls13_ctx *ctx)
-{
- return 1;
-}
-
-int
-tls13_server_key_update_send(struct tls13_ctx *ctx)
-{
- return 1;
-}
-
-int
-tls13_server_message_hash_recv(struct tls13_ctx *ctx)
-{
- return 1;
-}
-
-int
-tls13_server_message_hash_send(struct tls13_ctx *ctx)
-{
- return 1;
-}
diff --git a/lib/libssl/tls13_handshake.h b/lib/libssl/tls13_handshake.h
new file mode 100644
index 00000000000..8b21bca3dd6
--- /dev/null
+++ b/lib/libssl/tls13_handshake.h
@@ -0,0 +1,52 @@
+/* $OpenBSD: tls13_handshake.h,v 1.1 2019/01/18 06:51:29 tb Exp $ */
+/*
+ * Copyright (c) 2019 Theo Buehler <tb@openbsd.org>
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef HEADER_TLS13_HANDSHAKE_H
+
+__BEGIN_HIDDEN_DECLS
+
+#define INITIAL 0x00
+#define NEGOTIATED 0x01
+#define WITH_HRR 0x02
+#define WITHOUT_CR 0x04
+#define WITH_PSK 0x08
+#define WITH_CCV 0x10
+#define WITH_0RTT 0x20
+
+enum tls13_message_type {
+ INVALID,
+ CLIENT_HELLO,
+ SERVER_HELLO,
+ CLIENT_HELLO_RETRY,
+ SERVER_ENCRYPTED_EXTENSIONS,
+ SERVER_CERTIFICATE_REQUEST,
+ SERVER_CERTIFICATE,
+ SERVER_CERTIFICATE_VERIFY,
+ SERVER_FINISHED,
+ CLIENT_END_OF_EARLY_DATA,
+ CLIENT_CERTIFICATE,
+ CLIENT_CERTIFICATE_VERIFY,
+ CLIENT_FINISHED,
+ CLIENT_KEY_UPDATE,
+ SERVER_NEW_SESSION_TICKET,
+ APPLICATION_DATA,
+ TLS13_NUM_MESSAGE_TYPES,
+};
+
+__END_HIDDEN_DECLS
+
+#endif
diff --git a/lib/libssl/tls13_internal.h b/lib/libssl/tls13_internal.h
index 872aced77cc..e672df37e38 100644
--- a/lib/libssl/tls13_internal.h
+++ b/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.6 2019/01/17 06:32:12 jsing Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.7 2019/01/18 06:51:29 tb Exp $ */
/*
* Copyright (c) 2018 Bob Beck <beck@openbsd.org>
* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -135,8 +135,6 @@ int tls13_client_key_update_send(struct tls13_ctx *ctx);
int tls13_client_key_update_recv(struct tls13_ctx *ctx);
int tls13_server_hello_recv(struct tls13_ctx *ctx);
int tls13_server_hello_send(struct tls13_ctx *ctx);
-int tls13_server_new_session_ticket_recv(struct tls13_ctx *ctx);
-int tls13_server_new_session_ticket_send(struct tls13_ctx *ctx);
int tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx);
int tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx);
int tls13_server_certificate_recv(struct tls13_ctx *ctx);
@@ -147,10 +145,6 @@ int tls13_server_certificate_verify_send(struct tls13_ctx *ctx);
int tls13_server_certificate_verify_recv(struct tls13_ctx *ctx);
int tls13_server_finished_recv(struct tls13_ctx *ctx);
int tls13_server_finished_send(struct tls13_ctx *ctx);
-int tls13_server_key_update_recv(struct tls13_ctx *ctx);
-int tls13_server_key_update_send(struct tls13_ctx *ctx);
-int tls13_server_message_hash_recv(struct tls13_ctx *ctx);
-int tls13_server_message_hash_send(struct tls13_ctx *ctx);
__END_HIDDEN_DECLS
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-30 01:59:55 +0000