default:
break;
- case TLS_ST_SW_SRVR_DONE:
+ case TLS_ST_SW_FINISHED:
if (s->s3->tmp.cert_request) {
if (mt == SSL3_MT_CERTIFICATE) {
st->hand_state = TLS_ST_SR_CERT;
return 1;
}
} else {
- if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
- st->hand_state = TLS_ST_SR_CHANGE;
+ if (mt == SSL3_MT_FINISHED) {
+ st->hand_state = TLS_ST_SR_FINISHED;
return 1;
}
}
case TLS_ST_SR_CERT:
if (s->session->peer == NULL) {
- if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
- st->hand_state = TLS_ST_SR_CHANGE;
+ if (mt == SSL3_MT_FINISHED) {
+ st->hand_state = TLS_ST_SR_FINISHED;
return 1;
}
} else {
break;
case TLS_ST_SR_CERT_VRFY:
- if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
- st->hand_state = TLS_ST_SR_CHANGE;
- return 1;
- }
- break;
-
- case TLS_ST_SR_CHANGE:
if (mt == SSL3_MT_FINISHED) {
st->hand_state = TLS_ST_SR_FINISHED;
return 1;
}
break;
-
- case TLS_ST_SW_FINISHED:
- if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
- st->hand_state = TLS_ST_SR_CHANGE;
- return 1;
- }
- break;
}
/* No valid transition found */
case TLS_ST_SW_SRVR_HELLO:
if (s->hit)
- st->hand_state = TLS_ST_SW_CHANGE;
+ st->hand_state = TLS_ST_SW_FINISHED;
+ else if (send_certificate_request(s))
+ st->hand_state = TLS_ST_SW_CERT_REQ;
else
st->hand_state = TLS_ST_SW_CERT;
return WRITE_TRAN_CONTINUE;
- case TLS_ST_SW_CERT:
- if (s->tlsext_status_expected) {
- st->hand_state = TLS_ST_SW_CERT_STATUS;
- return WRITE_TRAN_CONTINUE;
- }
- /* Fall through */
-
- case TLS_ST_SW_CERT_STATUS:
- if (send_certificate_request(s)) {
- st->hand_state = TLS_ST_SW_CERT_REQ;
- return WRITE_TRAN_CONTINUE;
- }
- /* Fall through */
-
case TLS_ST_SW_CERT_REQ:
- st->hand_state = TLS_ST_SW_SRVR_DONE;
+ st->hand_state = TLS_ST_SW_CERT;
return WRITE_TRAN_CONTINUE;
- case TLS_ST_SW_SRVR_DONE:
- return WRITE_TRAN_FINISHED;
-
- case TLS_ST_SR_FINISHED:
- if (s->hit) {
- st->hand_state = TLS_ST_OK;
- ossl_statem_set_in_init(s, 0);
- return WRITE_TRAN_CONTINUE;
- }
- st->hand_state = TLS_ST_SW_CHANGE;
-
+ case TLS_ST_SW_CERT:
+ if (s->tlsext_status_expected)
+ st->hand_state = TLS_ST_SW_CERT_STATUS;
+ else
+ st->hand_state = TLS_ST_SW_FINISHED;
return WRITE_TRAN_CONTINUE;
-
- case TLS_ST_SW_CHANGE:
+ case TLS_ST_SW_CERT_STATUS:
st->hand_state = TLS_ST_SW_FINISHED;
return WRITE_TRAN_CONTINUE;
case TLS_ST_SW_FINISHED:
- if (s->hit)
- return WRITE_TRAN_FINISHED;
+ return WRITE_TRAN_FINISHED;
+ case TLS_ST_SR_FINISHED:
st->hand_state = TLS_ST_OK;
ossl_statem_set_in_init(s, 0);
return WRITE_TRAN_CONTINUE;
sizeof(sctpauthkey), sctpauthkey);
}
#endif
+ /*
+ * TODO(TLS1.3): This actually causes a problem. We don't yet know
+ * whether the next record we are going to receive is an unencrypted
+ * alert, or an encrypted handshake message. We're going to need
+ * something clever in the record layer for this.
+ */
+ if (SSL_IS_TLS13(s)) {
+ if (!s->method->ssl3_enc->setup_key_block(s)
+ || !s->method->ssl3_enc->change_cipher_state(s,
+ SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_WRITE)
+ || !s->method->ssl3_enc->change_cipher_state(s,
+ SSL3_CC_HANDSHAKE |SSL3_CHANGE_CIPHER_SERVER_READ))
+ return WORK_ERROR;
+ }
break;
case TLS_ST_SW_CHANGE:
0, NULL);
}
#endif
+ if (SSL_IS_TLS13(s)) {
+ if (!s->method->ssl3_enc->generate_master_secret(s,
+ s->session->master_key, s->handshake_secret, 0,
+ &s->session->master_key_length)
+ || !s->method->ssl3_enc->change_cipher_state(s,
+ SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_WRITE))
+ return WORK_ERROR;
+ }
break;
}
#endif
return WORK_FINISHED_CONTINUE;
}
-
+ return WORK_FINISHED_CONTINUE;
}
#ifndef OPENSSL_NO_SRP