X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fstatem%2Fstatem_clnt.c;h=b11cd19ffa2cf47962793b9fc15f3ef94c56f8c2;hp=e70ed10932b28f7c163e737fd9acad04ff37e44b;hb=f7e393be4725c33739d46a58de94a06ebdc6e49d;hpb=d781d247d1ef9331983f456d616659108c857d0d diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index e70ed10932..b11cd19ffa 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -123,11 +123,6 @@ static int ossl_statem_client13_read_transition(SSL *s, int mt) { OSSL_STATEM *st = &s->statem; - /* - * TODO(TLS1.3): This is still based on the TLSv1.2 state machine. Over time - * we will update this to look more like real TLSv1.3 - */ - /* * Note: There is no case for TLS_ST_CW_CLNT_HELLO, because we haven't * yet negotiated TLSv1.3 at that point so that is handled by @@ -196,11 +191,6 @@ static int ossl_statem_client13_read_transition(SSL *s, int mt) break; case TLS_ST_OK: - if (s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING - && mt == SSL3_MT_SERVER_HELLO) { - st->hand_state = TLS_ST_CR_SRVR_HELLO; - return 1; - } if (mt == SSL3_MT_NEWSESSION_TICKET) { st->hand_state = TLS_ST_CR_SESSION_TICKET; return 1; @@ -263,6 +253,22 @@ int ossl_statem_client_read_transition(SSL *s, int mt) } break; + case TLS_ST_EARLY_DATA: + /* + * We've not actually selected TLSv1.3 yet, but we have sent early + * data. The only thing allowed now is a ServerHello or a + * HelloRetryRequest. + */ + if (mt == SSL3_MT_SERVER_HELLO) { + st->hand_state = TLS_ST_CR_SRVR_HELLO; + return 1; + } + if (mt == SSL3_MT_HELLO_RETRY_REQUEST) { + st->hand_state = TLS_ST_CR_HELLO_RETRY_REQUEST; + return 1; + } + break; + case TLS_ST_CR_SRVR_HELLO: if (s->hit) { if (s->ext.ticket_expected) { @@ -387,21 +393,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt) break; case TLS_ST_OK: - if (s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING) { - /* - * We've not actually selected TLSv1.3 yet, but we have sent early - * data. The only thing allowed now is a ServerHello or a - * HelloRetryRequest. - */ - if (mt == SSL3_MT_SERVER_HELLO) { - st->hand_state = TLS_ST_CR_SRVR_HELLO; - return 1; - } - if (mt == SSL3_MT_HELLO_RETRY_REQUEST) { - st->hand_state = TLS_ST_CR_HELLO_RETRY_REQUEST; - return 1; - } - } else if (mt == SSL3_MT_HELLO_REQUEST) { + if (mt == SSL3_MT_HELLO_REQUEST) { st->hand_state = TLS_ST_CR_HELLO_REQ; return 1; } @@ -443,6 +435,14 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s) return WRITE_TRAN_CONTINUE; case TLS_ST_CR_FINISHED: + if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) + st->hand_state = TLS_ST_PENDING_EARLY_DATA_END; + else + st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT + : TLS_ST_CW_FINISHED; + return WRITE_TRAN_CONTINUE; + + case TLS_ST_PENDING_EARLY_DATA_END: st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT : TLS_ST_CW_FINISHED; return WRITE_TRAN_CONTINUE; @@ -468,7 +468,6 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s) case TLS_ST_CR_SESSION_TICKET: case TLS_ST_CW_FINISHED: st->hand_state = TLS_ST_OK; - ossl_statem_set_in_init(s, 0); return WRITE_TRAN_CONTINUE; case TLS_ST_OK: @@ -504,13 +503,6 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) return WRITE_TRAN_ERROR; case TLS_ST_OK: - if (s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING) { - /* - * We are assuming this is a TLSv1.3 connection, although we haven't - * actually selected a version yet. - */ - return WRITE_TRAN_FINISHED; - } if (!s->renegotiate) { /* * We haven't requested a renegotiation ourselves so we must have @@ -529,8 +521,7 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) * We are assuming this is a TLSv1.3 connection, although we haven't * actually selected a version yet. */ - st->hand_state = TLS_ST_OK; - ossl_statem_set_in_init(s, 0); + st->hand_state = TLS_ST_EARLY_DATA; return WRITE_TRAN_CONTINUE; } /* @@ -539,6 +530,9 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) */ return WRITE_TRAN_FINISHED; + case TLS_ST_EARLY_DATA: + return WRITE_TRAN_FINISHED; + case DTLS_ST_CR_HELLO_VERIFY_REQUEST: st->hand_state = TLS_ST_CW_CLNT_HELLO; return WRITE_TRAN_CONTINUE; @@ -581,7 +575,8 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) case TLS_ST_CW_CHANGE: #if defined(OPENSSL_NO_NEXTPROTONEG) - st->hand_state = TLS_ST_CW_FINISHED; + st-> + hand_state = TLS_ST_CW_FINISHED; #else if (!SSL_IS_DTLS(s) && s->s3->npn_seen) st->hand_state = TLS_ST_CW_NEXT_PROTO; @@ -599,7 +594,6 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) case TLS_ST_CW_FINISHED: if (s->hit) { st->hand_state = TLS_ST_OK; - ossl_statem_set_in_init(s, 0); return WRITE_TRAN_CONTINUE; } else { return WRITE_TRAN_FINISHED; @@ -611,7 +605,6 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) return WRITE_TRAN_CONTINUE; } else { st->hand_state = TLS_ST_OK; - ossl_statem_set_in_init(s, 0); return WRITE_TRAN_CONTINUE; } @@ -629,7 +622,6 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) return WRITE_TRAN_CONTINUE; } st->hand_state = TLS_ST_OK; - ossl_statem_set_in_init(s, 0); return WRITE_TRAN_CONTINUE; } } @@ -674,6 +666,8 @@ WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst) } break; + case TLS_ST_EARLY_DATA: + case TLS_ST_PENDING_EARLY_DATA_END: case TLS_ST_OK: return tls_finish_handshake(s, wst, 1); } @@ -714,7 +708,7 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst) */ if (!tls13_change_cipher_state(s, SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) - return WORK_ERROR; + return WORK_ERROR; } break; @@ -1519,8 +1513,6 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) */ if (SSL_IS_TLS13(s) && (!s->method->ssl3_enc->setup_key_block(s) - || !s->method->ssl3_enc->change_cipher_state(s, - SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE) || !s->method->ssl3_enc->change_cipher_state(s, SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_READ))) { al = SSL_AD_INTERNAL_ERROR; @@ -3278,11 +3270,22 @@ int tls_construct_client_certificate(SSL *s, WPACKET *pkt) : s->cert->key, &al)) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR); - ssl3_send_alert(s, SSL3_AL_FATAL, al); - return 0; + goto err; + } + + if (SSL_IS_TLS13(s) + && SSL_IS_FIRST_HANDSHAKE(s) + && (!s->method->ssl3_enc->change_cipher_state(s, + SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) { + SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE, + SSL_R_CANNOT_CHANGE_CIPHER); + goto err; } return 1; + err: + ssl3_send_alert(s, SSL3_AL_FATAL, al); + return 0; } #define has_bits(i,m) (((i)&(m)) == (m))