From 4004ce5f6cd6540a07d6d1a4cef7138821d5e596 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Sat, 25 Feb 2017 00:06:49 +0000 Subject: [PATCH] Introduce a new early_data state in the state machine Also simplifies the state machine a bit. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2737) --- include/openssl/ssl.h | 3 ++- ssl/statem/statem_clnt.c | 58 +++++++++++++++++----------------------- ssl/statem/statem_lib.c | 1 + ssl/statem/statem_srvr.c | 5 ---- 4 files changed, 27 insertions(+), 40 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index e88d99bd95..860edba4cf 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -899,7 +899,8 @@ typedef enum { TLS_ST_SW_KEY_UPDATE, TLS_ST_CW_KEY_UPDATE, TLS_ST_SR_KEY_UPDATE, - TLS_ST_CR_KEY_UPDATE + TLS_ST_CR_KEY_UPDATE, + TLS_ST_CW_EARLY_DATA } OSSL_HANDSHAKE_STATE; /* diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 2df41ceb0a..23a4d7663b 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -191,11 +191,6 @@ static int ossl_statem_client13_read_transition(SSL *s, int mt) break; case TLS_ST_OK: - if (s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING - && mt == SSL3_MT_SERVER_HELLO) { - st->hand_state = TLS_ST_CR_SRVR_HELLO; - return 1; - } if (mt == SSL3_MT_NEWSESSION_TICKET) { st->hand_state = TLS_ST_CR_SESSION_TICKET; return 1; @@ -258,6 +253,22 @@ int ossl_statem_client_read_transition(SSL *s, int mt) } break; + case TLS_ST_CW_EARLY_DATA: + /* + * We've not actually selected TLSv1.3 yet, but we have sent early + * data. The only thing allowed now is a ServerHello or a + * HelloRetryRequest. + */ + if (mt == SSL3_MT_SERVER_HELLO) { + st->hand_state = TLS_ST_CR_SRVR_HELLO; + return 1; + } + if (mt == SSL3_MT_HELLO_RETRY_REQUEST) { + st->hand_state = TLS_ST_CR_HELLO_RETRY_REQUEST; + return 1; + } + break; + case TLS_ST_CR_SRVR_HELLO: if (s->hit) { if (s->ext.ticket_expected) { @@ -382,21 +393,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt) break; case TLS_ST_OK: - if (s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING) { - /* - * We've not actually selected TLSv1.3 yet, but we have sent early - * data. The only thing allowed now is a ServerHello or a - * HelloRetryRequest. - */ - if (mt == SSL3_MT_SERVER_HELLO) { - st->hand_state = TLS_ST_CR_SRVR_HELLO; - return 1; - } - if (mt == SSL3_MT_HELLO_RETRY_REQUEST) { - st->hand_state = TLS_ST_CR_HELLO_RETRY_REQUEST; - return 1; - } - } else if (mt == SSL3_MT_HELLO_REQUEST) { + if (mt == SSL3_MT_HELLO_REQUEST) { st->hand_state = TLS_ST_CR_HELLO_REQ; return 1; } @@ -463,7 +460,6 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s) case TLS_ST_CR_SESSION_TICKET: case TLS_ST_CW_FINISHED: st->hand_state = TLS_ST_OK; - ossl_statem_set_in_init(s, 0); return WRITE_TRAN_CONTINUE; case TLS_ST_OK: @@ -499,13 +495,6 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) return WRITE_TRAN_ERROR; case TLS_ST_OK: - if (s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING) { - /* - * We are assuming this is a TLSv1.3 connection, although we haven't - * actually selected a version yet. - */ - return WRITE_TRAN_FINISHED; - } if (!s->renegotiate) { /* * We haven't requested a renegotiation ourselves so we must have @@ -524,8 +513,7 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) * We are assuming this is a TLSv1.3 connection, although we haven't * actually selected a version yet. */ - st->hand_state = TLS_ST_OK; - ossl_statem_set_in_init(s, 0); + st->hand_state = TLS_ST_CW_EARLY_DATA; return WRITE_TRAN_CONTINUE; } /* @@ -534,6 +522,9 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) */ return WRITE_TRAN_FINISHED; + case TLS_ST_CW_EARLY_DATA: + return WRITE_TRAN_FINISHED; + case DTLS_ST_CR_HELLO_VERIFY_REQUEST: st->hand_state = TLS_ST_CW_CLNT_HELLO; return WRITE_TRAN_CONTINUE; @@ -576,7 +567,8 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) case TLS_ST_CW_CHANGE: #if defined(OPENSSL_NO_NEXTPROTONEG) - st->hand_state = TLS_ST_CW_FINISHED; + st-> + hand_state = TLS_ST_CW_FINISHED; #else if (!SSL_IS_DTLS(s) && s->s3->npn_seen) st->hand_state = TLS_ST_CW_NEXT_PROTO; @@ -594,7 +586,6 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) case TLS_ST_CW_FINISHED: if (s->hit) { st->hand_state = TLS_ST_OK; - ossl_statem_set_in_init(s, 0); return WRITE_TRAN_CONTINUE; } else { return WRITE_TRAN_FINISHED; @@ -606,7 +597,6 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) return WRITE_TRAN_CONTINUE; } else { st->hand_state = TLS_ST_OK; - ossl_statem_set_in_init(s, 0); return WRITE_TRAN_CONTINUE; } @@ -624,7 +614,6 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) return WRITE_TRAN_CONTINUE; } st->hand_state = TLS_ST_OK; - ossl_statem_set_in_init(s, 0); return WRITE_TRAN_CONTINUE; } } @@ -669,6 +658,7 @@ WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst) } break; + case TLS_ST_CW_EARLY_DATA: case TLS_ST_OK: return tls_finish_handshake(s, wst, 1); } diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index dec8cb3e38..595d7c13a7 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -958,6 +958,7 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs) if (!clearbufs) return WORK_FINISHED_CONTINUE; + ossl_statem_set_in_init(s, 0); return WORK_FINISHED_STOP; } diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 571425d7b6..2b0ff57bad 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -462,7 +462,6 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s) case TLS_ST_SW_FINISHED: if (s->early_data_state == SSL_EARLY_DATA_ACCEPTING) { st->hand_state = TLS_ST_OK; - ossl_statem_set_in_init(s, 0); return WRITE_TRAN_CONTINUE; } return WRITE_TRAN_FINISHED; @@ -489,7 +488,6 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s) case TLS_ST_SW_KEY_UPDATE: case TLS_ST_SW_SESSION_TICKET: st->hand_state = TLS_ST_OK; - ossl_statem_set_in_init(s, 0); return WRITE_TRAN_CONTINUE; } } @@ -535,7 +533,6 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s) case TLS_ST_SW_HELLO_REQ: st->hand_state = TLS_ST_OK; - ossl_statem_set_in_init(s, 0); return WRITE_TRAN_CONTINUE; case TLS_ST_SR_CLNT_HELLO: @@ -602,7 +599,6 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s) case TLS_ST_SR_FINISHED: if (s->hit) { st->hand_state = TLS_ST_OK; - ossl_statem_set_in_init(s, 0); return WRITE_TRAN_CONTINUE; } else if (s->ext.ticket_expected) { st->hand_state = TLS_ST_SW_SESSION_TICKET; @@ -624,7 +620,6 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s) return WRITE_TRAN_FINISHED; } st->hand_state = TLS_ST_OK; - ossl_statem_set_in_init(s, 0); return WRITE_TRAN_CONTINUE; } } -- 2.34.1