Move TLS 1.3 state machine constants to internal.h. This benefits TLS 1.3 split handshakes, which need the constants to put an |SSL| into the correct state after SSL_apply_handback(). Change-Id: I2dc5b108d7393fb30708b89c53adcc73056d4f0b Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/38924 Commit-Queue: Matt Braithwaite <mab@google.com> Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/ssl/internal.h b/ssl/internal.h index 7ef810e..799a1d8 100644 --- a/ssl/internal.h +++ b/ssl/internal.h
@@ -1477,6 +1477,24 @@ state12_done, }; +enum tls13_server_hs_state_t { + state13_select_parameters = 0, + state13_select_session, + state13_send_hello_retry_request, + state13_read_second_client_hello, + state13_send_server_hello, + state13_send_server_certificate_verify, + state13_send_server_finished, + state13_read_second_client_flight, + state13_process_end_of_early_data, + state13_read_client_certificate, + state13_read_client_certificate_verify, + state13_read_channel_id, + state13_read_client_finished, + state13_send_new_session_ticket, + state13_done, +}; + // handback_t lists the points in the state machine where a handback can occur. // These are the different points at which key material is no longer needed. enum handback_t {
diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc index c74d834..de69de7 100644 --- a/ssl/tls13_server.cc +++ b/ssl/tls13_server.cc
@@ -33,24 +33,6 @@ BSSL_NAMESPACE_BEGIN -enum server_hs_state_t { - state_select_parameters = 0, - state_select_session, - state_send_hello_retry_request, - state_read_second_client_hello, - state_send_server_hello, - state_send_server_certificate_verify, - state_send_server_finished, - state_read_second_client_flight, - state_process_end_of_early_data, - state_read_client_certificate, - state_read_client_certificate_verify, - state_read_channel_id, - state_read_client_finished, - state_send_new_session_ticket, - state_done, -}; - static const uint8_t kZeroes[EVP_MAX_MD_SIZE] = {0}; // Allow a minute of ticket age skew in either direction. This covers @@ -244,7 +226,7 @@ return ssl_hs_error; } - hs->tls13_state = state_select_session; + hs->tls13_state = state13_select_session; return ssl_hs_ok; } @@ -405,7 +387,7 @@ return ssl_hs_error; case ssl_ticket_aead_retry: - hs->tls13_state = state_select_session; + hs->tls13_state = state13_select_session; return ssl_hs_pending_ticket; } @@ -465,14 +447,14 @@ if (!hs->transcript.UpdateForHelloRetryRequest()) { return ssl_hs_error; } - hs->tls13_state = state_send_hello_retry_request; + hs->tls13_state = state13_send_hello_retry_request; return ssl_hs_ok; } return ssl_hs_error; } ssl->method->next_message(ssl); - hs->tls13_state = state_send_server_hello; + hs->tls13_state = state13_send_server_hello; return ssl_hs_ok; } @@ -507,7 +489,7 @@ } ssl->s3->used_hello_retry_request = true; - hs->tls13_state = state_read_second_client_hello; + hs->tls13_state = state13_read_second_client_hello; return ssl_hs_flush; } @@ -577,7 +559,7 @@ } ssl->method->next_message(ssl); - hs->tls13_state = state_send_server_hello; + hs->tls13_state = state13_send_server_hello; return ssl_hs_ok; } @@ -689,22 +671,22 @@ return ssl_hs_error; } - hs->tls13_state = state_send_server_certificate_verify; + hs->tls13_state = state13_send_server_certificate_verify; return ssl_hs_ok; } - hs->tls13_state = state_send_server_finished; + hs->tls13_state = state13_send_server_finished; return ssl_hs_ok; } static enum ssl_hs_wait_t do_send_server_certificate_verify(SSL_HANDSHAKE *hs) { switch (tls13_add_certificate_verify(hs)) { case ssl_private_key_success: - hs->tls13_state = state_send_server_finished; + hs->tls13_state = state13_send_server_finished; return ssl_hs_ok; case ssl_private_key_retry: - hs->tls13_state = state_send_server_certificate_verify; + hs->tls13_state = state13_send_server_certificate_verify; return ssl_hs_private_key_operation; case ssl_private_key_failure: @@ -782,7 +764,7 @@ } } - hs->tls13_state = state_read_second_client_flight; + hs->tls13_state = state13_read_second_client_flight; return ssl_hs_flush; } @@ -808,11 +790,11 @@ hs->client_handshake_secret())) { return ssl_hs_error; } - hs->tls13_state = state_read_client_certificate; + hs->tls13_state = state13_read_client_certificate; return ssl->s3->early_data_accepted ? ssl_hs_early_return : ssl_hs_ok; } - hs->tls13_state = state_process_end_of_early_data; + hs->tls13_state = state13_process_end_of_early_data; return ssl->s3->early_data_accepted ? ssl_hs_read_end_of_early_data : ssl_hs_ok; } @@ -840,7 +822,7 @@ hs->client_handshake_secret())) { return ssl_hs_error; } - hs->tls13_state = state_read_client_certificate; + hs->tls13_state = state13_read_client_certificate; return ssl_hs_ok; } @@ -857,7 +839,7 @@ } // Skip this state. - hs->tls13_state = state_read_channel_id; + hs->tls13_state = state13_read_channel_id; return ssl_hs_ok; } @@ -874,7 +856,7 @@ } ssl->method->next_message(ssl); - hs->tls13_state = state_read_client_certificate_verify; + hs->tls13_state = state13_read_client_certificate_verify; return ssl_hs_ok; } @@ -883,7 +865,7 @@ SSL *const ssl = hs->ssl; if (sk_CRYPTO_BUFFER_num(hs->new_session->certs.get()) == 0) { // Skip this state. - hs->tls13_state = state_read_channel_id; + hs->tls13_state = state13_read_channel_id; return ssl_hs_ok; } @@ -898,7 +880,7 @@ case ssl_verify_invalid: return ssl_hs_error; case ssl_verify_retry: - hs->tls13_state = state_read_client_certificate_verify; + hs->tls13_state = state13_read_client_certificate_verify; return ssl_hs_certificate_verify; } @@ -909,14 +891,14 @@ } ssl->method->next_message(ssl); - hs->tls13_state = state_read_channel_id; + hs->tls13_state = state13_read_channel_id; return ssl_hs_ok; } static enum ssl_hs_wait_t do_read_channel_id(SSL_HANDSHAKE *hs) { SSL *const ssl = hs->ssl; if (!ssl->s3->channel_id_valid) { - hs->tls13_state = state_read_client_finished; + hs->tls13_state = state13_read_client_finished; return ssl_hs_ok; } @@ -931,7 +913,7 @@ } ssl->method->next_message(ssl); - hs->tls13_state = state_read_client_finished; + hs->tls13_state = state13_read_client_finished; return ssl_hs_ok; } @@ -958,10 +940,10 @@ } // We send post-handshake tickets as part of the handshake in 1-RTT. - hs->tls13_state = state_send_new_session_ticket; + hs->tls13_state = state13_send_new_session_ticket; } else { // We already sent half-RTT tickets. - hs->tls13_state = state_done; + hs->tls13_state = state13_done; } ssl->method->next_message(ssl); @@ -974,7 +956,7 @@ return ssl_hs_error; } - hs->tls13_state = state_done; + hs->tls13_state = state13_done; // In TLS 1.3, the NewSessionTicket isn't flushed until the server performs a // write, to prevent a non-reading client from causing the server to hang in // the case of a small server write buffer. Consumers which don't write data @@ -987,54 +969,54 @@ } enum ssl_hs_wait_t tls13_server_handshake(SSL_HANDSHAKE *hs) { - while (hs->tls13_state != state_done) { + while (hs->tls13_state != state13_done) { enum ssl_hs_wait_t ret = ssl_hs_error; - enum server_hs_state_t state = - static_cast<enum server_hs_state_t>(hs->tls13_state); + enum tls13_server_hs_state_t state = + static_cast<enum tls13_server_hs_state_t>(hs->tls13_state); switch (state) { - case state_select_parameters: + case state13_select_parameters: ret = do_select_parameters(hs); break; - case state_select_session: + case state13_select_session: ret = do_select_session(hs); break; - case state_send_hello_retry_request: + case state13_send_hello_retry_request: ret = do_send_hello_retry_request(hs); break; - case state_read_second_client_hello: + case state13_read_second_client_hello: ret = do_read_second_client_hello(hs); break; - case state_send_server_hello: + case state13_send_server_hello: ret = do_send_server_hello(hs); break; - case state_send_server_certificate_verify: + case state13_send_server_certificate_verify: ret = do_send_server_certificate_verify(hs); break; - case state_send_server_finished: + case state13_send_server_finished: ret = do_send_server_finished(hs); break; - case state_read_second_client_flight: + case state13_read_second_client_flight: ret = do_read_second_client_flight(hs); break; - case state_process_end_of_early_data: + case state13_process_end_of_early_data: ret = do_process_end_of_early_data(hs); break; - case state_read_client_certificate: + case state13_read_client_certificate: ret = do_read_client_certificate(hs); break; - case state_read_client_certificate_verify: + case state13_read_client_certificate_verify: ret = do_read_client_certificate_verify(hs); break; - case state_read_channel_id: + case state13_read_channel_id: ret = do_read_channel_id(hs); break; - case state_read_client_finished: + case state13_read_client_finished: ret = do_read_client_finished(hs); break; - case state_send_new_session_ticket: + case state13_send_new_session_ticket: ret = do_send_new_session_ticket(hs); break; - case state_done: + case state13_done: ret = ssl_hs_ok; break; } @@ -1052,38 +1034,38 @@ } const char *tls13_server_handshake_state(SSL_HANDSHAKE *hs) { - enum server_hs_state_t state = - static_cast<enum server_hs_state_t>(hs->tls13_state); + enum tls13_server_hs_state_t state = + static_cast<enum tls13_server_hs_state_t>(hs->tls13_state); switch (state) { - case state_select_parameters: + case state13_select_parameters: return "TLS 1.3 server select_parameters"; - case state_select_session: + case state13_select_session: return "TLS 1.3 server select_session"; - case state_send_hello_retry_request: + case state13_send_hello_retry_request: return "TLS 1.3 server send_hello_retry_request"; - case state_read_second_client_hello: + case state13_read_second_client_hello: return "TLS 1.3 server read_second_client_hello"; - case state_send_server_hello: + case state13_send_server_hello: return "TLS 1.3 server send_server_hello"; - case state_send_server_certificate_verify: + case state13_send_server_certificate_verify: return "TLS 1.3 server send_server_certificate_verify"; - case state_send_server_finished: + case state13_send_server_finished: return "TLS 1.3 server send_server_finished"; - case state_read_second_client_flight: + case state13_read_second_client_flight: return "TLS 1.3 server read_second_client_flight"; - case state_process_end_of_early_data: + case state13_process_end_of_early_data: return "TLS 1.3 server process_end_of_early_data"; - case state_read_client_certificate: + case state13_read_client_certificate: return "TLS 1.3 server read_client_certificate"; - case state_read_client_certificate_verify: + case state13_read_client_certificate_verify: return "TLS 1.3 server read_client_certificate_verify"; - case state_read_channel_id: + case state13_read_channel_id: return "TLS 1.3 server read_channel_id"; - case state_read_client_finished: + case state13_read_client_finished: return "TLS 1.3 server read_client_finished"; - case state_send_new_session_ticket: + case state13_send_new_session_ticket: return "TLS 1.3 server send_new_session_ticket"; - case state_done: + case state13_done: return "TLS 1.3 server done"; }