Split half-RTT tickets out into a separate TLS 1.3 state.
This is prefactoring to allow a split handshake to be handed back
prior to sending the half-RTT ticket.
Change-Id: Ib5c335b3109a024391c2ec2cab0749eae43f4646
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/39744
Commit-Queue: Matt Braithwaite <mab@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/ssl/internal.h b/ssl/internal.h
index bf4dd2f..7a9fc63 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -1485,6 +1485,7 @@
state13_send_server_hello,
state13_send_server_certificate_verify,
state13_send_server_finished,
+ state13_send_half_rtt_ticket,
state13_read_second_client_flight,
state13_process_end_of_early_data,
state13_read_client_certificate,
diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc
index c6c496e..c34f240 100644
--- a/ssl/tls13_server.cc
+++ b/ssl/tls13_server.cc
@@ -697,6 +697,13 @@
return ssl_hs_error;
}
+ hs->tls13_state = state13_send_half_rtt_ticket;
+ return ssl_hs_ok;
+}
+
+static enum ssl_hs_wait_t do_send_half_rtt_ticket(SSL_HANDSHAKE *hs) {
+ SSL *const ssl = hs->ssl;
+
if (ssl->s3->early_data_accepted) {
// We defer releasing the early traffic secret to QUIC to this point. First,
// the early traffic secret is derived before ECDHE, but ECDHE may later
@@ -986,6 +993,9 @@
case state13_send_server_finished:
ret = do_send_server_finished(hs);
break;
+ case state13_send_half_rtt_ticket:
+ ret = do_send_half_rtt_ticket(hs);
+ break;
case state13_read_second_client_flight:
ret = do_read_second_client_flight(hs);
break;
@@ -1040,6 +1050,8 @@
return "TLS 1.3 server send_server_hello";
case state13_send_server_certificate_verify:
return "TLS 1.3 server send_server_certificate_verify";
+ case state13_send_half_rtt_ticket:
+ return "TLS 1.3 server send_half_rtt_ticket";
case state13_send_server_finished:
return "TLS 1.3 server send_server_finished";
case state13_read_second_client_flight:
