kris
/
boringssl
1
0
Fork 0
Código Issues 0 Pull requests 0 Versões 0 Wiki Atividade
Ver código fonte

Remove write_message from TLS 1.3 handshakes. 

BUG=72

Change-Id: I4aad718762925191d85f0a468eeec4aa5d85d1e8
Reviewed-on: https://boringssl-review.googlesource.com/13225
Reviewed-by: Adam Langley <agl@google.com>
kris/onging/CECPQ3_patch15
David Benjamin 7 anos atrás
committed by Adam Langley
pai
daf207a52a
commit
25ac251a1d
4 arquivos alterados com 53 adições e 110 exclusões
Visão dividida
Opções de diferenças
Mostrar estatísticas Baixar arquivo de patch Baixar arquivo de diferenças
  1. +0
    -1
      ssl/internal.h
  2. +0
    -8
      ssl/tls13_both.c
  3. +4
    -22
      ssl/tls13_client.c
  4. +49
    -79
      ssl/tls13_server.c

+ 0
- 1
ssl/internal.h Ver arquivo

@@ -888,7 +888,6 @@ enum ssl_hs_wait_t {
ssl_hs_error,
ssl_hs_ok,
ssl_hs_read_message,
ssl_hs_write_message,
ssl_hs_flush,
ssl_hs_flush_and_read_message,
ssl_hs_x509_lookup,


+ 0
- 8
ssl/tls13_both.c Ver arquivo

@@ -65,14 +65,6 @@ int tls13_handshake(SSL_HANDSHAKE *hs) {
break;
}

case ssl_hs_write_message: {
int ret = ssl->method->write_message(ssl);
if (ret <= 0) {
return ret;
}
break;
}

case ssl_hs_x509_lookup:
ssl->rwstate = SSL_X509_LOOKUP;
hs->wait = ssl_hs_ok;


+ 4
- 22
ssl/tls13_client.c Ver arquivo

@@ -31,7 +31,6 @@
enum client_hs_state_t {
state_process_hello_retry_request = 0,
state_send_second_client_hello,
state_flush_second_client_hello,
state_process_server_hello,
state_process_encrypted_extensions,
state_process_certificate_request,
@@ -43,7 +42,6 @@ enum client_hs_state_t {
state_complete_client_certificate_verify,
state_send_channel_id,
state_send_client_finished,
state_flush,
state_done,
};

@@ -147,11 +145,6 @@ static enum ssl_hs_wait_t do_send_second_client_hello(SSL_HANDSHAKE *hs) {
return ssl_hs_error;
}

hs->tls13_state = state_flush_second_client_hello;
return ssl_hs_write_message;
}

static enum ssl_hs_wait_t do_flush_second_client_hello(SSL_HANDSHAKE *hs) {
hs->tls13_state = state_process_server_hello;
return ssl_hs_flush_and_read_message;
}
@@ -495,7 +488,7 @@ static enum ssl_hs_wait_t do_send_client_certificate(SSL_HANDSHAKE *hs) {
}

hs->tls13_state = state_send_client_certificate_verify;
return ssl_hs_write_message;
return ssl_hs_ok;
}

static enum ssl_hs_wait_t do_send_client_certificate_verify(SSL_HANDSHAKE *hs,
@@ -510,7 +503,7 @@ static enum ssl_hs_wait_t do_send_client_certificate_verify(SSL_HANDSHAKE *hs,
switch (tls13_prepare_certificate_verify(hs, is_first_run)) {
case ssl_private_key_success:
hs->tls13_state = state_send_channel_id;
return ssl_hs_write_message;
return ssl_hs_ok;

case ssl_private_key_retry:
hs->tls13_state = state_complete_client_certificate_verify;
@@ -548,20 +541,15 @@ static enum ssl_hs_wait_t do_send_channel_id(SSL_HANDSHAKE *hs) {
}

hs->tls13_state = state_send_client_finished;
return ssl_hs_write_message;
return ssl_hs_ok;
}

static enum ssl_hs_wait_t do_send_client_finished(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
if (!tls13_prepare_finished(hs)) {
return ssl_hs_error;
}

hs->tls13_state = state_flush;
return ssl_hs_write_message;
}

static enum ssl_hs_wait_t do_flush(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
if (!tls13_set_traffic_key(ssl, evp_aead_open, hs->server_traffic_secret_0,
hs->hash_len) ||
!tls13_set_traffic_key(ssl, evp_aead_seal, hs->client_traffic_secret_0,
@@ -585,9 +573,6 @@ enum ssl_hs_wait_t tls13_client_handshake(SSL_HANDSHAKE *hs) {
case state_send_second_client_hello:
ret = do_send_second_client_hello(hs);
break;
case state_flush_second_client_hello:
ret = do_flush_second_client_hello(hs);
break;
case state_process_server_hello:
ret = do_process_server_hello(hs);
break;
@@ -621,9 +606,6 @@ enum ssl_hs_wait_t tls13_client_handshake(SSL_HANDSHAKE *hs) {
case state_send_client_finished:
ret = do_send_client_finished(hs);
break;
case state_flush:
ret = do_flush(hs);
break;
case state_done:
ret = ssl_hs_ok;
break;


+ 49
- 79
ssl/tls13_server.c Ver arquivo

@@ -38,7 +38,6 @@ enum server_hs_state_t {
state_process_client_hello = 0,
state_select_parameters,
state_send_hello_retry_request,
state_flush_hello_retry_request,
state_process_second_client_hello,
state_send_server_hello,
state_send_encrypted_extensions,
@@ -47,13 +46,11 @@ enum server_hs_state_t {
state_send_server_certificate_verify,
state_complete_server_certificate_verify,
state_send_server_finished,
state_flush,
state_process_client_certificate,
state_process_client_certificate_verify,
state_process_channel_id,
state_process_client_finished,
state_send_new_session_ticket,
state_flush_new_session_tickets,
state_done,
};

@@ -354,11 +351,6 @@ static enum ssl_hs_wait_t do_send_hello_retry_request(SSL_HANDSHAKE *hs) {
return ssl_hs_error;
}

hs->tls13_state = state_flush_hello_retry_request;
return ssl_hs_write_message;
}

static enum ssl_hs_wait_t do_flush_hello_retry_request(SSL_HANDSHAKE *hs) {
hs->tls13_state = state_process_second_client_hello;
return ssl_hs_flush_and_read_message;
}
@@ -422,7 +414,7 @@ static enum ssl_hs_wait_t do_send_server_hello(SSL_HANDSHAKE *hs) {
}

hs->tls13_state = state_send_encrypted_extensions;
return ssl_hs_write_message;
return ssl_hs_ok;

err:
CBB_cleanup(&cbb);
@@ -449,7 +441,7 @@ static enum ssl_hs_wait_t do_send_encrypted_extensions(SSL_HANDSHAKE *hs) {
}

hs->tls13_state = state_send_certificate_request;
return ssl_hs_write_message;
return ssl_hs_ok;
}

static enum ssl_hs_wait_t do_send_certificate_request(SSL_HANDSHAKE *hs) {
@@ -493,7 +485,7 @@ static enum ssl_hs_wait_t do_send_certificate_request(SSL_HANDSHAKE *hs) {
}

hs->tls13_state = state_send_server_certificate;
return ssl_hs_write_message;
return ssl_hs_ok;

err:
CBB_cleanup(&cbb);
@@ -517,7 +509,7 @@ static enum ssl_hs_wait_t do_send_server_certificate(SSL_HANDSHAKE *hs) {
}

hs->tls13_state = state_send_server_certificate_verify;
return ssl_hs_write_message;
return ssl_hs_ok;
}

static enum ssl_hs_wait_t do_send_server_certificate_verify(SSL_HANDSHAKE *hs,
@@ -525,7 +517,7 @@ static enum ssl_hs_wait_t do_send_server_certificate_verify(SSL_HANDSHAKE *hs,
switch (tls13_prepare_certificate_verify(hs, is_first_run)) {
case ssl_private_key_success:
hs->tls13_state = state_send_server_finished;
return ssl_hs_write_message;
return ssl_hs_ok;

case ssl_private_key_retry:
hs->tls13_state = state_complete_server_certificate_verify;
@@ -540,18 +532,10 @@ static enum ssl_hs_wait_t do_send_server_certificate_verify(SSL_HANDSHAKE *hs,
}

static enum ssl_hs_wait_t do_send_server_finished(SSL_HANDSHAKE *hs) {
if (!tls13_prepare_finished(hs)) {
return ssl_hs_error;
}

hs->tls13_state = state_flush;
return ssl_hs_write_message;
}

static enum ssl_hs_wait_t do_flush(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
/* Update the secret to the master secret and derive traffic keys. */
if (!tls13_advance_key_schedule(hs, kZeroes, hs->hash_len) ||
if (!tls13_prepare_finished(hs) ||
/* Update the secret to the master secret and derive traffic keys. */
!tls13_advance_key_schedule(hs, kZeroes, hs->hash_len) ||
!tls13_derive_application_secrets(hs) ||
!tls13_set_traffic_key(ssl, evp_aead_seal, hs->server_traffic_secret_0,
hs->hash_len)) {
@@ -644,11 +628,11 @@ static enum ssl_hs_wait_t do_process_client_finished(SSL_HANDSHAKE *hs) {
return ssl_hs_ok;
}

/* TLS 1.3 recommends single-use tickets, so issue multiple tickets in case the
* client makes several connections before getting a renewal. */
static const int kNumTickets = 2;

static enum ssl_hs_wait_t do_send_new_session_ticket(SSL_HANDSHAKE *hs) {
/* TLS 1.3 recommends single-use tickets, so issue multiple tickets in case the
* client makes several connections before getting a renewal. */
static const int kNumTickets = 2;

SSL *const ssl = hs->ssl;
/* If the client doesn't accept resumption with PSK_DHE_KE, don't send a
* session ticket. */
@@ -658,63 +642,58 @@ static enum ssl_hs_wait_t do_send_new_session_ticket(SSL_HANDSHAKE *hs) {
}

SSL_SESSION *session = ssl->s3->new_session;
if (!RAND_bytes((uint8_t *)&session->ticket_age_add, 4)) {
goto err;
}

CBB cbb, body, ticket, extensions;
if (!ssl->method->init_message(ssl, &cbb, &body,
SSL3_MT_NEW_SESSION_TICKET) ||
!CBB_add_u32(&body, session->timeout) ||
!CBB_add_u32(&body, session->ticket_age_add) ||
!CBB_add_u16_length_prefixed(&body, &ticket) ||
!ssl_encrypt_ticket(ssl, &ticket, session) ||
!CBB_add_u16_length_prefixed(&body, &extensions)) {
goto err;
}
CBB cbb;
CBB_zero(&cbb);

if (ssl->ctx->enable_early_data) {
session->ticket_max_early_data = kMaxEarlyDataAccepted;
for (int i = 0; i < kNumTickets; i++) {
if (!RAND_bytes((uint8_t *)&session->ticket_age_add, 4)) {
goto err;
}

CBB early_data_info;
if (!CBB_add_u16(&extensions, TLSEXT_TYPE_ticket_early_data_info) ||
!CBB_add_u16_length_prefixed(&extensions, &early_data_info) ||
!CBB_add_u32(&early_data_info, session->ticket_max_early_data) ||
!CBB_flush(&extensions)) {
CBB body, ticket, extensions;
if (!ssl->method->init_message(ssl, &cbb, &body,
SSL3_MT_NEW_SESSION_TICKET) ||
!CBB_add_u32(&body, session->timeout) ||
!CBB_add_u32(&body, session->ticket_age_add) ||
!CBB_add_u16_length_prefixed(&body, &ticket) ||
!ssl_encrypt_ticket(ssl, &ticket, session) ||
!CBB_add_u16_length_prefixed(&body, &extensions)) {
goto err;
}
}

/* Add a fake extension. See draft-davidben-tls-grease-01. */
if (!CBB_add_u16(&extensions,
ssl_get_grease_value(ssl, ssl_grease_ticket_extension)) ||
!CBB_add_u16(&extensions, 0 /* empty */)) {
goto err;
}
if (ssl->ctx->enable_early_data) {
session->ticket_max_early_data = kMaxEarlyDataAccepted;

if (!ssl_add_message_cbb(ssl, &cbb)) {
goto err;
}
CBB early_data_info;
if (!CBB_add_u16(&extensions, TLSEXT_TYPE_ticket_early_data_info) ||
!CBB_add_u16_length_prefixed(&extensions, &early_data_info) ||
!CBB_add_u32(&early_data_info, session->ticket_max_early_data) ||
!CBB_flush(&extensions)) {
goto err;
}
}

hs->session_tickets_sent++;
if (hs->session_tickets_sent >= kNumTickets) {
hs->tls13_state = state_flush_new_session_tickets;
} else {
hs->tls13_state = state_send_new_session_ticket;
/* Add a fake extension. See draft-davidben-tls-grease-01. */
if (!CBB_add_u16(&extensions,
ssl_get_grease_value(ssl, ssl_grease_ticket_extension)) ||
!CBB_add_u16(&extensions, 0 /* empty */)) {
goto err;
}

if (!ssl_add_message_cbb(ssl, &cbb)) {
goto err;
}
}

return ssl_hs_write_message;
hs->session_tickets_sent++;
hs->tls13_state = state_done;
return ssl_hs_flush;

err:
CBB_cleanup(&cbb);
return ssl_hs_error;
}

static enum ssl_hs_wait_t do_flush_new_session_tickets(SSL_HANDSHAKE *hs) {
hs->tls13_state = state_done;
return ssl_hs_flush;
}

enum ssl_hs_wait_t tls13_server_handshake(SSL_HANDSHAKE *hs) {
while (hs->tls13_state != state_done) {
enum ssl_hs_wait_t ret = ssl_hs_error;
@@ -729,9 +708,6 @@ enum ssl_hs_wait_t tls13_server_handshake(SSL_HANDSHAKE *hs) {
case state_send_hello_retry_request:
ret = do_send_hello_retry_request(hs);
break;
case state_flush_hello_retry_request:
ret = do_flush_hello_retry_request(hs);
break;
case state_process_second_client_hello:
ret = do_process_second_client_hello(hs);
break;
@@ -756,9 +732,6 @@ enum ssl_hs_wait_t tls13_server_handshake(SSL_HANDSHAKE *hs) {
case state_send_server_finished:
ret = do_send_server_finished(hs);
break;
case state_flush:
ret = do_flush(hs);
break;
case state_process_client_certificate:
ret = do_process_client_certificate(hs);
break;
@@ -774,9 +747,6 @@ enum ssl_hs_wait_t tls13_server_handshake(SSL_HANDSHAKE *hs) {
case state_send_new_session_ticket:
ret = do_send_new_session_ticket(hs);
break;
case state_flush_new_session_tickets:
ret = do_flush_new_session_tickets(hs);
break;
case state_done:
ret = ssl_hs_ok;
break;


Escrever Pré-visualização
Carregando…
Cancelar
Salvar