Adding Post-Handshake message handling.

Change-Id: I5cc194fc0a3ba8283049078e5671c924ee23036c Reviewed-on: https://boringssl-review.googlesource.com/8980 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-07-26 12:39:22 -04:00 · 2016-07-26 12:39:22 -04:00 · 8e1c7be1a7
commit 8e1c7be1a7
parent 87eab4902d
4 changed files with 22 additions and 7 deletions
--- a/ssl/internal.h
+++ b/ssl/internal.h
@ -905,6 +905,10 @@ int tls13_handshake(SSL *ssl);
 enum ssl_hs_wait_t tls13_client_handshake(SSL *ssl);
 enum ssl_hs_wait_t tls13_server_handshake(SSL *ssl);

+/* tls13_post_handshake processes a post-handshake message. It returns one on
+ * success and zero on failure. */
+int tls13_post_handshake(SSL *ssl);
+
 /* tls13_check_message_type checks if the current message has type |type|. If so
 * it returns one. Otherwise, it sends an alert and returns zero. */
 int tls13_check_message_type(SSL *ssl, int type);
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -675,9 +675,7 @@ static int ssl_do_post_handshake(SSL *ssl) {
    return ssl_do_renegotiate(ssl);
  }

-  /* TODO(svaldez): Handle TLS 1.3 post-handshake messages. For now,
-   * silently drop them. */
-  return 1;
+  return tls13_post_handshake(ssl);
 }

 static int ssl_read_impl(SSL *ssl, void *buf, int num, int peek) {
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@ -5144,10 +5144,6 @@ func addRenegotiationTests() {
 	})

 	// Renegotiation is forbidden in TLS 1.3.
-	//
-	// TODO(davidben): This test current asserts that we ignore
-	// HelloRequests, but we actually should hard reject them. Fix this
-	// test once we actually parse post-handshake messages.
 	testCases = append(testCases, testCase{
 		name: "Renegotiate-Client-TLS13",
 		config: Config{
@ -5159,6 +5155,8 @@ func addRenegotiationTests() {
 		flags: []string{
 			"-renegotiate-freely",
 		},
+		shouldFail:    true,
+		expectedError: ":UNEXPECTED_MESSAGE:",
 	})

 	// Stray HelloRequests during the handshake are forbidden in TLS 1.3.
--- a/ssl/tls13_both.c
+++ b/ssl/tls13_both.c
@ -452,3 +452,18 @@ int tls13_prepare_finished(SSL *ssl) {

  return 1;
 }
+
+int tls13_post_handshake(SSL *ssl) {
+  if (ssl->s3->tmp.message_type == SSL3_MT_NEW_SESSION_TICKET &&
+      !ssl->server) {
+    // TODO(svaldez): Handle NewSessionTicket.
+    return 1;
+  }
+
+  // TODO(svaldez): Handle post-handshake authentication.
+  // TODO(svaldez): Handle KeyUpdate.
+
+  ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+  OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
+  return 0;
+}