kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Adding Post-Handshake message handling.

Browse Source 
Change-Id: I5cc194fc0a3ba8283049078e5671c924ee23036c
Reviewed-on: https://boringssl-review.googlesource.com/8980
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
Steven Valdez 2016-07-26 12:39:22 -04:00 committed by CQ bot account: commit-bot@chromium.org
parent 87eab4902d
commit 8e1c7be1a7
4 changed files with 22 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ssl/internal.h
View File

@ -905,6 +905,10 @@ int tls13_handshake(SSL *ssl);
enum ssl_hs_wait_t tls13_client_handshake(SSL *ssl); enum ssl_hs_wait_t tls13_client_handshake(SSL *ssl);
enum ssl_hs_wait_t tls13_server_handshake(SSL *ssl); enum ssl_hs_wait_t tls13_server_handshake(SSL *ssl);
/* tls13_post_handshake processes a post-handshake message. It returns one on
* success and zero on failure. */
int tls13_post_handshake(SSL *ssl);
/* tls13_check_message_type checks if the current message has type |type|. If so /* tls13_check_message_type checks if the current message has type |type|. If so
* it returns one. Otherwise, it sends an alert and returns zero. */ * it returns one. Otherwise, it sends an alert and returns zero. */
int tls13_check_message_type(SSL *ssl, int type); int tls13_check_message_type(SSL *ssl, int type);

4
ssl/ssl_lib.c
View File

@ -675,9 +675,7 @@ static int ssl_do_post_handshake(SSL *ssl) {
return ssl_do_renegotiate(ssl); return ssl_do_renegotiate(ssl);
} }
/* TODO(svaldez): Handle TLS 1.3 post-handshake messages. For now, return tls13_post_handshake(ssl);
* silently drop them. */
return 1;
} }
static int ssl_read_impl(SSL *ssl, void *buf, int num, int peek) { static int ssl_read_impl(SSL *ssl, void *buf, int num, int peek) {

6
ssl/test/runner/runner.go
View File

@ -5144,10 +5144,6 @@ func addRenegotiationTests() {
}) })
// Renegotiation is forbidden in TLS 1.3. // Renegotiation is forbidden in TLS 1.3.
//
// TODO(davidben): This test current asserts that we ignore
// HelloRequests, but we actually should hard reject them. Fix this
// test once we actually parse post-handshake messages.
testCases = append(testCases, testCase{ testCases = append(testCases, testCase{
name: "Renegotiate-Client-TLS13", name: "Renegotiate-Client-TLS13",
config: Config{ config: Config{
@ -5159,6 +5155,8 @@ func addRenegotiationTests() {
flags: []string{ flags: []string{
"-renegotiate-freely", "-renegotiate-freely",
}, },
shouldFail: true,
expectedError: ":UNEXPECTED_MESSAGE:",
}) })
// Stray HelloRequests during the handshake are forbidden in TLS 1.3. // Stray HelloRequests during the handshake are forbidden in TLS 1.3.

15
ssl/tls13_both.c
View File

@ -452,3 +452,18 @@ int tls13_prepare_finished(SSL *ssl) {
return 1; return 1;
} }
int tls13_post_handshake(SSL *ssl) {
if (ssl->s3->tmp.message_type == SSL3_MT_NEW_SESSION_TICKET &&
!ssl->server) {
// TODO(svaldez): Handle NewSessionTicket.
return 1;
}
// TODO(svaldez): Handle post-handshake authentication.
// TODO(svaldez): Handle KeyUpdate.
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
return 0;
}