Update state machine to be closer to TLS1.3

This is a major overhaul of the TLSv1.3 state machine. Currently it still looks like TLSv1.2. This commit changes things around so that it starts to look a bit less like TLSv1.2 and bit more like TLSv1.3. After this commit we have: ClientHello + key_share ----> ServerHello +key_share {CertificateRequest*} {Certificate*} {CertificateStatus*} <---- {Finished} {Certificate*} {CertificateVerify*} {Finished} ----> [ApplicationData] <---> [Application Data] Key differences between this intermediate position and the final TLSv1.3 position are: - No EncryptedExtensions message yet - No server side CertificateVerify message yet - CertificateStatus still exists as a separate message - A number of the messages are still in the TLSv1.2 format - Still running on the TLSv1.2 record layer Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-11-09 14:06:12 +0000
committer: Matt Caswell <matt@openssl.org> 2016-11-23 15:31:21 +0000
commit: 92760c21e62c6e5ef172fa110cf47a509cd50f2f (patch)
tree: a1aa35edbe72218b6897221e9427456199ef5e95 /include
parent: 0d9824c1712b6cacd9b0ecfba26fb66ae4badfb4 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 5064e65cf5..2fd0e9fb42 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2242,7 +2242,8 @@ int ERR_load_SSL_strings(void);
 # define SSL_F_SSL_WRITE_EX                               433
 # define SSL_F_STATE_MACHINE                              353
 # define SSL_F_TLS12_CHECK_PEER_SIGALG                    333
-# define SSL_F_TLS13_CHANGE_CIPHER_STATE                  435
+# define SSL_F_TLS13_CHANGE_CIPHER_STATE                  440
+# define SSL_F_TLS13_SETUP_KEY_BLOCK                      441
 # define SSL_F_TLS1_CHANGE_CIPHER_STATE                   209
 # define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS            341
 # define SSL_F_TLS1_ENC                                   401
@@ -2336,6 +2337,7 @@ int ERR_load_SSL_strings(void);
 # define SSL_R_BIO_NOT_SET                                128
 # define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG                  129
 # define SSL_R_BN_LIB                                     130
+# define SSL_R_CANNOT_CHANGE_CIPHER                       109
 # define SSL_R_CA_DN_LENGTH_MISMATCH                      131
 # define SSL_R_CA_KEY_TOO_SMALL                           397
 # define SSL_R_CA_MD_TOO_WEAK                             398
author	Matt Caswell <matt@openssl.org>	2016-11-09 14:06:12 +0000
committer	Matt Caswell <matt@openssl.org>	2016-11-23 15:31:21 +0000
commit	92760c21e62c6e5ef172fa110cf47a509cd50f2f (patch)
tree	a1aa35edbe72218b6897221e9427456199ef5e95 /include
parent	0d9824c1712b6cacd9b0ecfba26fb66ae4badfb4 (diff)