diff options
author | Matt Caswell <matt@openssl.org> | 2017-02-20 16:35:03 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-03-02 17:44:15 +0000 |
commit | 0a87d0ac628685a1b420851f1614829a952cda5f (patch) | |
tree | f92b975cf18b963c6d0f978a8aca3c458e6fed7b /ssl/statem | |
parent | a4f376af7e98161c7513614cf4a110724a5a65f5 (diff) |
Parse the early_data extension
We also skip any early_data that subsequently gets sent. Later commits will
process it if we can.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
Diffstat (limited to 'ssl/statem')
-rw-r--r-- | ssl/statem/extensions.c | 3 | ||||
-rw-r--r-- | ssl/statem/extensions_srvr.c | 13 | ||||
-rw-r--r-- | ssl/statem/statem.c | 12 | ||||
-rw-r--r-- | ssl/statem/statem.h | 1 | ||||
-rw-r--r-- | ssl/statem/statem_locl.h | 2 |
5 files changed, 30 insertions, 1 deletions
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index a2efd0a739..ccc60b6a26 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -138,7 +138,8 @@ static const EXTENSION_DEFINITION ext_defs[] = { { TLSEXT_TYPE_early_data, EXT_CLIENT_HELLO | EXT_TLS1_3_ENCRYPTED_EXTENSIONS, - NULL, NULL, NULL, NULL, tls_construct_ctos_early_data, NULL + NULL, tls_parse_ctos_early_data, NULL, NULL, + tls_construct_ctos_early_data, NULL }, #ifndef OPENSSL_NO_EC { diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 690cc30cf3..8994ab9cc1 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -162,6 +162,19 @@ int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } #endif +int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx, int *al) +{ + if (PACKET_remaining(pkt) != 0) { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + + s->ext.expect_early_data = 1; + + return 1; +} + #ifndef OPENSSL_NO_EC int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx, int *al) diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index 10d794ede7..9ec8e85426 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -151,6 +151,18 @@ void ossl_statem_set_in_handshake(SSL *s, int inhand) s->statem.in_handshake--; } +/* Are we in a sensible state to skip over unreadable early data? */ +int ossl_statem_skip_early_data(SSL *s) +{ + if (!s->ext.expect_early_data) + return 0; + + if (s->statem.hand_state != TLS_ST_SW_FINISHED) + return 0; + + return 1; +} + void ossl_statem_set_hello_verify_done(SSL *s) { s->statem.state = MSG_FLOW_UNINITED; diff --git a/ssl/statem/statem.h b/ssl/statem/statem.h index 906f2ec5bc..5bb74d029f 100644 --- a/ssl/statem/statem.h +++ b/ssl/statem/statem.h @@ -122,6 +122,7 @@ int ossl_statem_in_error(const SSL *s); void ossl_statem_set_in_init(SSL *s, int init); int ossl_statem_get_in_handshake(SSL *s); void ossl_statem_set_in_handshake(SSL *s, int inhand); +__owur int ossl_statem_skip_early_data(SSL *s); void ossl_statem_set_hello_verify_done(SSL *s); __owur int ossl_statem_app_data_allowed(SSL *s); #ifndef OPENSSL_NO_SCTP diff --git a/ssl/statem/statem_locl.h b/ssl/statem/statem_locl.h index 99eb8ed319..02c367910b 100644 --- a/ssl/statem/statem_locl.h +++ b/ssl/statem/statem_locl.h @@ -191,6 +191,8 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx, int *al); #endif +int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx, int *al); #ifndef OPENSSL_NO_EC int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx, int *al); |