Add server side support for creating the Hello Retry Request message (7d061fce) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

include/openssl/ssl.h

+4 −1

Original line number	Diff line number	Diff line
		@@ -880,7 +880,8 @@ typedef enum {
		TLS_ST_CR_ENCRYPTED_EXTENSIONS,
		TLS_ST_CR_CERT_VRFY,
		TLS_ST_SW_CERT_VRFY,
		TLS_ST_CR_HELLO_REQ
		TLS_ST_CR_HELLO_REQ,
		TLS_ST_SW_HELLO_RETRY_REQUEST
		} OSSL_HANDSHAKE_STATE;

		/*
		@@ -2300,6 +2301,7 @@ int ERR_load_SSL_strings(void);
		# define SSL_F_TLS_CONSTRUCT_EXTENSIONS 447
		# define SSL_F_TLS_CONSTRUCT_FINISHED 359
		# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 373
		# define SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST 510
		# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET 428
		# define SSL_F_TLS_CONSTRUCT_NEXT_PROTO 426
		# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 490
		@@ -2502,6 +2504,7 @@ int ERR_load_SSL_strings(void);
		# define SSL_R_NO_RENEGOTIATION 339
		# define SSL_R_NO_REQUIRED_DIGEST 324
		# define SSL_R_NO_SHARED_CIPHER 193
		# define SSL_R_NO_SHARED_GROUPS 410
		# define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS 376
		# define SSL_R_NO_SRTP_PROFILES 359
		# define SSL_R_NO_SUITABLE_KEY_SHARE 101

+1 −0

Original line number	Diff line number	Diff line
		@@ -274,6 +274,7 @@ extern "C" {
		# define SSL3_MT_CLIENT_HELLO 1
		# define SSL3_MT_SERVER_HELLO 2
		# define SSL3_MT_NEWSESSION_TICKET 4
		# define SSL3_MT_HELLO_RETRY_REQUEST 6
		# define SSL3_MT_ENCRYPTED_EXTENSIONS 8
		# define SSL3_MT_CERTIFICATE 11
		# define SSL3_MT_SERVER_KEY_EXCHANGE 12

+3 −0

Original line number	Diff line number	Diff line
		@@ -329,6 +329,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
		{ERR_FUNC(SSL_F_TLS_CONSTRUCT_FINISHED), "tls_construct_finished"},
		{ERR_FUNC(SSL_F_TLS_CONSTRUCT_HELLO_REQUEST),
		"tls_construct_hello_request"},
		{ERR_FUNC(SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST),
		"tls_construct_hello_retry_request"},
		{ERR_FUNC(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET),
		"tls_construct_new_session_ticket"},
		{ERR_FUNC(SSL_F_TLS_CONSTRUCT_NEXT_PROTO), "tls_construct_next_proto"},
		@@ -603,6 +605,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
		{ERR_REASON(SSL_R_NO_RENEGOTIATION), "no renegotiation"},
		{ERR_REASON(SSL_R_NO_REQUIRED_DIGEST), "no required digest"},
		{ERR_REASON(SSL_R_NO_SHARED_CIPHER), "no shared cipher"},
		{ERR_REASON(SSL_R_NO_SHARED_GROUPS), "no shared groups"},
		{ERR_REASON(SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS),
		"no shared signature algorithms"},
		{ERR_REASON(SSL_R_NO_SRTP_PROFILES), "no srtp profiles"},

+3 −0

Original line number	Diff line number	Diff line
		@@ -1005,6 +1005,9 @@ struct ssl_st {
		unsigned char cert_verify_hash[EVP_MAX_MD_SIZE];
		size_t cert_verify_hash_len;

		/* Flag to indicate whether we should send a HelloRetryRequest or not */
		int hello_retry_request;

		/*
		* the session_id_context is used to ensure sessions are only reused in
		* the appropriate context

+7 −1

Original line number	Diff line number	Diff line
		@@ -979,12 +979,18 @@ static int final_key_share(SSL s, unsigned int context, int sent, int al)
		&& (!s->hit
		\|\| (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0)) {
		/* No suitable share */
		/* TODO(TLS1.3): Send a HelloRetryRequest */
		if (s->server && s->hello_retry_request == 0 && sent) {
		s->hello_retry_request = 1;
		return 1;
		}

		/* Nothing left we can do - just fail */
		*al = SSL_AD_HANDSHAKE_FAILURE;
		SSLerr(SSL_F_FINAL_KEY_SHARE, SSL_R_NO_SUITABLE_KEY_SHARE);
		return 0;
		}

		s->hello_retry_request = 0;
		/*
		* For a client side resumption with no key_share we need to generate
		* the handshake secret (otherwise this is done during key_share