s2n-tls icon indicating copy to clipboard operation
s2n-tls copied to clipboard
verified publisher icon aws

Use non-zero to represent CLIENT_HELLO in state machine

Open zz85 opened this issue 6 years ago • 0 comments

Problem:

As ClientHello is represented by 0 https://github.com/awslabs/s2n/blob/18da1bbbcb7bbc4c9d72e034d33030b2cf42738c/tls/s2n_handshake.h#L32 in the state machine tables (https://github.com/awslabs/s2n/blob/master/tls/s2n_handshake_io.c#L147), it can be difficult to differentiate having a pointer to an invalid entry of the state machine or a client hello.

Proposed Solution:

change client_hello to 1 i.e.

typedef enum {
    CLIENT_HELLO=1,
    SERVER_HELLO,

or add another intial state before client hello

typedef enum {
    INITIAL=0,
    CLIENT_HELLO,
    SERVER_HELLO,

This gives us a the ability to have additional runtime checks that we have a valid pointer to the state machine. SAW tests will likely be required to be updated and the s2n codebase should be audited to ensure the message_type_t CLIENT_HELLO is used over 0 values.

zz85 avatar Mar 25 '20 18:03 zz85