kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Rename and move a few more ssl3_ functions around. 

I think that's the last of the ssl3_ prefix being used for common
functions.

Change-Id: Id83e6f2065c3765931250bd074f6ebf1fc251696
Reviewed-on: https://boringssl-review.googlesource.com/21347
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
kris/onging/CECPQ3_patch15
David Benjamin 7 years ago
committed by CQ bot account: commit-bot@chromium.org
parent
d1e3ce1fb0
commit
00f48c8273
6 changed files with 81 additions and 85 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +60
    -0
      ssl/handshake.cc
  2. +15
    -3
      ssl/handshake_client.cc
  3. +2
    -2
      ssl/handshake_server.cc
  4. +4
    -7
      ssl/internal.h
  5. +0
    -60
      ssl/s3_both.cc
  6. +0
    -13
      ssl/ssl_lib.cc

+ 60
- 0
ssl/handshake.cc View File

@@ -420,6 +420,66 @@ enum ssl_hs_wait_t ssl_get_finished(SSL_HANDSHAKE *hs) {
return ssl_hs_ok;
}

bool ssl_send_finished(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
const SSL_SESSION *session = SSL_get_session(ssl);

uint8_t finished[EVP_MAX_MD_SIZE];
size_t finished_len;
if (!hs->transcript.GetFinishedMAC(finished, &finished_len, session,
ssl->server)) {
return 0;
}

// Log the master secret, if logging is enabled.
if (!ssl_log_secret(ssl, "CLIENT_RANDOM",
session->master_key,
session->master_key_length)) {
return 0;
}

// Copy the Finished so we can use it for renegotiation checks.
if (ssl->version != SSL3_VERSION) {
if (finished_len > sizeof(ssl->s3->previous_client_finished) ||
finished_len > sizeof(ssl->s3->previous_server_finished)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
return 0;
}

if (ssl->server) {
OPENSSL_memcpy(ssl->s3->previous_server_finished, finished, finished_len);
ssl->s3->previous_server_finished_len = finished_len;
} else {
OPENSSL_memcpy(ssl->s3->previous_client_finished, finished, finished_len);
ssl->s3->previous_client_finished_len = finished_len;
}
}

ScopedCBB cbb;
CBB body;
if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_FINISHED) ||
!CBB_add_bytes(&body, finished, finished_len) ||
!ssl_add_message_cbb(ssl, cbb.get())) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
return 0;
}

return 1;
}

bool ssl_output_cert_chain(SSL *ssl) {
ScopedCBB cbb;
CBB body;
if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_CERTIFICATE) ||
!ssl_add_cert_chain(ssl, &body) ||
!ssl_add_message_cbb(ssl, cbb.get())) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
return false;
}

return true;
}

int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) {
SSL *const ssl = hs->ssl;
for (;;) {


+ 15
- 3
ssl/handshake_client.cc View File

@@ -1210,7 +1210,7 @@ static enum ssl_hs_wait_t do_send_client_certificate(SSL_HANDSHAKE *hs) {
}

if (!ssl_on_certificate_selected(hs) ||
!ssl3_output_cert_chain(ssl)) {
!ssl_output_cert_chain(ssl)) {
return ssl_hs_error;
}

@@ -1511,7 +1511,7 @@ static enum ssl_hs_wait_t do_send_client_finished(SSL_HANDSHAKE *hs) {
}
}

if (!ssl3_send_finished(hs)) {
if (!ssl_send_finished(hs)) {
return ssl_hs_error;
}

@@ -1519,6 +1519,18 @@ static enum ssl_hs_wait_t do_send_client_finished(SSL_HANDSHAKE *hs) {
return ssl_hs_flush;
}

static bool can_false_start(const SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;

// False Start only for TLS 1.2 with an ECDHE+AEAD cipher and ALPN or NPN.
return !SSL_is_dtls(ssl) &&
SSL_version(ssl) == TLS1_2_VERSION &&
(ssl->s3->alpn_selected != NULL ||
ssl->s3->next_proto_negotiated != NULL) &&
hs->new_cipher->algorithm_mkey == SSL_kECDHE &&
hs->new_cipher->algorithm_mac == SSL_AEAD;
}

static enum ssl_hs_wait_t do_finish_flight(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
if (ssl->session != NULL) {
@@ -1536,7 +1548,7 @@ static enum ssl_hs_wait_t do_finish_flight(SSL_HANDSHAKE *hs) {
hs->state = state_read_session_ticket;

if ((SSL_get_mode(ssl) & SSL_MODE_ENABLE_FALSE_START) &&
ssl3_can_false_start(ssl) &&
can_false_start(hs) &&
// No False Start on renegotiation (would complicate the state machine).
!ssl->s3->initial_handshake_complete) {
hs->in_false_start = true;


+ 2
- 2
ssl/handshake_server.cc View File

@@ -749,7 +749,7 @@ static enum ssl_hs_wait_t do_send_server_certificate(SSL_HANDSHAKE *hs) {
return ssl_hs_error;
}

if (!ssl3_output_cert_chain(ssl)) {
if (!ssl_output_cert_chain(ssl)) {
return ssl_hs_error;
}

@@ -1493,7 +1493,7 @@ static enum ssl_hs_wait_t do_send_server_finished(SSL_HANDSHAKE *hs) {

if (!ssl->method->add_change_cipher_spec(ssl) ||
!tls1_change_cipher_state(hs, evp_aead_seal) ||
!ssl3_send_finished(hs)) {
!ssl_send_finished(hs)) {
return ssl_hs_error;
}



+ 4
- 7
ssl/internal.h View File

@@ -1564,6 +1564,10 @@ int ssl_parse_extensions(const CBS *cbs, uint8_t *out_alert,
// ssl_verify_peer_cert verifies the peer certificate for |hs|.
enum ssl_verify_result_t ssl_verify_peer_cert(SSL_HANDSHAKE *hs);

enum ssl_hs_wait_t ssl_get_finished(SSL_HANDSHAKE *hs);
bool ssl_send_finished(SSL_HANDSHAKE *hs);
bool ssl_output_cert_chain(SSL *ssl);


// SSLKEYLOGFILE functions.

@@ -2672,13 +2676,11 @@ const struct ssl_cipher_preference_list_st *ssl_get_cipher_preferences(

void ssl_update_cache(SSL_HANDSHAKE *hs, int mode);

enum ssl_hs_wait_t ssl_get_finished(SSL_HANDSHAKE *hs);
int ssl_send_alert(SSL *ssl, int level, int desc);
bool ssl3_get_message(SSL *ssl, SSLMessage *out);
int ssl3_read_message(SSL *ssl);
void ssl3_next_message(SSL *ssl);

int ssl3_send_finished(SSL_HANDSHAKE *hs);
int ssl3_dispatch_alert(SSL *ssl);
int ssl3_read_app_data(SSL *ssl, bool *out_got_handshake, uint8_t *buf, int len,
int peek);
@@ -2687,7 +2689,6 @@ void ssl3_read_close_notify(SSL *ssl);
int ssl3_read_handshake_bytes(SSL *ssl, uint8_t *buf, int len);
int ssl3_write_app_data(SSL *ssl, bool *out_needs_handshake, const uint8_t *buf,
int len);
int ssl3_output_cert_chain(SSL *ssl);

int ssl3_new(SSL *ssl);
void ssl3_free(SSL *ssl);
@@ -2835,10 +2836,6 @@ int tls1_record_handshake_hashes_for_channel_id(SSL_HANDSHAKE *hs);
// operation should be retried later.
int ssl_do_channel_id_callback(SSL *ssl);

// ssl3_can_false_start returns one if |ssl| is allowed to False Start and zero
// otherwise.
int ssl3_can_false_start(const SSL *ssl);

// ssl_can_write returns one if |ssl| is allowed to write and zero otherwise.
int ssl_can_write(const SSL *ssl);



+ 0
- 60
ssl/s3_both.cc View File

@@ -274,66 +274,6 @@ int ssl3_flush_flight(SSL *ssl) {
return 1;
}

int ssl3_send_finished(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
const SSL_SESSION *session = SSL_get_session(ssl);

uint8_t finished[EVP_MAX_MD_SIZE];
size_t finished_len;
if (!hs->transcript.GetFinishedMAC(finished, &finished_len, session,
ssl->server)) {
return 0;
}

// Log the master secret, if logging is enabled.
if (!ssl_log_secret(ssl, "CLIENT_RANDOM",
session->master_key,
session->master_key_length)) {
return 0;
}

// Copy the Finished so we can use it for renegotiation checks.
if (ssl->version != SSL3_VERSION) {
if (finished_len > sizeof(ssl->s3->previous_client_finished) ||
finished_len > sizeof(ssl->s3->previous_server_finished)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
return 0;
}

if (ssl->server) {
OPENSSL_memcpy(ssl->s3->previous_server_finished, finished, finished_len);
ssl->s3->previous_server_finished_len = finished_len;
} else {
OPENSSL_memcpy(ssl->s3->previous_client_finished, finished, finished_len);
ssl->s3->previous_client_finished_len = finished_len;
}
}

ScopedCBB cbb;
CBB body;
if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_FINISHED) ||
!CBB_add_bytes(&body, finished, finished_len) ||
!ssl_add_message_cbb(ssl, cbb.get())) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
return 0;
}

return 1;
}

int ssl3_output_cert_chain(SSL *ssl) {
ScopedCBB cbb;
CBB body;
if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_CERTIFICATE) ||
!ssl_add_cert_chain(ssl, &body) ||
!ssl_add_message_cbb(ssl, cbb.get())) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
return 0;
}

return 1;
}

static int extend_handshake_buffer(SSL *ssl, size_t length) {
if (!BUF_MEM_reserve(ssl->init_buf, length)) {
return -1;


+ 0
- 13
ssl/ssl_lib.cc View File

@@ -317,19 +317,6 @@ int ssl_log_secret(const SSL *ssl, const char *label, const uint8_t *secret,
return 1;
}

int ssl3_can_false_start(const SSL *ssl) {
const SSL_CIPHER *const cipher = SSL_get_current_cipher(ssl);

// False Start only for TLS 1.2 with an ECDHE+AEAD cipher and ALPN or NPN.
return !SSL_is_dtls(ssl) &&
SSL_version(ssl) == TLS1_2_VERSION &&
(ssl->s3->alpn_selected != NULL ||
ssl->s3->next_proto_negotiated != NULL) &&
cipher != NULL &&
cipher->algorithm_mkey == SSL_kECDHE &&
cipher->algorithm_mac == SSL_AEAD;
}

void ssl_do_info_callback(const SSL *ssl, int type, int value) {
void (*cb)(const SSL *ssl, int type, int value) = NULL;
if (ssl->info_callback != NULL) {


Write Preview
Loading…
Cancel
Save