From 0be6fc4c98ee6f93e152559290c5626f89de6df7 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sat, 3 Dec 2016 23:23:52 -0500 Subject: [PATCH] Move a few more functions into *_method.c. s3_lib.c is nearly gone. ssl_get_cipher_preferences will fall away once we remove the version-specific cipher lists. ssl_get_algorithm_prf and the PRF stuff in general needs some revising (it was the motivation for all the SSL_HANDSHAKE business). I've left ssl3_new / ssl3_free alone for now because we don't have a good separation between common TLS/DTLS connection state and state internal to the TLS SSL_PROTOCOL_METHOD. Leaving that alone for now as there's lower-hanging fruit. Change-Id: Idf7989123a387938aa89b6a052161c9fff4cbfb3 Reviewed-on: https://boringssl-review.googlesource.com/12584 Reviewed-by: Adam Langley --- ssl/d1_lib.c | 12 ------------ ssl/dtls_method.c | 8 ++++++++ ssl/internal.h | 7 ------- ssl/s3_lib.c | 8 -------- ssl/tls_method.c | 6 ++++++ 5 files changed, 14 insertions(+), 27 deletions(-) diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index a63b8c9b..cafb4c26 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -113,10 +113,6 @@ void dtls1_free(SSL *ssl) { ssl->d1 = NULL; } -int dtls1_supports_cipher(const SSL_CIPHER *cipher) { - return cipher->algorithm_enc != SSL_eNULL; -} - void DTLSv1_set_initial_timeout_duration(SSL *ssl, unsigned int duration_ms) { ssl->initial_timeout_duration_ms = duration_ms; } @@ -260,11 +256,3 @@ int DTLSv1_handle_timeout(SSL *ssl) { dtls1_start_timer(ssl); return dtls1_retransmit_outgoing_messages(ssl); } - -void dtls1_expect_flight(SSL *ssl) { - dtls1_start_timer(ssl); -} - -void dtls1_received_flight(SSL *ssl) { - dtls1_stop_timer(ssl); -} diff --git a/ssl/dtls_method.c b/ssl/dtls_method.c index 8e92cc9f..89b5491e 100644 --- a/ssl/dtls_method.c +++ b/ssl/dtls_method.c @@ -94,6 +94,14 @@ static uint16_t dtls1_version_to_wire(uint16_t version) { return 0; } +static int dtls1_supports_cipher(const SSL_CIPHER *cipher) { + return cipher->algorithm_enc != SSL_eNULL; +} + +static void dtls1_expect_flight(SSL *ssl) { dtls1_start_timer(ssl); } + +static void dtls1_received_flight(SSL *ssl) { dtls1_stop_timer(ssl); } + static int dtls1_set_read_state(SSL *ssl, SSL_AEAD_CTX *aead_ctx) { /* Cipher changes are illegal when there are buffered incoming messages. */ if (dtls_has_incoming_messages(ssl)) { diff --git a/ssl/internal.h b/ssl/internal.h index 252ed0f7..f940edac 100644 --- a/ssl/internal.h +++ b/ssl/internal.h @@ -1735,7 +1735,6 @@ int ssl3_cert_verify_hash(SSL *ssl, const EVP_MD **out_md, uint8_t *out, size_t *out_len, uint16_t signature_algorithm); int ssl3_send_finished(SSL_HANDSHAKE *hs, int a, int b); -int ssl3_supports_cipher(const SSL_CIPHER *cipher); int ssl3_dispatch_alert(SSL *ssl); int ssl3_read_app_data(SSL *ssl, int *out_got_handshake, uint8_t *buf, int len, int peek); @@ -1756,9 +1755,6 @@ int ssl3_finish_message(SSL *ssl, CBB *cbb, uint8_t **out_msg, size_t *out_len); int ssl3_queue_message(SSL *ssl, uint8_t *msg, size_t len); int ssl3_write_message(SSL *ssl); -void ssl3_expect_flight(SSL *ssl); -void ssl3_received_flight(SSL *ssl); - int dtls1_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type); int dtls1_finish_message(SSL *ssl, CBB *cbb, uint8_t **out_msg, size_t *out_len); @@ -1798,10 +1794,7 @@ int dtls1_parse_fragment(CBS *cbs, struct hm_header_st *out_hdr, CBS *out_body); int dtls1_check_timeout_num(SSL *ssl); int dtls1_handshake_write(SSL *ssl); -void dtls1_expect_flight(SSL *ssl); -void dtls1_received_flight(SSL *ssl); -int dtls1_supports_cipher(const SSL_CIPHER *cipher); void dtls1_start_timer(SSL *ssl); void dtls1_stop_timer(SSL *ssl); int dtls1_is_timer_expired(SSL *ssl); diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index b5006f6b..1aad8e65 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -162,14 +162,6 @@ #include "internal.h" -int ssl3_supports_cipher(const SSL_CIPHER *cipher) { - return 1; -} - -void ssl3_expect_flight(SSL *ssl) {} - -void ssl3_received_flight(SSL *ssl) {} - int ssl3_new(SSL *ssl) { SSL3_STATE *s3; diff --git a/ssl/tls_method.c b/ssl/tls_method.c index ce42904b..9effb363 100644 --- a/ssl/tls_method.c +++ b/ssl/tls_method.c @@ -97,6 +97,12 @@ static uint16_t ssl3_version_to_wire(uint16_t version) { return 0; } +static int ssl3_supports_cipher(const SSL_CIPHER *cipher) { return 1; } + +static void ssl3_expect_flight(SSL *ssl) {} + +static void ssl3_received_flight(SSL *ssl) {} + static int ssl3_set_read_state(SSL *ssl, SSL_AEAD_CTX *aead_ctx) { if (ssl->s3->rrec.length != 0) { /* There may not be unprocessed record data at a cipher change. */