kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove state parameters to ssl3_get_message.

Browse Source 
They're completely unused now. The handshake message reassembly logic should
not depend on the state machine. This should partially free it up (ugly as it
is) to be shared with a future TLS 1.3 implementation while, in parallel, it
and the layers below, get reworked. This also cuts down on the number of states
significantly.

Partially because I expect we'd want to get ssl_hash_message_t out of there
too. Having it in common code is fine, but it needs to be in the (supposed to
be) protocol-agnostic handshake state machine, not the protocol-specific
handshake message layer.

Change-Id: I12f9dc57bf433ceead0591106ab165d352ef6ee4
Reviewed-on: https://boringssl-review.googlesource.com/7949
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2016-05-13 18:28:17 -04:00 committed by Adam Langley
parent a6338be3fa
commit 1e6d6df943
9 changed files with 50 additions and 186 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
include/openssl/ssl3.h
View File

@ -312,17 +312,12 @@ OPENSSL_COMPILE_ASSERT(
#define SSL3_ST_CW_CLNT_HELLO_B (0x111 | SSL_ST_CONNECT)
/* read from server */
#define SSL3_ST_CR_SRVR_HELLO_A (0x120 | SSL_ST_CONNECT)
#define SSL3_ST_CR_SRVR_HELLO_B (0x121 | SSL_ST_CONNECT)
#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126 | SSL_ST_CONNECT)
#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127 | SSL_ST_CONNECT)
#define SSL3_ST_CR_CERT_A (0x130 | SSL_ST_CONNECT)
#define SSL3_ST_CR_CERT_B (0x131 | SSL_ST_CONNECT)
#define SSL3_ST_CR_KEY_EXCH_A (0x140 | SSL_ST_CONNECT)
#define SSL3_ST_CR_KEY_EXCH_B (0x141 | SSL_ST_CONNECT)
#define SSL3_ST_CR_CERT_REQ_A (0x150 | SSL_ST_CONNECT)
#define SSL3_ST_CR_CERT_REQ_B (0x151 | SSL_ST_CONNECT)
#define SSL3_ST_CR_SRVR_DONE_A (0x160 | SSL_ST_CONNECT)
#define SSL3_ST_CR_SRVR_DONE_B (0x161 | SSL_ST_CONNECT)
/* write to server */
#define SSL3_ST_CW_CERT_A (0x170 | SSL_ST_CONNECT)
#define SSL3_ST_CW_CERT_B (0x171 | SSL_ST_CONNECT)
@ -344,11 +339,12 @@ OPENSSL_COMPILE_ASSERT(
/* read from server */
#define SSL3_ST_CR_CHANGE (0x1C0 | SSL_ST_CONNECT)
#define SSL3_ST_CR_FINISHED_A (0x1D0 | SSL_ST_CONNECT)
#define SSL3_ST_CR_FINISHED_B (0x1D1 | SSL_ST_CONNECT)
#define SSL3_ST_CR_SESSION_TICKET_A (0x1E0 | SSL_ST_CONNECT)
#define SSL3_ST_CR_SESSION_TICKET_B (0x1E1 | SSL_ST_CONNECT)
#define SSL3_ST_CR_CERT_STATUS_A (0x1F0 | SSL_ST_CONNECT)
#define SSL3_ST_CR_CERT_STATUS_B (0x1F1 | SSL_ST_CONNECT)
/* SSL3_ST_CR_SRVR_HELLO_B is a legacy alias for |SSL3_ST_CR_SRVR_HELLO_A| used
* by some consumers which check |SSL_state|. */
#define SSL3_ST_CR_SRVR_HELLO_B SSL3_ST_CR_SRVR_HELLO_A
/* server */
/* extra state */
@ -359,7 +355,6 @@ OPENSSL_COMPILE_ASSERT(
#define SSL3_ST_SR_CLNT_HELLO_A (0x110 | SSL_ST_ACCEPT)
#define SSL3_ST_SR_CLNT_HELLO_B (0x111 | SSL_ST_ACCEPT)
#define SSL3_ST_SR_CLNT_HELLO_C (0x112 | SSL_ST_ACCEPT)
#define SSL3_ST_SR_CLNT_HELLO_D (0x115 | SSL_ST_ACCEPT)
/* write to client */
#define SSL3_ST_SW_HELLO_REQ_A (0x120 | SSL_ST_ACCEPT)
#define SSL3_ST_SW_HELLO_REQ_B (0x121 | SSL_ST_ACCEPT)
@ -377,19 +372,13 @@ OPENSSL_COMPILE_ASSERT(
#define SSL3_ST_SW_SRVR_DONE_B (0x171 | SSL_ST_ACCEPT)
/* read from client */
#define SSL3_ST_SR_CERT_A (0x180 | SSL_ST_ACCEPT)
#define SSL3_ST_SR_CERT_B (0x181 | SSL_ST_ACCEPT)
#define SSL3_ST_SR_KEY_EXCH_A (0x190 | SSL_ST_ACCEPT)
#define SSL3_ST_SR_KEY_EXCH_B (0x191 | SSL_ST_ACCEPT)
#define SSL3_ST_SR_KEY_EXCH_C (0x192 | SSL_ST_ACCEPT)
#define SSL3_ST_SR_CERT_VRFY_A (0x1A0 | SSL_ST_ACCEPT)
#define SSL3_ST_SR_CERT_VRFY_B (0x1A1 | SSL_ST_ACCEPT)
#define SSL3_ST_SR_CHANGE (0x1B0 | SSL_ST_ACCEPT)
#define SSL3_ST_SR_NEXT_PROTO_A (0x210 | SSL_ST_ACCEPT)
#define SSL3_ST_SR_NEXT_PROTO_B (0x211 | SSL_ST_ACCEPT)
#define SSL3_ST_SR_CHANNEL_ID_A (0x230 | SSL_ST_ACCEPT)
#define SSL3_ST_SR_CHANNEL_ID_B (0x231 | SSL_ST_ACCEPT)
#define SSL3_ST_SR_FINISHED_A (0x1C0 | SSL_ST_ACCEPT)
#define SSL3_ST_SR_FINISHED_B (0x1C1 | SSL_ST_ACCEPT)
/* write to client */
#define SSL3_ST_SW_CHANGE_A (0x1D0 | SSL_ST_ACCEPT)

3
ssl/d1_both.c
View File

@ -558,7 +558,7 @@ static int dtls1_process_fragment(SSL *ssl) {
/* dtls1_get_message reads a handshake message of message type |msg_type| (any
* if |msg_type| == -1). Read an entire handshake message. Handshake messages
* arrive in fragments. */
long dtls1_get_message(SSL *ssl, int st1, int stn, int msg_type,
long dtls1_get_message(SSL *ssl, int msg_type,
enum ssl_hash_message_t hash_message, int *ok) {
pitem *item = NULL;
hm_fragment *frag = NULL;
@ -646,7 +646,6 @@ long dtls1_get_message(SSL *ssl, int st1, int stn, int msg_type,
pitem_free(item);
dtls1_hm_fragment_free(frag);
ssl->state = stn;
*ok = 1;
return ssl->init_num;

16
ssl/d1_clnt.c
View File

@ -200,7 +200,6 @@ int dtls1_connect(SSL *ssl) {
break;
case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
ret = dtls1_get_hello_verify(ssl);
if (ret <= 0) {
goto end;
@ -216,7 +215,6 @@ int dtls1_connect(SSL *ssl) {
break;
case SSL3_ST_CR_SRVR_HELLO_A:
case SSL3_ST_CR_SRVR_HELLO_B:
ret = ssl3_get_server_hello(ssl);
if (ret <= 0) {
goto end;
@ -235,7 +233,6 @@ int dtls1_connect(SSL *ssl) {
break;
case SSL3_ST_CR_CERT_A:
case SSL3_ST_CR_CERT_B:
if (ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) {
ret = ssl3_get_server_certificate(ssl);
if (ret <= 0) {
@ -264,7 +261,6 @@ int dtls1_connect(SSL *ssl) {
break;
case SSL3_ST_CR_KEY_EXCH_A:
case SSL3_ST_CR_KEY_EXCH_B:
ret = ssl3_get_server_key_exchange(ssl);
if (ret <= 0) {
goto end;
@ -278,7 +274,6 @@ int dtls1_connect(SSL *ssl) {
break;
case SSL3_ST_CR_CERT_REQ_A:
case SSL3_ST_CR_CERT_REQ_B:
ret = ssl3_get_certificate_request(ssl);
if (ret <= 0) {
goto end;
@ -288,7 +283,6 @@ int dtls1_connect(SSL *ssl) {
break;
case SSL3_ST_CR_SRVR_DONE_A:
case SSL3_ST_CR_SRVR_DONE_B:
ret = ssl3_get_server_done(ssl);
if (ret <= 0) {
goto end;
@ -393,7 +387,6 @@ int dtls1_connect(SSL *ssl) {
break;
case SSL3_ST_CR_SESSION_TICKET_A:
case SSL3_ST_CR_SESSION_TICKET_B:
ret = ssl3_get_new_session_ticket(ssl);
if (ret <= 0) {
goto end;
@ -403,7 +396,6 @@ int dtls1_connect(SSL *ssl) {
break;
case SSL3_ST_CR_CERT_STATUS_A:
case SSL3_ST_CR_CERT_STATUS_B:
ret = ssl3_get_cert_status(ssl);
if (ret <= 0) {
goto end;
@ -426,9 +418,7 @@ int dtls1_connect(SSL *ssl) {
break;
case SSL3_ST_CR_FINISHED_A:
case SSL3_ST_CR_FINISHED_B:
ret =
ssl3_get_finished(ssl, SSL3_ST_CR_FINISHED_A, SSL3_ST_CR_FINISHED_B);
ret = ssl3_get_finished(ssl);
if (ret <= 0) {
goto end;
}
@ -507,9 +497,7 @@ static int dtls1_get_hello_verify(SSL *ssl) {
CBS hello_verify_request, cookie;
uint16_t server_version;
n = ssl->method->ssl_get_message(ssl, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1,
ssl_hash_message, &ok);
n = ssl->method->ssl_get_message(ssl, -1, ssl_hash_message, &ok);
if (!ok) {
return n;

8
ssl/d1_srvr.c
View File

@ -185,7 +185,6 @@ int dtls1_accept(SSL *ssl) {
case SSL3_ST_SR_CLNT_HELLO_A:
case SSL3_ST_SR_CLNT_HELLO_B:
case SSL3_ST_SR_CLNT_HELLO_C:
case SSL3_ST_SR_CLNT_HELLO_D:
ret = ssl3_get_client_hello(ssl);
if (ret <= 0) {
goto end;
@ -310,7 +309,6 @@ int dtls1_accept(SSL *ssl) {
break;
case SSL3_ST_SR_CERT_A:
case SSL3_ST_SR_CERT_B:
if (ssl->s3->tmp.cert_request) {
ret = ssl3_get_client_certificate(ssl);
if (ret <= 0) {
@ -323,7 +321,6 @@ int dtls1_accept(SSL *ssl) {
case SSL3_ST_SR_KEY_EXCH_A:
case SSL3_ST_SR_KEY_EXCH_B:
case SSL3_ST_SR_KEY_EXCH_C:
ret = ssl3_get_client_key_exchange(ssl);
if (ret <= 0) {
goto end;
@ -333,7 +330,6 @@ int dtls1_accept(SSL *ssl) {
break;
case SSL3_ST_SR_CERT_VRFY_A:
case SSL3_ST_SR_CERT_VRFY_B:
ret = ssl3_get_cert_verify(ssl);
if (ret <= 0) {
goto end;
@ -357,9 +353,7 @@ int dtls1_accept(SSL *ssl) {
break;
case SSL3_ST_SR_FINISHED_A:
case SSL3_ST_SR_FINISHED_B:
ret = ssl3_get_finished(ssl, SSL3_ST_SR_FINISHED_A,
SSL3_ST_SR_FINISHED_B);
ret = ssl3_get_finished(ssl);
if (ret <= 0) {
goto end;
}

13
ssl/internal.h
View File

@ -853,9 +853,8 @@ struct ssl_protocol_method_st {
void (*ssl_free)(SSL *ssl);
int (*ssl_accept)(SSL *ssl);
int (*ssl_connect)(SSL *ssl);
long (*ssl_get_message)(SSL *ssl, int header_state, int body_state,
int msg_type, enum ssl_hash_message_t hash_message,
int *ok);
long (*ssl_get_message)(SSL *ssl, int msg_type,
enum ssl_hash_message_t hash_message, int *ok);
int (*ssl_read_app_data)(SSL *ssl, uint8_t *buf, int len, int peek);
int (*ssl_read_change_cipher_spec)(SSL *ssl);
void (*ssl_read_close_notify)(SSL *ssl);
@ -1044,13 +1043,13 @@ int ssl_fill_hello_random(uint8_t *out, size_t len, int is_server);
int ssl3_send_server_certificate(SSL *ssl);
int ssl3_send_new_session_ticket(SSL *ssl);
int ssl3_send_certificate_status(SSL *ssl);
int ssl3_get_finished(SSL *ssl, int state_a, int state_b);
int ssl3_get_finished(SSL *ssl);
int ssl3_send_change_cipher_spec(SSL *ssl, int state_a, int state_b);
void ssl3_cleanup_key_block(SSL *ssl);
int ssl3_do_write(SSL *ssl, int type);
int ssl3_send_alert(SSL *ssl, int level, int desc);
int ssl3_get_req_cert_type(SSL *ssl, uint8_t *p);
long ssl3_get_message(SSL *ssl, int header_state, int body_state, int msg_type,
long ssl3_get_message(SSL *ssl, int msg_type,
enum ssl_hash_message_t hash_message, int *ok);
/* ssl3_hash_current_message incorporates the current handshake message into the
@ -1156,8 +1155,8 @@ int dtls1_accept(SSL *ssl);
int dtls1_connect(SSL *ssl);
void dtls1_free(SSL *ssl);
long dtls1_get_message(SSL *ssl, int st1, int stn, int mt,
enum ssl_hash_message_t hash_message, int *ok);
long dtls1_get_message(SSL *ssl, int mt, enum ssl_hash_message_t hash_message,
int *ok);
int dtls1_dispatch_alert(SSL *ssl);
/* ssl_is_wbio_buffered returns one if |ssl|'s write BIO is buffered and zero

11
ssl/s3_both.c
View File

@ -211,12 +211,12 @@ static void ssl3_take_mac(SSL *ssl) {
ssl, !ssl->server, ssl->s3->tmp.peer_finish_md);
}
int ssl3_get_finished(SSL *ssl, int a, int b) {
int ssl3_get_finished(SSL *ssl) {
int al, finished_len, ok;
long message_len;
uint8_t *p;
message_len = ssl->method->ssl_get_message(ssl, a, b, SSL3_MT_FINISHED,
message_len = ssl->method->ssl_get_message(ssl, SSL3_MT_FINISHED,
ssl_dont_hash_message, &ok);
if (!ok) {
@ -328,9 +328,8 @@ static int extend_handshake_buffer(SSL *ssl, size_t length) {
}
/* Obtain handshake message of message type |msg_type| (any if |msg_type| ==
* -1). The first four bytes (msg_type and length) are read in state
* |header_state|, the body is read in state |body_state|. */
long ssl3_get_message(SSL *ssl, int header_state, int body_state, int msg_type,
* -1). */
long ssl3_get_message(SSL *ssl, int msg_type,
enum ssl_hash_message_t hash_message, int *ok) {
*ok = 0;
@ -347,7 +346,6 @@ long ssl3_get_message(SSL *ssl, int header_state, int body_state, int msg_type,
return -1;
}
*ok = 1;
ssl->state = body_state;
assert(ssl->init_buf->length >= 4);
ssl->init_msg = (uint8_t *)ssl->init_buf->data + 4;
ssl->init_num = (int)ssl->init_buf->length - 4;
@ -405,7 +403,6 @@ again:
return -1;
}
ssl->s3->tmp.message_type = actual_type;
ssl->state = body_state;
ssl->init_msg = (uint8_t*)ssl->init_buf->data + 4;
ssl->init_num = ssl->init_buf->length - 4;

42
ssl/s3_clnt.c
View File

@ -236,7 +236,6 @@ int ssl3_connect(SSL *ssl) {
break;
case SSL3_ST_CR_SRVR_HELLO_A:
case SSL3_ST_CR_SRVR_HELLO_B:
ret = ssl3_get_server_hello(ssl);
if (ret <= 0) {
goto end;
@ -255,7 +254,6 @@ int ssl3_connect(SSL *ssl) {
break;
case SSL3_ST_CR_CERT_A:
case SSL3_ST_CR_CERT_B:
if (ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) {
ret = ssl3_get_server_certificate(ssl);
if (ret <= 0) {
@ -284,7 +282,6 @@ int ssl3_connect(SSL *ssl) {
break;
case SSL3_ST_CR_KEY_EXCH_A:
case SSL3_ST_CR_KEY_EXCH_B:
ret = ssl3_get_server_key_exchange(ssl);
if (ret <= 0) {
goto end;
@ -298,7 +295,6 @@ int ssl3_connect(SSL *ssl) {
break;
case SSL3_ST_CR_CERT_REQ_A:
case SSL3_ST_CR_CERT_REQ_B:
ret = ssl3_get_certificate_request(ssl);
if (ret <= 0) {
goto end;
@ -308,7 +304,6 @@ int ssl3_connect(SSL *ssl) {
break;
case SSL3_ST_CR_SRVR_DONE_A:
case SSL3_ST_CR_SRVR_DONE_B:
ret = ssl3_get_server_done(ssl);
if (ret <= 0) {
goto end;
@ -448,7 +443,6 @@ int ssl3_connect(SSL *ssl) {
break;
case SSL3_ST_CR_SESSION_TICKET_A:
case SSL3_ST_CR_SESSION_TICKET_B:
ret = ssl3_get_new_session_ticket(ssl);
if (ret <= 0) {
goto end;
@ -458,7 +452,6 @@ int ssl3_connect(SSL *ssl) {
break;
case SSL3_ST_CR_CERT_STATUS_A:
case SSL3_ST_CR_CERT_STATUS_B:
ret = ssl3_get_cert_status(ssl);
if (ret <= 0) {
goto end;
@ -481,9 +474,7 @@ int ssl3_connect(SSL *ssl) {
break;
case SSL3_ST_CR_FINISHED_A:
case SSL3_ST_CR_FINISHED_B:
ret = ssl3_get_finished(ssl, SSL3_ST_CR_FINISHED_A,
SSL3_ST_CR_FINISHED_B);
ret = ssl3_get_finished(ssl);
if (ret <= 0) {
goto end;
}
@ -729,9 +720,8 @@ int ssl3_get_server_hello(SSL *ssl) {
uint16_t server_version, cipher_suite;
uint8_t compression_method;
n = ssl->method->ssl_get_message(ssl, SSL3_ST_CR_SRVR_HELLO_A,
SSL3_ST_CR_SRVR_HELLO_B,
SSL3_MT_SERVER_HELLO, ssl_hash_message, &ok);
n = ssl->method->ssl_get_message(ssl, SSL3_MT_SERVER_HELLO, ssl_hash_message,
&ok);
if (!ok) {
uint32_t err = ERR_peek_error();
@ -959,8 +949,8 @@ int ssl3_get_server_certificate(SSL *ssl) {
CBS cbs, certificate_list;
const uint8_t *data;
n = ssl->method->ssl_get_message(ssl, SSL3_ST_CR_CERT_A, SSL3_ST_CR_CERT_B,
SSL3_MT_CERTIFICATE, ssl_hash_message, &ok);
n = ssl->method->ssl_get_message(ssl, SSL3_MT_CERTIFICATE, ssl_hash_message,
&ok);
if (!ok) {
return n;
@ -1048,9 +1038,7 @@ int ssl3_get_server_key_exchange(SSL *ssl) {
EC_KEY *ecdh = NULL;
EC_POINT *srvr_ecpoint = NULL;
long n = ssl->method->ssl_get_message(ssl, SSL3_ST_CR_KEY_EXCH_A,
SSL3_ST_CR_KEY_EXCH_B, -1,
ssl_hash_message, &ok);
long n = ssl->method->ssl_get_message(ssl, -1, ssl_hash_message, &ok);
if (!ok) {
return n;
}
@ -1295,9 +1283,7 @@ int ssl3_get_certificate_request(SSL *ssl) {
X509_NAME *xn = NULL;
STACK_OF(X509_NAME) *ca_sk = NULL;
long n = ssl->method->ssl_get_message(ssl, SSL3_ST_CR_CERT_REQ_A,
SSL3_ST_CR_CERT_REQ_B, -1,
ssl_hash_message, &ok);
long n = ssl->method->ssl_get_message(ssl, -1, ssl_hash_message, &ok);
if (!ok) {
return n;
@ -1402,9 +1388,8 @@ err:
int ssl3_get_new_session_ticket(SSL *ssl) {
int ok, al;
long n = ssl->method->ssl_get_message(
ssl, SSL3_ST_CR_SESSION_TICKET_A, SSL3_ST_CR_SESSION_TICKET_B,
SSL3_MT_NEWSESSION_TICKET, ssl_hash_message, &ok);
long n = ssl->method->ssl_get_message(ssl, SSL3_MT_NEWSESSION_TICKET,
ssl_hash_message, &ok);
if (!ok) {
return n;
@ -1480,9 +1465,7 @@ int ssl3_get_cert_status(SSL *ssl) {
CBS certificate_status, ocsp_response;
uint8_t status_type;
n = ssl->method->ssl_get_message(ssl, SSL3_ST_CR_CERT_STATUS_A,
SSL3_ST_CR_CERT_STATUS_B, -1,
ssl_hash_message, &ok);
n = ssl->method->ssl_get_message(ssl, -1, ssl_hash_message, &ok);
if (!ok) {
return n;
@ -1523,9 +1506,8 @@ int ssl3_get_server_done(SSL *ssl) {
int ok;
long n;
n = ssl->method->ssl_get_message(ssl, SSL3_ST_CR_SRVR_DONE_A,
SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE,
ssl_hash_message, &ok);
n = ssl->method->ssl_get_message(ssl, SSL3_MT_SERVER_DONE, ssl_hash_message,
&ok);
if (!ok) {
return n;

56
ssl/s3_srvr.c
View File

@ -257,7 +257,6 @@ int ssl3_accept(SSL *ssl) {
case SSL3_ST_SR_CLNT_HELLO_A:
case SSL3_ST_SR_CLNT_HELLO_B:
case SSL3_ST_SR_CLNT_HELLO_C:
case SSL3_ST_SR_CLNT_HELLO_D:
ret = ssl3_get_client_hello(ssl);
if (ret <= 0) {
goto end;
@ -380,7 +379,6 @@ int ssl3_accept(SSL *ssl) {
break;
case SSL3_ST_SR_CERT_A:
case SSL3_ST_SR_CERT_B:
if (ssl->s3->tmp.cert_request) {
ret = ssl3_get_client_certificate(ssl);
if (ret <= 0) {
@ -393,7 +391,6 @@ int ssl3_accept(SSL *ssl) {
case SSL3_ST_SR_KEY_EXCH_A:
case SSL3_ST_SR_KEY_EXCH_B:
case SSL3_ST_SR_KEY_EXCH_C:
ret = ssl3_get_client_key_exchange(ssl);
if (ret <= 0) {
goto end;
@ -403,7 +400,6 @@ int ssl3_accept(SSL *ssl) {
break;
case SSL3_ST_SR_CERT_VRFY_A:
case SSL3_ST_SR_CERT_VRFY_B:
ret = ssl3_get_cert_verify(ssl);
if (ret <= 0) {
goto end;
@ -434,7 +430,6 @@ int ssl3_accept(SSL *ssl) {
break;
case SSL3_ST_SR_NEXT_PROTO_A:
case SSL3_ST_SR_NEXT_PROTO_B:
ret = ssl3_get_next_proto(ssl);
if (ret <= 0) {
goto end;
@ -448,7 +443,6 @@ int ssl3_accept(SSL *ssl) {
break;
case SSL3_ST_SR_CHANNEL_ID_A:
case SSL3_ST_SR_CHANNEL_ID_B:
ret = ssl3_get_channel_id(ssl);
if (ret <= 0) {
goto end;
@ -458,9 +452,7 @@ int ssl3_accept(SSL *ssl) {
break;
case SSL3_ST_SR_FINISHED_A:
case SSL3_ST_SR_FINISHED_B:
ret = ssl3_get_finished(ssl, SSL3_ST_SR_FINISHED_A,
SSL3_ST_SR_FINISHED_B);
ret = ssl3_get_finished(ssl);
if (ret <= 0) {
goto end;
}
@ -765,19 +757,17 @@ int ssl3_get_client_hello(SSL *ssl) {
* SSLv3, even if prompted with TLSv1. */
switch (ssl->state) {
case SSL3_ST_SR_CLNT_HELLO_A:
case SSL3_ST_SR_CLNT_HELLO_B:
n = ssl->method->ssl_get_message(
ssl, SSL3_ST_SR_CLNT_HELLO_A, SSL3_ST_SR_CLNT_HELLO_B,
SSL3_MT_CLIENT_HELLO, ssl_hash_message, &ok);
n = ssl->method->ssl_get_message(ssl, SSL3_MT_CLIENT_HELLO,
ssl_hash_message, &ok);
if (!ok) {
return n;
}
ssl->state = SSL3_ST_SR_CLNT_HELLO_C;
ssl->state = SSL3_ST_SR_CLNT_HELLO_B;
/* fallthrough */
case SSL3_ST_SR_CLNT_HELLO_B:
case SSL3_ST_SR_CLNT_HELLO_C:
case SSL3_ST_SR_CLNT_HELLO_D:
/* We have previously parsed the ClientHello message, and can't call
* ssl_get_message again without hashing the message into the Finished
* digest again. */
@ -793,9 +783,9 @@ int ssl3_get_client_hello(SSL *ssl) {
goto f_err;
}
if (ssl->state == SSL3_ST_SR_CLNT_HELLO_C &&
if (ssl->state == SSL3_ST_SR_CLNT_HELLO_B &&
ssl->ctx->select_certificate_cb != NULL) {
ssl->state = SSL3_ST_SR_CLNT_HELLO_D;
ssl->state = SSL3_ST_SR_CLNT_HELLO_C;
switch (ssl->ctx->select_certificate_cb(&early_ctx)) {
case 0:
ssl->rwstate = SSL_CERTIFICATE_SELECTION_PENDING;
@ -811,7 +801,7 @@ int ssl3_get_client_hello(SSL *ssl) {
/* fallthrough */;
}
}
ssl->state = SSL3_ST_SR_CLNT_HELLO_D;
ssl->state = SSL3_ST_SR_CLNT_HELLO_C;
break;
default:
@ -1446,12 +1436,10 @@ int ssl3_get_client_key_exchange(SSL *ssl) {
unsigned psk_len = 0;
uint8_t psk[PSK_MAX_PSK_LEN];
if (ssl->state == SSL3_ST_SR_KEY_EXCH_A ||
ssl->state == SSL3_ST_SR_KEY_EXCH_B) {
if (ssl->state == SSL3_ST_SR_KEY_EXCH_A) {
int ok;
const long n = ssl->method->ssl_get_message(
ssl, SSL3_ST_SR_KEY_EXCH_A, SSL3_ST_SR_KEY_EXCH_B,
SSL3_MT_CLIENT_KEY_EXCHANGE, ssl_hash_message, &ok);
ssl, SSL3_MT_CLIENT_KEY_EXCHANGE, ssl_hash_message, &ok);
if (!ok) {
return n;
}
@ -1521,7 +1509,7 @@ int ssl3_get_client_key_exchange(SSL *ssl) {
enum ssl_private_key_result_t decrypt_result;
size_t decrypt_len;
if (ssl->state == SSL3_ST_SR_KEY_EXCH_B) {
if (ssl->state == SSL3_ST_SR_KEY_EXCH_A) {
if (!ssl_has_private_key(ssl) ||
ssl_private_key_type(ssl) != EVP_PKEY_RSA) {
al = SSL_AD_HANDSHAKE_FAILURE;
@ -1549,7 +1537,7 @@ int ssl3_get_client_key_exchange(SSL *ssl) {
CBS_data(&encrypted_premaster_secret),
CBS_len(&encrypted_premaster_secret));
} else {
assert(ssl->state == SSL3_ST_SR_KEY_EXCH_C);
assert(ssl->state == SSL3_ST_SR_KEY_EXCH_B);
/* Complete async decrypt. */
decrypt_result = ssl_private_key_decrypt_complete(
ssl, decrypt_buf, &decrypt_len, rsa_size);
@ -1562,7 +1550,7 @@ int ssl3_get_client_key_exchange(SSL *ssl) {
goto err;
case ssl_private_key_retry:
ssl->rwstate = SSL_PRIVATE_KEY_OPERATION;
ssl->state = SSL3_ST_SR_KEY_EXCH_C;
ssl->state = SSL3_ST_SR_KEY_EXCH_B;
goto err;
}
@ -1731,9 +1719,8 @@ int ssl3_get_cert_verify(SSL *ssl) {
return 1;
}
n = ssl->method->ssl_get_message(
ssl, SSL3_ST_SR_CERT_VRFY_A, SSL3_ST_SR_CERT_VRFY_B,
SSL3_MT_CERTIFICATE_VERIFY, ssl_dont_hash_message, &ok);
n = ssl->method->ssl_get_message(ssl, SSL3_MT_CERTIFICATE_VERIFY,
ssl_dont_hash_message, &ok);
if (!ok) {
return n;
@ -1829,8 +1816,7 @@ int ssl3_get_client_certificate(SSL *ssl) {
int is_first_certificate = 1;
assert(ssl->s3->tmp.cert_request);
n = ssl->method->ssl_get_message(ssl, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
-1, ssl_hash_message, &ok);
n = ssl->method->ssl_get_message(ssl, -1, ssl_hash_message, &ok);
if (!ok) {
return n;
@ -2117,9 +2103,8 @@ int ssl3_get_next_proto(SSL *ssl) {
return -1;
}
n = ssl->method->ssl_get_message(ssl, SSL3_ST_SR_NEXT_PROTO_A,
SSL3_ST_SR_NEXT_PROTO_B, SSL3_MT_NEXT_PROTO,
ssl_hash_message, &ok);
n = ssl->method->ssl_get_message(ssl, SSL3_MT_NEXT_PROTO, ssl_hash_message,
&ok);
if (!ok) {
return n;
@ -2158,9 +2143,8 @@ int ssl3_get_channel_id(SSL *ssl) {
BIGNUM x, y;
CBS encrypted_extensions, extension;
n = ssl->method->ssl_get_message(
ssl, SSL3_ST_SR_CHANNEL_ID_A, SSL3_ST_SR_CHANNEL_ID_B,
SSL3_MT_ENCRYPTED_EXTENSIONS, ssl_dont_hash_message, &ok);
n = ssl->method->ssl_get_message(ssl, SSL3_MT_ENCRYPTED_EXTENSIONS,
ssl_dont_hash_message, &ok);
if (!ok) {
return n;

68
ssl/ssl_stat.c
View File

@ -110,39 +110,21 @@ const char *SSL_state_string_long(const SSL *ssl) {
case SSL3_ST_CR_SRVR_HELLO_A:
return "SSLv3 read server hello A";
case SSL3_ST_CR_SRVR_HELLO_B:
return "SSLv3 read server hello B";
case SSL3_ST_CR_CERT_A:
return "SSLv3 read server certificate A";
case SSL3_ST_CR_CERT_B:
return "SSLv3 read server certificate B";
case SSL3_ST_CR_KEY_EXCH_A:
return "SSLv3 read server key exchange A";
case SSL3_ST_CR_KEY_EXCH_B:
return "SSLv3 read server key exchange B";
case SSL3_ST_CR_CERT_REQ_A:
return "SSLv3 read server certificate request A";
case SSL3_ST_CR_CERT_REQ_B:
return "SSLv3 read server certificate request B";
case SSL3_ST_CR_SESSION_TICKET_A:
return "SSLv3 read server session ticket A";
case SSL3_ST_CR_SESSION_TICKET_B:
return "SSLv3 read server session ticket B";
case SSL3_ST_CR_SRVR_DONE_A:
return "SSLv3 read server done A";
case SSL3_ST_CR_SRVR_DONE_B:
return "SSLv3 read server done B";
case SSL3_ST_CW_CERT_A:
return "SSLv3 write client certificate A";
@ -191,10 +173,6 @@ const char *SSL_state_string_long(const SSL *ssl) {
case SSL3_ST_SR_FINISHED_A:
return "SSLv3 read finished A";
case SSL3_ST_CR_FINISHED_B:
case SSL3_ST_SR_FINISHED_B:
return "SSLv3 read finished B";
case SSL3_ST_CW_FLUSH:
case SSL3_ST_SW_FLUSH:
return "SSLv3 flush data";
@ -208,9 +186,6 @@ const char *SSL_state_string_long(const SSL *ssl) {
case SSL3_ST_SR_CLNT_HELLO_C:
return "SSLv3 read client hello C";
case SSL3_ST_SR_CLNT_HELLO_D:
return "SSLv3 read client hello D";
case SSL3_ST_SW_HELLO_REQ_A:
return "SSLv3 write hello request A";
@ -259,9 +234,6 @@ const char *SSL_state_string_long(const SSL *ssl) {
case SSL3_ST_SR_CERT_A:
return "SSLv3 read client certificate A";
case SSL3_ST_SR_CERT_B:
return "SSLv3 read client certificate B";
case SSL3_ST_SR_KEY_EXCH_A:
return "SSLv3 read client key exchange A";
@ -271,16 +243,10 @@ const char *SSL_state_string_long(const SSL *ssl) {
case SSL3_ST_SR_CERT_VRFY_A:
return "SSLv3 read certificate verify A";
case SSL3_ST_SR_CERT_VRFY_B:
return "SSLv3 read certificate verify B";
/* DTLS */
case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
return "DTLS1 read hello verify request A";
case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
return "DTLS1 read hello verify request B";
default:
return "unknown state";
}
@ -311,33 +277,18 @@ const char *SSL_state_string(const SSL *ssl) {
case SSL3_ST_CR_SRVR_HELLO_A:
return "3RSH_A";
case SSL3_ST_CR_SRVR_HELLO_B:
return "3RSH_B";
case SSL3_ST_CR_CERT_A:
return "3RSC_A";
case SSL3_ST_CR_CERT_B:
return "3RSC_B";
case SSL3_ST_CR_KEY_EXCH_A:
return "3RSKEA";
case SSL3_ST_CR_KEY_EXCH_B:
return "3RSKEB";
case SSL3_ST_CR_CERT_REQ_A:
return "3RCR_A";
case SSL3_ST_CR_CERT_REQ_B:
return "3RCR_B";
case SSL3_ST_CR_SRVR_DONE_A:
return "3RSD_A";
case SSL3_ST_CR_SRVR_DONE_B:
return "3RSD_B";
case SSL3_ST_CW_CERT_A:
return "3WCC_A";
@ -386,10 +337,6 @@ const char *SSL_state_string(const SSL *ssl) {
case SSL3_ST_CR_FINISHED_A:
return "3RFINA";
case SSL3_ST_SR_FINISHED_B:
case SSL3_ST_CR_FINISHED_B:
return "3RFINB";
case SSL3_ST_SW_HELLO_REQ_A:
return "3WHR_A";
@ -408,9 +355,6 @@ const char *SSL_state_string(const SSL *ssl) {
case SSL3_ST_SR_CLNT_HELLO_C:
return "3RCH_C";
case SSL3_ST_SR_CLNT_HELLO_D:
return "3RCH_D";
case SSL3_ST_SW_SRVR_HELLO_A:
return "3WSH_A";
@ -444,28 +388,16 @@ const char *SSL_state_string(const SSL *ssl) {
case SSL3_ST_SR_CERT_A:
return "3RCC_A";
case SSL3_ST_SR_CERT_B:
return "3RCC_B";
case SSL3_ST_SR_KEY_EXCH_A:
return "3RCKEA";
case SSL3_ST_SR_KEY_EXCH_B:
return "3RCKEB";
case SSL3_ST_SR_CERT_VRFY_A:
return "3RCV_A";
case SSL3_ST_SR_CERT_VRFY_B:
return "3RCV_B";
/* DTLS */
case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
return "DRCHVA";
case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
return "DRCHVB";
default:
return "UNKWN ";
}