From 84ec49e914fa812f5d0169e977eb47e52afc17ff Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@chromium.org>
Date: Tue, 22 Jul 2014 14:25:28 -0400
Subject: [PATCH] Consolidate CCS_OK codepaths in s3_srvr.c.

Rename SSL3_ST_SR_POST_CLIENT_CERT to SSL3_ST_SR_CHANGE and have this be the
point at which CCS_OK is set. The copy before ssl3_get_finished is redundant as
we never transition to SR_FINISHED directly.

Change-Id: I3eefeb821e7ae53d52dacc587fdc59de9ea9a667
Reviewed-on: https://boringssl-review.googlesource.com/1297
Reviewed-by: Adam Langley <agl@google.com>
---
 include/openssl/ssl3.h |  4 +---
 ssl/s3_srvr.c          | 21 +++++++++++----------
 ssl/ssl_stat.c         | 10 ++++------
 3 files changed, 16 insertions(+), 19 deletions(-)

diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index 3959e595..0023b304 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -612,13 +612,11 @@ typedef struct ssl3_state_st
 #define SSL3_ST_SR_KEY_EXCH_B		(0x191|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CERT_VRFY_A		(0x1A0|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CERT_VRFY_B		(0x1A1|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CHANGE_A		(0x1B0|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CHANGE_B		(0x1B1|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CHANGE		(0x1B0|SSL_ST_ACCEPT)
 #ifndef OPENSSL_NO_NEXTPROTONEG
 #define SSL3_ST_SR_NEXT_PROTO_A		(0x210|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_NEXT_PROTO_B		(0x211|SSL_ST_ACCEPT)
 #endif
-#define SSL3_ST_SR_POST_CLIENT_CERT	(0x1BF|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CHANNEL_ID_A		(0x230|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CHANNEL_ID_B		(0x231|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_FINISHED_A		(0x1C0|SSL_ST_ACCEPT)
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index bc2f538e..36b421e2 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -501,7 +501,7 @@ int ssl3_accept(SSL *s)
 				 * message is not sent.
 				 */
 				s->init_num = 0;
-				s->state=SSL3_ST_SR_POST_CLIENT_CERT;
+				s->state = SSL3_ST_SR_CHANGE;
 				}
 			else if (SSL_USE_SIGALGS(s))
 				{
@@ -559,11 +559,11 @@ int ssl3_accept(SSL *s)
 			ret=ssl3_get_cert_verify(s);
 			if (ret <= 0) goto end;
 
-			s->state=SSL3_ST_SR_POST_CLIENT_CERT;
+			s->state = SSL3_ST_SR_CHANGE;
 			s->init_num=0;
 			break;
 
-		case SSL3_ST_SR_POST_CLIENT_CERT: {
+		case SSL3_ST_SR_CHANGE: {
 			char next_proto_neg = 0;
 			char channel_id = 0;
 # if !defined(OPENSSL_NO_NEXTPROTONEG)
@@ -571,13 +571,15 @@ int ssl3_accept(SSL *s)
 # endif
 			channel_id = s->s3->tlsext_channel_id_valid;
 
+			/* At this point, the next message must be entirely
+			 * behind a ChangeCipherSpec. */
 			s->s3->flags |= SSL3_FLAGS_CCS_OK;
 			if (next_proto_neg)
-				s->state=SSL3_ST_SR_NEXT_PROTO_A;
+				s->state = SSL3_ST_SR_NEXT_PROTO_A;
 			else if (channel_id)
-				s->state=SSL3_ST_SR_CHANNEL_ID_A;
+				s->state = SSL3_ST_SR_CHANNEL_ID_A;
 			else
-				s->state=SSL3_ST_SR_FINISHED_A;
+				s->state = SSL3_ST_SR_FINISHED_A;
 			break;
 		}
 
@@ -604,7 +606,6 @@ int ssl3_accept(SSL *s)
 
 		case SSL3_ST_SR_FINISHED_A:
 		case SSL3_ST_SR_FINISHED_B:
-			s->s3->flags |= SSL3_FLAGS_CCS_OK;
 			ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
 				SSL3_ST_SR_FINISHED_B);
 			if (ret <= 0) goto end;
@@ -672,11 +673,11 @@ int ssl3_accept(SSL *s)
 				s->method->ssl3_enc->server_finished_label,
 				s->method->ssl3_enc->server_finished_label_len);
 			if (ret <= 0) goto end;
-			s->state=SSL3_ST_SW_FLUSH;
+			s->state = SSL3_ST_SW_FLUSH;
 			if (s->hit)
-				s->s3->tmp.next_state=SSL3_ST_SR_POST_CLIENT_CERT;
+				s->s3->tmp.next_state = SSL3_ST_SR_CHANGE;
 			else
-				s->s3->tmp.next_state=SSL_ST_OK;
+				s->s3->tmp.next_state = SSL_ST_OK;
 			s->init_num=0;
 			break;
 
diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c
index 6d0c7416..5514277b 100644
--- a/ssl/ssl_stat.c
+++ b/ssl/ssl_stat.c
@@ -134,10 +134,9 @@ case SSL3_ST_CW_FINISHED_A:
 case SSL3_ST_SW_FINISHED_A:	str="SSLv3 write finished A"; break;
 case SSL3_ST_CW_FINISHED_B:	
 case SSL3_ST_SW_FINISHED_B:	str="SSLv3 write finished B"; break;
-case SSL3_ST_CR_CHANGE_A:	
-case SSL3_ST_SR_CHANGE_A:	str="SSLv3 read change cipher spec A"; break;
-case SSL3_ST_CR_CHANGE_B:	
-case SSL3_ST_SR_CHANGE_B:	str="SSLv3 read change cipher spec B"; break;
+case SSL3_ST_CR_CHANGE_A:	str="SSLv3 read change cipher spec A"; break;
+case SSL3_ST_CR_CHANGE_B:	str="SSLv3 read change cipher spec B"; break;
+case SSL3_ST_SR_CHANGE:		str="SSLv3 read change cipher spec"; break;
 case SSL3_ST_CR_FINISHED_A:	
 case SSL3_ST_SR_FINISHED_A:	str="SSLv3 read finished A"; break;
 case SSL3_ST_CR_FINISHED_B:	
@@ -254,10 +253,9 @@ case SSL3_ST_SW_FINISHED_A:
 case SSL3_ST_CW_FINISHED_A:			str="3WFINA"; break;
 case SSL3_ST_SW_FINISHED_B:
 case SSL3_ST_CW_FINISHED_B:			str="3WFINB"; break;
-case SSL3_ST_SR_CHANGE_A:
 case SSL3_ST_CR_CHANGE_A:			str="3RCCSA"; break;
-case SSL3_ST_SR_CHANGE_B:
 case SSL3_ST_CR_CHANGE_B:			str="3RCCSB"; break;
+case SSL3_ST_SR_CHANGE:				str="3RCCS_"; break;
 case SSL3_ST_SR_FINISHED_A:
 case SSL3_ST_CR_FINISHED_A:			str="3RFINA"; break;
 case SSL3_ST_SR_FINISHED_B: