kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Consolidate CCS_OK codepaths in s3_srvr.c.

Browse Source 
Rename SSL3_ST_SR_POST_CLIENT_CERT to SSL3_ST_SR_CHANGE and have this be the
point at which CCS_OK is set. The copy before ssl3_get_finished is redundant as
we never transition to SR_FINISHED directly.

Change-Id: I3eefeb821e7ae53d52dacc587fdc59de9ea9a667
Reviewed-on: https://boringssl-review.googlesource.com/1297
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2014-07-22 14:25:28 -04:00 committed by Adam Langley
parent 794bf6e0ce
commit 84ec49e914
3 changed files with 16 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/openssl/ssl3.h
View File

@ -612,13 +612,11 @@ typedef struct ssl3_state_st
#define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT) #define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT) #define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) #define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) #define SSL3_ST_SR_CHANGE (0x1B0|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT) #define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT)
#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT) #define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT)
#endif #endif
#define SSL3_ST_SR_POST_CLIENT_CERT (0x1BF|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CHANNEL_ID_A (0x230|SSL_ST_ACCEPT) #define SSL3_ST_SR_CHANNEL_ID_A (0x230|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CHANNEL_ID_B (0x231|SSL_ST_ACCEPT) #define SSL3_ST_SR_CHANNEL_ID_B (0x231|SSL_ST_ACCEPT)
#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) #define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)

21
ssl/s3_srvr.c
View File

@ -501,7 +501,7 @@ int ssl3_accept(SSL *s)
* message is not sent. * message is not sent.
*/ */
s->init_num = 0; s->init_num = 0;
s->state=SSL3_ST_SR_POST_CLIENT_CERT; s->state = SSL3_ST_SR_CHANGE;
} }
else if (SSL_USE_SIGALGS(s)) else if (SSL_USE_SIGALGS(s))
{ {
@ -559,11 +559,11 @@ int ssl3_accept(SSL *s)
ret=ssl3_get_cert_verify(s); ret=ssl3_get_cert_verify(s);
if (ret <= 0) goto end; if (ret <= 0) goto end;
s->state=SSL3_ST_SR_POST_CLIENT_CERT; s->state = SSL3_ST_SR_CHANGE;
s->init_num=0; s->init_num=0;
break; break;
case SSL3_ST_SR_POST_CLIENT_CERT: { case SSL3_ST_SR_CHANGE: {
char next_proto_neg = 0; char next_proto_neg = 0;
char channel_id = 0; char channel_id = 0;
# if !defined(OPENSSL_NO_NEXTPROTONEG) # if !defined(OPENSSL_NO_NEXTPROTONEG)
@ -571,13 +571,15 @@ int ssl3_accept(SSL *s)
# endif # endif
channel_id = s->s3->tlsext_channel_id_valid; channel_id = s->s3->tlsext_channel_id_valid;
/* At this point, the next message must be entirely
* behind a ChangeCipherSpec. */
s->s3->flags |= SSL3_FLAGS_CCS_OK; s->s3->flags |= SSL3_FLAGS_CCS_OK;
if (next_proto_neg) if (next_proto_neg)
s->state=SSL3_ST_SR_NEXT_PROTO_A; s->state = SSL3_ST_SR_NEXT_PROTO_A;
else if (channel_id) else if (channel_id)
s->state=SSL3_ST_SR_CHANNEL_ID_A; s->state = SSL3_ST_SR_CHANNEL_ID_A;
else else
s->state=SSL3_ST_SR_FINISHED_A; s->state = SSL3_ST_SR_FINISHED_A;
break; break;
} }
@ -604,7 +606,6 @@ int ssl3_accept(SSL *s)
case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_A:
case SSL3_ST_SR_FINISHED_B: case SSL3_ST_SR_FINISHED_B:
s->s3->flags |= SSL3_FLAGS_CCS_OK;
ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
SSL3_ST_SR_FINISHED_B); SSL3_ST_SR_FINISHED_B);
if (ret <= 0) goto end; if (ret <= 0) goto end;
@ -672,11 +673,11 @@ int ssl3_accept(SSL *s)
s->method->ssl3_enc->server_finished_label, s->method->ssl3_enc->server_finished_label,
s->method->ssl3_enc->server_finished_label_len); s->method->ssl3_enc->server_finished_label_len);
if (ret <= 0) goto end; if (ret <= 0) goto end;
s->state=SSL3_ST_SW_FLUSH; s->state = SSL3_ST_SW_FLUSH;
if (s->hit) if (s->hit)
s->s3->tmp.next_state=SSL3_ST_SR_POST_CLIENT_CERT; s->s3->tmp.next_state = SSL3_ST_SR_CHANGE;
else else
s->s3->tmp.next_state=SSL_ST_OK; s->s3->tmp.next_state = SSL_ST_OK;
s->init_num=0; s->init_num=0;
break; break;

10
ssl/ssl_stat.c
View File

@ -134,10 +134,9 @@ case SSL3_ST_CW_FINISHED_A:
case SSL3_ST_SW_FINISHED_A: str="SSLv3 write finished A"; break; case SSL3_ST_SW_FINISHED_A: str="SSLv3 write finished A"; break;
case SSL3_ST_CW_FINISHED_B: case SSL3_ST_CW_FINISHED_B:
case SSL3_ST_SW_FINISHED_B: str="SSLv3 write finished B"; break; case SSL3_ST_SW_FINISHED_B: str="SSLv3 write finished B"; break;
case SSL3_ST_CR_CHANGE_A: case SSL3_ST_CR_CHANGE_A: str="SSLv3 read change cipher spec A"; break;
case SSL3_ST_SR_CHANGE_A: str="SSLv3 read change cipher spec A"; break; case SSL3_ST_CR_CHANGE_B: str="SSLv3 read change cipher spec B"; break;
case SSL3_ST_CR_CHANGE_B: case SSL3_ST_SR_CHANGE: str="SSLv3 read change cipher spec"; break;
case SSL3_ST_SR_CHANGE_B: str="SSLv3 read change cipher spec B"; break;
case SSL3_ST_CR_FINISHED_A: case SSL3_ST_CR_FINISHED_A:
case SSL3_ST_SR_FINISHED_A: str="SSLv3 read finished A"; break; case SSL3_ST_SR_FINISHED_A: str="SSLv3 read finished A"; break;
case SSL3_ST_CR_FINISHED_B: case SSL3_ST_CR_FINISHED_B:
@ -254,10 +253,9 @@ case SSL3_ST_SW_FINISHED_A:
case SSL3_ST_CW_FINISHED_A: str="3WFINA"; break; case SSL3_ST_CW_FINISHED_A: str="3WFINA"; break;
case SSL3_ST_SW_FINISHED_B: case SSL3_ST_SW_FINISHED_B:
case SSL3_ST_CW_FINISHED_B: str="3WFINB"; break; case SSL3_ST_CW_FINISHED_B: str="3WFINB"; break;
case SSL3_ST_SR_CHANGE_A:
case SSL3_ST_CR_CHANGE_A: str="3RCCSA"; break; case SSL3_ST_CR_CHANGE_A: str="3RCCSA"; break;
case SSL3_ST_SR_CHANGE_B:
case SSL3_ST_CR_CHANGE_B: str="3RCCSB"; break; case SSL3_ST_CR_CHANGE_B: str="3RCCSB"; break;
case SSL3_ST_SR_CHANGE: str="3RCCS_"; break;
case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_A:
case SSL3_ST_CR_FINISHED_A: str="3RFINA"; break; case SSL3_ST_CR_FINISHED_A: str="3RFINA"; break;
case SSL3_ST_SR_FINISHED_B: case SSL3_ST_SR_FINISHED_B: