The ctrl hooks are left alone since they should just go away. Simplifying the cipher story will happen in the next CL. BUG=468889 Change-Id: I979971c90f59c55cd5d17554f1253158b114f18b Reviewed-on: https://boringssl-review.googlesource.com/4957 Reviewed-by: Adam Langley <agl@google.com>kris/onging/CECPQ3_patch15
@@ -883,9 +883,3 @@ void dtls1_get_message_header(uint8_t *data, | |||||
n2l3(data, msg_hdr->frag_off); | n2l3(data, msg_hdr->frag_off); | ||||
n2l3(data, msg_hdr->frag_len); | n2l3(data, msg_hdr->frag_len); | ||||
} | } | ||||
int dtls1_shutdown(SSL *s) { | |||||
int ret; | |||||
ret = ssl3_shutdown(s); | |||||
return ret; | |||||
} |
@@ -64,10 +64,6 @@ static const SSL_PROTOCOL_METHOD DTLS_protocol_method = { | |||||
dtls1_free, | dtls1_free, | ||||
dtls1_accept, | dtls1_accept, | ||||
dtls1_connect, | dtls1_connect, | ||||
ssl3_read, | |||||
ssl3_peek, | |||||
ssl3_write, | |||||
dtls1_shutdown, | |||||
dtls1_get_message, | dtls1_get_message, | ||||
dtls1_read_app_data, | dtls1_read_app_data, | ||||
dtls1_read_close_notify, | dtls1_read_close_notify, | ||||
@@ -75,7 +71,6 @@ static const SSL_PROTOCOL_METHOD DTLS_protocol_method = { | |||||
dtls1_dispatch_alert, | dtls1_dispatch_alert, | ||||
ssl3_ctrl, | ssl3_ctrl, | ||||
ssl3_ctx_ctrl, | ssl3_ctx_ctrl, | ||||
ssl3_pending, | |||||
ssl3_num_ciphers, | ssl3_num_ciphers, | ||||
dtls1_get_cipher, | dtls1_get_cipher, | ||||
DTLS1_HM_HEADER_LENGTH, | DTLS1_HM_HEADER_LENGTH, | ||||
@@ -637,10 +637,6 @@ struct ssl_protocol_method_st { | |||||
void (*ssl_free)(SSL *s); | void (*ssl_free)(SSL *s); | ||||
int (*ssl_accept)(SSL *s); | int (*ssl_accept)(SSL *s); | ||||
int (*ssl_connect)(SSL *s); | int (*ssl_connect)(SSL *s); | ||||
int (*ssl_read)(SSL *s, void *buf, int len); | |||||
int (*ssl_peek)(SSL *s, void *buf, int len); | |||||
int (*ssl_write)(SSL *s, const void *buf, int len); | |||||
int (*ssl_shutdown)(SSL *s); | |||||
long (*ssl_get_message)(SSL *s, int header_state, int body_state, | long (*ssl_get_message)(SSL *s, int header_state, int body_state, | ||||
int msg_type, long max, | int msg_type, long max, | ||||
enum ssl_hash_message_t hash_message, int *ok); | enum ssl_hash_message_t hash_message, int *ok); | ||||
@@ -650,7 +646,6 @@ struct ssl_protocol_method_st { | |||||
int (*ssl_dispatch_alert)(SSL *s); | int (*ssl_dispatch_alert)(SSL *s); | ||||
long (*ssl_ctrl)(SSL *s, int cmd, long larg, void *parg); | long (*ssl_ctrl)(SSL *s, int cmd, long larg, void *parg); | ||||
long (*ssl_ctx_ctrl)(SSL_CTX *ctx, int cmd, long larg, void *parg); | long (*ssl_ctx_ctrl)(SSL_CTX *ctx, int cmd, long larg, void *parg); | ||||
int (*ssl_pending)(const SSL *s); | |||||
size_t (*num_ciphers)(void); | size_t (*num_ciphers)(void); | ||||
const SSL_CIPHER *(*get_cipher)(size_t i); | const SSL_CIPHER *(*get_cipher)(size_t i); | ||||
/* Handshake header length */ | /* Handshake header length */ | ||||
@@ -926,13 +921,8 @@ int ssl3_new(SSL *s); | |||||
void ssl3_free(SSL *s); | void ssl3_free(SSL *s); | ||||
int ssl3_accept(SSL *s); | int ssl3_accept(SSL *s); | ||||
int ssl3_connect(SSL *s); | int ssl3_connect(SSL *s); | ||||
int ssl3_read(SSL *s, void *buf, int len); | |||||
int ssl3_peek(SSL *s, void *buf, int len); | |||||
int ssl3_write(SSL *s, const void *buf, int len); | |||||
int ssl3_shutdown(SSL *s); | |||||
long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg); | long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg); | ||||
long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg); | long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg); | ||||
int ssl3_pending(const SSL *s); | |||||
/* ssl3_record_sequence_update increments the sequence number in |seq|. It | /* ssl3_record_sequence_update increments the sequence number in |seq|. It | ||||
* returns one on success and zero on wraparound. */ | * returns one on success and zero on wraparound. */ | ||||
@@ -1020,7 +1010,6 @@ int dtls1_new(SSL *s); | |||||
int dtls1_accept(SSL *s); | int dtls1_accept(SSL *s); | ||||
int dtls1_connect(SSL *s); | int dtls1_connect(SSL *s); | ||||
void dtls1_free(SSL *s); | void dtls1_free(SSL *s); | ||||
int dtls1_shutdown(SSL *s); | |||||
long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, | long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, | ||||
enum ssl_hash_message_t hash_message, int *ok); | enum ssl_hash_message_t hash_message, int *ok); | ||||
@@ -501,15 +501,6 @@ const SSL_CIPHER *ssl3_get_cipher(size_t i) { | |||||
return &ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - i]; | return &ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - i]; | ||||
} | } | ||||
int ssl3_pending(const SSL *s) { | |||||
if (s->rstate == SSL_ST_READ_BODY) { | |||||
return 0; | |||||
} | |||||
return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length | |||||
: 0; | |||||
} | |||||
int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len) { | int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len) { | ||||
uint8_t *p = (uint8_t *)s->init_buf->data; | uint8_t *p = (uint8_t *)s->init_buf->data; | ||||
*(p++) = htype; | *(p++) = htype; | ||||
@@ -1117,69 +1108,6 @@ static int ssl3_set_req_cert_type(CERT *c, const uint8_t *p, size_t len) { | |||||
return 1; | return 1; | ||||
} | } | ||||
int ssl3_shutdown(SSL *s) { | |||||
int ret; | |||||
/* Do nothing if configured not to send a close_notify. */ | |||||
if (s->quiet_shutdown) { | |||||
s->shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN; | |||||
return 1; | |||||
} | |||||
if (!(s->shutdown & SSL_SENT_SHUTDOWN)) { | |||||
s->shutdown |= SSL_SENT_SHUTDOWN; | |||||
ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); | |||||
/* our shutdown alert has been sent now, and if it still needs to be | |||||
* written, s->s3->alert_dispatch will be true */ | |||||
if (s->s3->alert_dispatch) { | |||||
return -1; /* return WANT_WRITE */ | |||||
} | |||||
} else if (s->s3->alert_dispatch) { | |||||
/* resend it if not sent */ | |||||
ret = s->method->ssl_dispatch_alert(s); | |||||
if (ret == -1) { | |||||
/* we only get to return -1 here the 2nd/Nth invocation, we must have | |||||
* already signalled return 0 upon a previous invoation, return | |||||
* WANT_WRITE */ | |||||
return ret; | |||||
} | |||||
} else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { | |||||
/* If we are waiting for a close from our peer, we are closed */ | |||||
s->method->ssl_read_close_notify(s); | |||||
if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { | |||||
return -1; /* return WANT_READ */ | |||||
} | |||||
} | |||||
if (s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN) && | |||||
!s->s3->alert_dispatch) { | |||||
return 1; | |||||
} else { | |||||
return 0; | |||||
} | |||||
} | |||||
int ssl3_write(SSL *s, const void *buf, int len) { | |||||
ERR_clear_system_error(); | |||||
return s->method->ssl_write_app_data(s, buf, len); | |||||
} | |||||
static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) { | |||||
ERR_clear_system_error(); | |||||
return s->method->ssl_read_app_data(s, buf, len, peek); | |||||
} | |||||
int ssl3_read(SSL *s, void *buf, int len) { | |||||
return ssl3_read_internal(s, buf, len, 0); | |||||
} | |||||
int ssl3_peek(SSL *s, void *buf, int len) { | |||||
return ssl3_read_internal(s, buf, len, 1); | |||||
} | |||||
/* If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and | /* If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and | ||||
* handshake macs if required. */ | * handshake macs if required. */ | ||||
uint32_t ssl_get_algorithm2(SSL *s) { | uint32_t ssl_get_algorithm2(SSL *s) { | ||||
@@ -63,10 +63,6 @@ static const SSL_PROTOCOL_METHOD TLS_protocol_method = { | |||||
ssl3_free, | ssl3_free, | ||||
ssl3_accept, | ssl3_accept, | ||||
ssl3_connect, | ssl3_connect, | ||||
ssl3_read, | |||||
ssl3_peek, | |||||
ssl3_write, | |||||
ssl3_shutdown, | |||||
ssl3_get_message, | ssl3_get_message, | ||||
ssl3_read_app_data, | ssl3_read_app_data, | ||||
ssl3_read_close_notify, | ssl3_read_close_notify, | ||||
@@ -74,7 +70,6 @@ static const SSL_PROTOCOL_METHOD TLS_protocol_method = { | |||||
ssl3_dispatch_alert, | ssl3_dispatch_alert, | ||||
ssl3_ctrl, | ssl3_ctrl, | ||||
ssl3_ctx_ctrl, | ssl3_ctx_ctrl, | ||||
ssl3_pending, | |||||
ssl3_num_ciphers, | ssl3_num_ciphers, | ||||
ssl3_get_cipher, | ssl3_get_cipher, | ||||
SSL3_HM_HEADER_LENGTH, | SSL3_HM_HEADER_LENGTH, | ||||
@@ -759,7 +759,12 @@ void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes) { } | |||||
void SSL_set_read_ahead(SSL *s, int yes) { } | void SSL_set_read_ahead(SSL *s, int yes) { } | ||||
int SSL_pending(const SSL *s) { | int SSL_pending(const SSL *s) { | ||||
return s->method->ssl_pending(s); | |||||
if (s->rstate == SSL_ST_READ_BODY) { | |||||
return 0; | |||||
} | |||||
return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length | |||||
: 0; | |||||
} | } | ||||
X509 *SSL_get_peer_certificate(const SSL *s) { | X509 *SSL_get_peer_certificate(const SSL *s) { | ||||
@@ -882,7 +887,8 @@ int SSL_read(SSL *s, void *buf, int num) { | |||||
return 0; | return 0; | ||||
} | } | ||||
return s->method->ssl_read(s, buf, num); | |||||
ERR_clear_system_error(); | |||||
return s->method->ssl_read_app_data(s, buf, num, 0); | |||||
} | } | ||||
int SSL_peek(SSL *s, void *buf, int num) { | int SSL_peek(SSL *s, void *buf, int num) { | ||||
@@ -895,7 +901,8 @@ int SSL_peek(SSL *s, void *buf, int num) { | |||||
return 0; | return 0; | ||||
} | } | ||||
return s->method->ssl_peek(s, buf, num); | |||||
ERR_clear_system_error(); | |||||
return s->method->ssl_read_app_data(s, buf, num, 1); | |||||
} | } | ||||
int SSL_write(SSL *s, const void *buf, int num) { | int SSL_write(SSL *s, const void *buf, int num) { | ||||
@@ -910,7 +917,8 @@ int SSL_write(SSL *s, const void *buf, int num) { | |||||
return -1; | return -1; | ||||
} | } | ||||
return s->method->ssl_write(s, buf, num); | |||||
ERR_clear_system_error(); | |||||
return s->method->ssl_write_app_data(s, buf, num); | |||||
} | } | ||||
int SSL_shutdown(SSL *s) { | int SSL_shutdown(SSL *s) { | ||||
@@ -924,11 +932,48 @@ int SSL_shutdown(SSL *s) { | |||||
return -1; | return -1; | ||||
} | } | ||||
if (!SSL_in_init(s)) { | |||||
return s->method->ssl_shutdown(s); | |||||
if (SSL_in_init(s)) { | |||||
return 1; | |||||
} | |||||
/* Do nothing if configured not to send a close_notify. */ | |||||
if (s->quiet_shutdown) { | |||||
s->shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN; | |||||
return 1; | |||||
} | } | ||||
return 1; | |||||
if (!(s->shutdown & SSL_SENT_SHUTDOWN)) { | |||||
s->shutdown |= SSL_SENT_SHUTDOWN; | |||||
ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); | |||||
/* our shutdown alert has been sent now, and if it still needs to be | |||||
* written, s->s3->alert_dispatch will be true */ | |||||
if (s->s3->alert_dispatch) { | |||||
return -1; /* return WANT_WRITE */ | |||||
} | |||||
} else if (s->s3->alert_dispatch) { | |||||
/* resend it if not sent */ | |||||
int ret = s->method->ssl_dispatch_alert(s); | |||||
if (ret == -1) { | |||||
/* we only get to return -1 here the 2nd/Nth invocation, we must have | |||||
* already signalled return 0 upon a previous invoation, return | |||||
* WANT_WRITE */ | |||||
return ret; | |||||
} | |||||
} else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { | |||||
/* If we are waiting for a close from our peer, we are closed */ | |||||
s->method->ssl_read_close_notify(s); | |||||
if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { | |||||
return -1; /* return WANT_READ */ | |||||
} | |||||
} | |||||
if (s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN) && | |||||
!s->s3->alert_dispatch) { | |||||
return 1; | |||||
} else { | |||||
return 0; | |||||
} | |||||
} | } | ||||
int SSL_renegotiate(SSL *ssl) { | int SSL_renegotiate(SSL *ssl) { | ||||