From 9e13e1a31d52d31b427db2181b95f0bcc2dbb622 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 5 Mar 2015 01:56:32 -0500 Subject: [PATCH] Move the is_dtls bit from SSL3_ENC_METHOD to SSL_PROTOCOL_METHOD. This too isn't version-specific. This removes the final difference between TLS and DTLS SSL3_ENC_METHODs and we can fold them together. (We should be able to fold away the version-specific differences too, but all in due time.) Change-Id: I6652d3942a0970273d46d28d7052629c81f848b5 Reviewed-on: https://boringssl-review.googlesource.com/3771 Reviewed-by: Adam Langley --- ssl/d1_lib.c | 31 ------------------------------- ssl/d1_meth.c | 49 +++++++++++++++++++++++++------------------------ ssl/s3_meth.c | 1 + ssl/ssl_lib.c | 8 ++------ ssl/ssl_locl.h | 10 ++++------ 5 files changed, 32 insertions(+), 67 deletions(-) diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 48cc81f0..356a6375 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -83,37 +83,6 @@ static void get_current_time(SSL *ssl, OPENSSL_timeval *out_clock); static OPENSSL_timeval *dtls1_get_timeout(SSL *s, OPENSSL_timeval *timeleft); -const SSL3_ENC_METHOD DTLSv1_enc_data = { - tls1_enc, - tls1_prf, - tls1_setup_key_block, - tls1_generate_master_secret, - tls1_change_cipher_state, - tls1_final_finish_mac, - tls1_cert_verify_mac, - TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, - TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, - tls1_alert_code, - tls1_export_keying_material, - SSL_ENC_FLAG_DTLS|SSL_ENC_FLAG_EXPLICIT_IV, -}; - -const SSL3_ENC_METHOD DTLSv1_2_enc_data = { - tls1_enc, - tls1_prf, - tls1_setup_key_block, - tls1_generate_master_secret, - tls1_change_cipher_state, - tls1_final_finish_mac, - tls1_cert_verify_mac, - TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, - TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, - tls1_alert_code, - tls1_export_keying_material, - SSL_ENC_FLAG_DTLS | SSL_ENC_FLAG_EXPLICIT_IV | SSL_ENC_FLAG_SIGALGS | - SSL_ENC_FLAG_SHA256_PRF | SSL_ENC_FLAG_TLS1_2_CIPHERS, -}; - int dtls1_new(SSL *s) { DTLS1_STATE *d1; diff --git a/ssl/d1_meth.c b/ssl/d1_meth.c index 84f56c9b..e323fff8 100644 --- a/ssl/d1_meth.c +++ b/ssl/d1_meth.c @@ -59,30 +59,31 @@ static const SSL_PROTOCOL_METHOD DTLS_protocol_method = { - dtls1_new, - dtls1_free, - dtls1_accept, - dtls1_connect, - ssl3_read, - ssl3_peek, - ssl3_write, - dtls1_shutdown, - ssl3_renegotiate, - ssl3_renegotiate_check, - dtls1_get_message, - dtls1_read_bytes, - dtls1_write_app_data_bytes, - dtls1_dispatch_alert, - dtls1_ctrl, - ssl3_ctx_ctrl, - ssl3_pending, - ssl3_num_ciphers, - dtls1_get_cipher, - ssl3_callback_ctrl, - ssl3_ctx_callback_ctrl, - DTLS1_HM_HEADER_LENGTH, - dtls1_set_handshake_header, - dtls1_handshake_write, + 1 /* is_dtls */, + dtls1_new, + dtls1_free, + dtls1_accept, + dtls1_connect, + ssl3_read, + ssl3_peek, + ssl3_write, + dtls1_shutdown, + ssl3_renegotiate, + ssl3_renegotiate_check, + dtls1_get_message, + dtls1_read_bytes, + dtls1_write_app_data_bytes, + dtls1_dispatch_alert, + dtls1_ctrl, + ssl3_ctx_ctrl, + ssl3_pending, + ssl3_num_ciphers, + dtls1_get_cipher, + ssl3_callback_ctrl, + ssl3_ctx_callback_ctrl, + DTLS1_HM_HEADER_LENGTH, + dtls1_set_handshake_header, + dtls1_handshake_write, }; const SSL_METHOD *DTLS_method(void) { diff --git a/ssl/s3_meth.c b/ssl/s3_meth.c index a557b328..c7813698 100644 --- a/ssl/s3_meth.c +++ b/ssl/s3_meth.c @@ -58,6 +58,7 @@ static const SSL_PROTOCOL_METHOD TLS_protocol_method = { + 0 /* is_dtls */, ssl3_new, ssl3_free, ssl3_accept, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index e17ee5ae..b2fecc76 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2904,18 +2904,14 @@ const SSL3_ENC_METHOD *ssl3_get_enc_method(uint16_t version) { case TLS1_VERSION: return &TLSv1_enc_data; + case DTLS1_VERSION: case TLS1_1_VERSION: return &TLSv1_1_enc_data; + case DTLS1_2_VERSION: case TLS1_2_VERSION: return &TLSv1_2_enc_data; - case DTLS1_VERSION: - return &DTLSv1_enc_data; - - case DTLS1_2_VERSION: - return &DTLSv1_2_enc_data; - default: return NULL; } diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index c42eec38..eafff920 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -364,7 +364,7 @@ /* we have used 000001ff - 23 bits left to go */ /* Check if an SSL structure is using DTLS */ -#define SSL_IS_DTLS(s) (s->enc_method->enc_flags & SSL_ENC_FLAG_DTLS) +#define SSL_IS_DTLS(s) (s->method->is_dtls) /* See if we need explicit IV */ #define SSL_USE_EXPLICIT_IV(s) \ (s->enc_method->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV) @@ -535,6 +535,8 @@ struct ssl_method_st { /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ struct ssl_protocol_method_st { + /* is_dtls is one if the protocol is DTLS and zero otherwise. */ + char is_dtls; int (*ssl_new)(SSL *s); void (*ssl_free)(SSL *s); int (*ssl_accept)(SSL *s); @@ -603,11 +605,9 @@ struct ssl3_enc_method { #define SSL_ENC_FLAG_SIGALGS 0x2 /* Uses SHA256 default PRF */ #define SSL_ENC_FLAG_SHA256_PRF 0x4 -/* Is DTLS */ -#define SSL_ENC_FLAG_DTLS 0x8 /* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2: * may apply to others in future. */ -#define SSL_ENC_FLAG_TLS1_2_CIPHERS 0x10 +#define SSL_ENC_FLAG_TLS1_2_CIPHERS 0x8 /* ssl_aead_ctx_st contains information about an AEAD that is being used to * encrypt an SSL connection. */ @@ -638,8 +638,6 @@ extern const SSL3_ENC_METHOD TLSv1_enc_data; extern const SSL3_ENC_METHOD TLSv1_1_enc_data; extern const SSL3_ENC_METHOD TLSv1_2_enc_data; extern const SSL3_ENC_METHOD SSLv3_enc_data; -extern const SSL3_ENC_METHOD DTLSv1_enc_data; -extern const SSL3_ENC_METHOD DTLSv1_2_enc_data; void ssl_clear_cipher_ctx(SSL *s); int ssl_clear_bad_session(SSL *s);