kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Unexport the handshake's internal state.

Browse Source 
Code which manages to constrain itself on this will limit our ability to
rework the handshake. I believe, at this point, we only need to expose
one bit of information (there's some code that compares SSL_state to
SSL_ST_OK), if even that.

BUG=177

Change-Id: Ie1c43006737db0b974811f1819755c629ae68e7b
Reviewed-on: https://boringssl-review.googlesource.com/13826
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
This commit is contained in:
David Benjamin 2017-02-10 23:14:17 -05:00 committed by CQ bot account: commit-bot@chromium.org
parent 07ab5d44d9
commit 9e766d7532
4 changed files with 24 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
include/openssl/ssl.h
View File

@ -3589,7 +3589,10 @@ OPENSSL_EXPORT const char *SSL_alert_desc_string(int value);
typedef struct ssl_conf_ctx_st SSL_CONF_CTX;
/* SSL_state returns the current state of the handshake state machine. */
/* SSL_state returns |SSL_ST_INIT| if a handshake is in progress and |SSL_ST_OK|
* otherwise.
*
* Use |SSL_is_init| instead. */
OPENSSL_EXPORT int SSL_state(const SSL *ssl);
#define SSL_get_state(ssl) SSL_state(ssl)

12
ssl/ssl_lib.c
View File

@ -2094,12 +2094,7 @@ void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type,
}
int SSL_state(const SSL *ssl) {
if (ssl->s3->hs == NULL) {
assert(ssl->s3->initial_handshake_complete);
return SSL_ST_OK;
}
return ssl->s3->hs->state;
return SSL_in_init(ssl) ? SSL_ST_INIT : SSL_ST_OK;
}
void SSL_set_state(SSL *ssl, int state) { }
@ -2345,11 +2340,12 @@ int ssl_log_secret(const SSL *ssl, const char *label, const uint8_t *secret,
}
int SSL_is_init_finished(const SSL *ssl) {
return SSL_state(ssl) == SSL_ST_OK;
return !SSL_in_init(ssl);
}
int SSL_in_init(const SSL *ssl) {
return (SSL_state(ssl) & SSL_ST_INIT) != 0;
SSL_HANDSHAKE *hs = ssl->s3->hs;
return hs != NULL && hs->state != SSL_ST_OK;
}
int SSL_in_false_start(const SSL *ssl) {

4
ssl/ssl_session.c
View File

@ -898,7 +898,9 @@ static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *session, int lock) {
int SSL_set_session(SSL *ssl, SSL_SESSION *session) {
/* SSL_set_session may only be called before the handshake has started. */
if (SSL_state(ssl) != SSL_ST_INIT || ssl->s3->initial_handshake_complete) {
if (ssl->s3->initial_handshake_complete ||
ssl->s3->hs == NULL ||
ssl->s3->hs->state != SSL_ST_INIT) {
abort();
}

15
ssl/ssl_stat.c
View File

@ -83,11 +83,22 @@
#include <openssl/ssl.h>
#include <assert.h>
#include "internal.h"
static int ssl_state(const SSL *ssl) {
if (ssl->s3->hs == NULL) {
assert(ssl->s3->initial_handshake_complete);
return SSL_ST_OK;
}
return ssl->s3->hs->state;
}
const char *SSL_state_string_long(const SSL *ssl) {
switch (SSL_state(ssl)) {
switch (ssl_state(ssl)) {
case SSL_ST_ACCEPT:
return "before accept initialization";
@ -203,7 +214,7 @@ const char *SSL_state_string_long(const SSL *ssl) {
}
const char *SSL_state_string(const SSL *ssl) {
switch (SSL_state(ssl)) {
switch (ssl_state(ssl)) {
case SSL_ST_ACCEPT:
return "AINIT ";