Squash together TLS 1.2 states for server Finished block.
We can take advantage of our flight-by-flight model. BUG=128 Change-Id: If27a5b6d88055da71199ef672d9c71969925aca9 Reviewed-on: https://boringssl-review.googlesource.com/17249 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: Steven Valdez <svaldez@google.com>
This commit is contained in:
parent
9b6ff440ef
commit
b5f55c3afb
@ -358,9 +358,7 @@ OPENSSL_COMPILE_ASSERT(
|
|||||||
#define SSL3_ST_SR_FINISHED_A (0x1C0 | SSL_ST_ACCEPT)
|
#define SSL3_ST_SR_FINISHED_A (0x1C0 | SSL_ST_ACCEPT)
|
||||||
|
|
||||||
/* write to client */
|
/* write to client */
|
||||||
#define SSL3_ST_SW_CHANGE (0x1D0 | SSL_ST_ACCEPT)
|
|
||||||
#define SSL3_ST_SW_FINISHED_A (0x1E0 | SSL_ST_ACCEPT)
|
#define SSL3_ST_SW_FINISHED_A (0x1E0 | SSL_ST_ACCEPT)
|
||||||
#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0 | SSL_ST_ACCEPT)
|
|
||||||
#define SSL3_ST_SW_CERT_STATUS_A (0x200 | SSL_ST_ACCEPT)
|
#define SSL3_ST_SW_CERT_STATUS_A (0x200 | SSL_ST_ACCEPT)
|
||||||
|
|
||||||
#define SSL3_MT_HELLO_REQUEST 0
|
#define SSL3_MT_HELLO_REQUEST 0
|
||||||
|
@ -184,7 +184,7 @@ static int ssl3_get_client_key_exchange(SSL_HANDSHAKE *hs);
|
|||||||
static int ssl3_get_cert_verify(SSL_HANDSHAKE *hs);
|
static int ssl3_get_cert_verify(SSL_HANDSHAKE *hs);
|
||||||
static int ssl3_get_next_proto(SSL_HANDSHAKE *hs);
|
static int ssl3_get_next_proto(SSL_HANDSHAKE *hs);
|
||||||
static int ssl3_get_channel_id(SSL_HANDSHAKE *hs);
|
static int ssl3_get_channel_id(SSL_HANDSHAKE *hs);
|
||||||
static int ssl3_send_new_session_ticket(SSL_HANDSHAKE *hs);
|
static int ssl3_send_server_finished(SSL_HANDSHAKE *hs);
|
||||||
|
|
||||||
static struct CRYPTO_STATIC_MUTEX g_v2clienthello_lock =
|
static struct CRYPTO_STATIC_MUTEX g_v2clienthello_lock =
|
||||||
CRYPTO_STATIC_MUTEX_INIT;
|
CRYPTO_STATIC_MUTEX_INIT;
|
||||||
@ -255,7 +255,7 @@ int ssl3_accept(SSL_HANDSHAKE *hs) {
|
|||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
if (ssl->session != NULL) {
|
if (ssl->session != NULL) {
|
||||||
hs->state = SSL3_ST_SW_SESSION_TICKET_A;
|
hs->state = SSL3_ST_SW_FINISHED_A;
|
||||||
} else {
|
} else {
|
||||||
hs->state = SSL3_ST_SW_CERT_A;
|
hs->state = SSL3_ST_SW_CERT_A;
|
||||||
}
|
}
|
||||||
@ -388,7 +388,7 @@ int ssl3_accept(SSL_HANDSHAKE *hs) {
|
|||||||
if (ssl->session != NULL) {
|
if (ssl->session != NULL) {
|
||||||
hs->state = SSL_ST_OK;
|
hs->state = SSL_ST_OK;
|
||||||
} else {
|
} else {
|
||||||
hs->state = SSL3_ST_SW_SESSION_TICKET_A;
|
hs->state = SSL3_ST_SW_FINISHED_A;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* If this is a full handshake with ChannelID then record the handshake
|
/* If this is a full handshake with ChannelID then record the handshake
|
||||||
@ -402,28 +402,8 @@ int ssl3_accept(SSL_HANDSHAKE *hs) {
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SSL3_ST_SW_SESSION_TICKET_A:
|
|
||||||
if (hs->ticket_expected) {
|
|
||||||
ret = ssl3_send_new_session_ticket(hs);
|
|
||||||
if (ret <= 0) {
|
|
||||||
goto end;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
hs->state = SSL3_ST_SW_CHANGE;
|
|
||||||
break;
|
|
||||||
|
|
||||||
case SSL3_ST_SW_CHANGE:
|
|
||||||
if (!ssl->method->add_change_cipher_spec(ssl) ||
|
|
||||||
!tls1_change_cipher_state(hs, SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
|
|
||||||
ret = -1;
|
|
||||||
goto end;
|
|
||||||
}
|
|
||||||
|
|
||||||
hs->state = SSL3_ST_SW_FINISHED_A;
|
|
||||||
break;
|
|
||||||
|
|
||||||
case SSL3_ST_SW_FINISHED_A:
|
case SSL3_ST_SW_FINISHED_A:
|
||||||
ret = ssl3_send_finished(hs);
|
ret = ssl3_send_server_finished(hs);
|
||||||
if (ret <= 0) {
|
if (ret <= 0) {
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
@ -1825,8 +1805,10 @@ static int ssl3_get_channel_id(SSL_HANDSHAKE *hs) {
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int ssl3_send_new_session_ticket(SSL_HANDSHAKE *hs) {
|
static int ssl3_send_server_finished(SSL_HANDSHAKE *hs) {
|
||||||
SSL *const ssl = hs->ssl;
|
SSL *const ssl = hs->ssl;
|
||||||
|
|
||||||
|
if (hs->ticket_expected) {
|
||||||
const SSL_SESSION *session;
|
const SSL_SESSION *session;
|
||||||
SSL_SESSION *session_copy = NULL;
|
SSL_SESSION *session_copy = NULL;
|
||||||
if (ssl->session == NULL) {
|
if (ssl->session == NULL) {
|
||||||
@ -1834,8 +1816,8 @@ static int ssl3_send_new_session_ticket(SSL_HANDSHAKE *hs) {
|
|||||||
ssl_session_rebase_time(ssl, hs->new_session);
|
ssl_session_rebase_time(ssl, hs->new_session);
|
||||||
session = hs->new_session;
|
session = hs->new_session;
|
||||||
} else {
|
} else {
|
||||||
/* We are renewing an existing session. Duplicate the session to adjust the
|
/* We are renewing an existing session. Duplicate the session to adjust
|
||||||
* timeout. */
|
* the timeout. */
|
||||||
session_copy = SSL_SESSION_dup(ssl->session, SSL_SESSION_INCLUDE_NONAUTH);
|
session_copy = SSL_SESSION_dup(ssl->session, SSL_SESSION_INCLUDE_NONAUTH);
|
||||||
if (session_copy == NULL) {
|
if (session_copy == NULL) {
|
||||||
return -1;
|
return -1;
|
||||||
@ -1846,19 +1828,23 @@ static int ssl3_send_new_session_ticket(SSL_HANDSHAKE *hs) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
CBB cbb, body, ticket;
|
CBB cbb, body, ticket;
|
||||||
int ok =
|
int ok = ssl->method->init_message(ssl, &cbb, &body,
|
||||||
ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_NEW_SESSION_TICKET) &&
|
SSL3_MT_NEW_SESSION_TICKET) &&
|
||||||
CBB_add_u32(&body, session->timeout) &&
|
CBB_add_u32(&body, session->timeout) &&
|
||||||
CBB_add_u16_length_prefixed(&body, &ticket) &&
|
CBB_add_u16_length_prefixed(&body, &ticket) &&
|
||||||
ssl_encrypt_ticket(ssl, &ticket, session) &&
|
ssl_encrypt_ticket(ssl, &ticket, session) &&
|
||||||
ssl_add_message_cbb(ssl, &cbb);
|
ssl_add_message_cbb(ssl, &cbb);
|
||||||
|
|
||||||
SSL_SESSION_free(session_copy);
|
SSL_SESSION_free(session_copy);
|
||||||
CBB_cleanup(&cbb);
|
CBB_cleanup(&cbb);
|
||||||
|
|
||||||
if (!ok) {
|
if (!ok) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return 1;
|
if (!ssl->method->add_change_cipher_spec(ssl) ||
|
||||||
|
!tls1_change_cipher_state(hs, SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return ssl3_send_finished(hs);
|
||||||
}
|
}
|
||||||
|
@ -146,7 +146,6 @@ const char *SSL_state_string_long(const SSL *ssl) {
|
|||||||
return "SSLv3 write certificate verify B";
|
return "SSLv3 write certificate verify B";
|
||||||
|
|
||||||
case SSL3_ST_CW_CHANGE:
|
case SSL3_ST_CW_CHANGE:
|
||||||
case SSL3_ST_SW_CHANGE:
|
|
||||||
return "SSLv3 write change cipher spec";
|
return "SSLv3 write change cipher spec";
|
||||||
|
|
||||||
case SSL3_ST_CW_FINISHED_A:
|
case SSL3_ST_CW_FINISHED_A:
|
||||||
@ -186,9 +185,6 @@ const char *SSL_state_string_long(const SSL *ssl) {
|
|||||||
case SSL3_ST_SW_CERT_REQ_A:
|
case SSL3_ST_SW_CERT_REQ_A:
|
||||||
return "SSLv3 write certificate request A";
|
return "SSLv3 write certificate request A";
|
||||||
|
|
||||||
case SSL3_ST_SW_SESSION_TICKET_A:
|
|
||||||
return "SSLv3 write session ticket A";
|
|
||||||
|
|
||||||
case SSL3_ST_SW_SRVR_DONE_A:
|
case SSL3_ST_SW_SRVR_DONE_A:
|
||||||
return "SSLv3 write server done A";
|
return "SSLv3 write server done A";
|
||||||
|
|
||||||
@ -259,7 +255,6 @@ const char *SSL_state_string(const SSL *ssl) {
|
|||||||
case SSL3_ST_CW_CERT_VRFY_B:
|
case SSL3_ST_CW_CERT_VRFY_B:
|
||||||
return "3WCV_B";
|
return "3WCV_B";
|
||||||
|
|
||||||
case SSL3_ST_SW_CHANGE:
|
|
||||||
case SSL3_ST_CW_CHANGE:
|
case SSL3_ST_CW_CHANGE:
|
||||||
return "3WCCS_";
|
return "3WCCS_";
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user