Squash together TLS 1.2 states for server Finished block.

We can take advantage of our flight-by-flight model.

BUG=128

Change-Id: If27a5b6d88055da71199ef672d9c71969925aca9
Reviewed-on: https://boringssl-review.googlesource.com/17249
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
This commit is contained in:
David Benjamin 2017-06-15 23:15:15 -04:00 committed by Steven Valdez
parent 9b6ff440ef
commit b5f55c3afb
3 changed files with 38 additions and 59 deletions

View File

@ -358,9 +358,7 @@ OPENSSL_COMPILE_ASSERT(
#define SSL3_ST_SR_FINISHED_A (0x1C0 | SSL_ST_ACCEPT)
/* write to client */
#define SSL3_ST_SW_CHANGE (0x1D0 | SSL_ST_ACCEPT)
#define SSL3_ST_SW_FINISHED_A (0x1E0 | SSL_ST_ACCEPT)
#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0 | SSL_ST_ACCEPT)
#define SSL3_ST_SW_CERT_STATUS_A (0x200 | SSL_ST_ACCEPT)
#define SSL3_MT_HELLO_REQUEST 0

View File

@ -184,7 +184,7 @@ static int ssl3_get_client_key_exchange(SSL_HANDSHAKE *hs);
static int ssl3_get_cert_verify(SSL_HANDSHAKE *hs);
static int ssl3_get_next_proto(SSL_HANDSHAKE *hs);
static int ssl3_get_channel_id(SSL_HANDSHAKE *hs);
static int ssl3_send_new_session_ticket(SSL_HANDSHAKE *hs);
static int ssl3_send_server_finished(SSL_HANDSHAKE *hs);
static struct CRYPTO_STATIC_MUTEX g_v2clienthello_lock =
CRYPTO_STATIC_MUTEX_INIT;
@ -255,7 +255,7 @@ int ssl3_accept(SSL_HANDSHAKE *hs) {
goto end;
}
if (ssl->session != NULL) {
hs->state = SSL3_ST_SW_SESSION_TICKET_A;
hs->state = SSL3_ST_SW_FINISHED_A;
} else {
hs->state = SSL3_ST_SW_CERT_A;
}
@ -388,7 +388,7 @@ int ssl3_accept(SSL_HANDSHAKE *hs) {
if (ssl->session != NULL) {
hs->state = SSL_ST_OK;
} else {
hs->state = SSL3_ST_SW_SESSION_TICKET_A;
hs->state = SSL3_ST_SW_FINISHED_A;
}
/* If this is a full handshake with ChannelID then record the handshake
@ -402,28 +402,8 @@ int ssl3_accept(SSL_HANDSHAKE *hs) {
}
break;
case SSL3_ST_SW_SESSION_TICKET_A:
if (hs->ticket_expected) {
ret = ssl3_send_new_session_ticket(hs);
if (ret <= 0) {
goto end;
}
}
hs->state = SSL3_ST_SW_CHANGE;
break;
case SSL3_ST_SW_CHANGE:
if (!ssl->method->add_change_cipher_spec(ssl) ||
!tls1_change_cipher_state(hs, SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
ret = -1;
goto end;
}
hs->state = SSL3_ST_SW_FINISHED_A;
break;
case SSL3_ST_SW_FINISHED_A:
ret = ssl3_send_finished(hs);
ret = ssl3_send_server_finished(hs);
if (ret <= 0) {
goto end;
}
@ -1825,8 +1805,10 @@ static int ssl3_get_channel_id(SSL_HANDSHAKE *hs) {
return 1;
}
static int ssl3_send_new_session_ticket(SSL_HANDSHAKE *hs) {
static int ssl3_send_server_finished(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
if (hs->ticket_expected) {
const SSL_SESSION *session;
SSL_SESSION *session_copy = NULL;
if (ssl->session == NULL) {
@ -1834,8 +1816,8 @@ static int ssl3_send_new_session_ticket(SSL_HANDSHAKE *hs) {
ssl_session_rebase_time(ssl, hs->new_session);
session = hs->new_session;
} else {
/* We are renewing an existing session. Duplicate the session to adjust the
* timeout. */
/* We are renewing an existing session. Duplicate the session to adjust
* the timeout. */
session_copy = SSL_SESSION_dup(ssl->session, SSL_SESSION_INCLUDE_NONAUTH);
if (session_copy == NULL) {
return -1;
@ -1846,19 +1828,23 @@ static int ssl3_send_new_session_ticket(SSL_HANDSHAKE *hs) {
}
CBB cbb, body, ticket;
int ok =
ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_NEW_SESSION_TICKET) &&
int ok = ssl->method->init_message(ssl, &cbb, &body,
SSL3_MT_NEW_SESSION_TICKET) &&
CBB_add_u32(&body, session->timeout) &&
CBB_add_u16_length_prefixed(&body, &ticket) &&
ssl_encrypt_ticket(ssl, &ticket, session) &&
ssl_add_message_cbb(ssl, &cbb);
SSL_SESSION_free(session_copy);
CBB_cleanup(&cbb);
if (!ok) {
return -1;
}
}
return 1;
if (!ssl->method->add_change_cipher_spec(ssl) ||
!tls1_change_cipher_state(hs, SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
return -1;
}
return ssl3_send_finished(hs);
}

View File

@ -146,7 +146,6 @@ const char *SSL_state_string_long(const SSL *ssl) {
return "SSLv3 write certificate verify B";
case SSL3_ST_CW_CHANGE:
case SSL3_ST_SW_CHANGE:
return "SSLv3 write change cipher spec";
case SSL3_ST_CW_FINISHED_A:
@ -186,9 +185,6 @@ const char *SSL_state_string_long(const SSL *ssl) {
case SSL3_ST_SW_CERT_REQ_A:
return "SSLv3 write certificate request A";
case SSL3_ST_SW_SESSION_TICKET_A:
return "SSLv3 write session ticket A";
case SSL3_ST_SW_SRVR_DONE_A:
return "SSLv3 write server done A";
@ -259,7 +255,6 @@ const char *SSL_state_string(const SSL *ssl) {
case SSL3_ST_CW_CERT_VRFY_B:
return "3WCV_B";
case SSL3_ST_SW_CHANGE:
case SSL3_ST_CW_CHANGE:
return "3WCCS_";