Squash together TLS 1.2 states for server Finished block.
We can take advantage of our flight-by-flight model. BUG=128 Change-Id: If27a5b6d88055da71199ef672d9c71969925aca9 Reviewed-on: https://boringssl-review.googlesource.com/17249 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: Steven Valdez <svaldez@google.com>
This commit is contained in:
parent
9b6ff440ef
commit
b5f55c3afb
@ -358,9 +358,7 @@ OPENSSL_COMPILE_ASSERT(
|
||||
#define SSL3_ST_SR_FINISHED_A (0x1C0 | SSL_ST_ACCEPT)
|
||||
|
||||
/* write to client */
|
||||
#define SSL3_ST_SW_CHANGE (0x1D0 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SW_FINISHED_A (0x1E0 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SW_CERT_STATUS_A (0x200 | SSL_ST_ACCEPT)
|
||||
|
||||
#define SSL3_MT_HELLO_REQUEST 0
|
||||
|
@ -184,7 +184,7 @@ static int ssl3_get_client_key_exchange(SSL_HANDSHAKE *hs);
|
||||
static int ssl3_get_cert_verify(SSL_HANDSHAKE *hs);
|
||||
static int ssl3_get_next_proto(SSL_HANDSHAKE *hs);
|
||||
static int ssl3_get_channel_id(SSL_HANDSHAKE *hs);
|
||||
static int ssl3_send_new_session_ticket(SSL_HANDSHAKE *hs);
|
||||
static int ssl3_send_server_finished(SSL_HANDSHAKE *hs);
|
||||
|
||||
static struct CRYPTO_STATIC_MUTEX g_v2clienthello_lock =
|
||||
CRYPTO_STATIC_MUTEX_INIT;
|
||||
@ -255,7 +255,7 @@ int ssl3_accept(SSL_HANDSHAKE *hs) {
|
||||
goto end;
|
||||
}
|
||||
if (ssl->session != NULL) {
|
||||
hs->state = SSL3_ST_SW_SESSION_TICKET_A;
|
||||
hs->state = SSL3_ST_SW_FINISHED_A;
|
||||
} else {
|
||||
hs->state = SSL3_ST_SW_CERT_A;
|
||||
}
|
||||
@ -388,7 +388,7 @@ int ssl3_accept(SSL_HANDSHAKE *hs) {
|
||||
if (ssl->session != NULL) {
|
||||
hs->state = SSL_ST_OK;
|
||||
} else {
|
||||
hs->state = SSL3_ST_SW_SESSION_TICKET_A;
|
||||
hs->state = SSL3_ST_SW_FINISHED_A;
|
||||
}
|
||||
|
||||
/* If this is a full handshake with ChannelID then record the handshake
|
||||
@ -402,28 +402,8 @@ int ssl3_accept(SSL_HANDSHAKE *hs) {
|
||||
}
|
||||
break;
|
||||
|
||||
case SSL3_ST_SW_SESSION_TICKET_A:
|
||||
if (hs->ticket_expected) {
|
||||
ret = ssl3_send_new_session_ticket(hs);
|
||||
if (ret <= 0) {
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
hs->state = SSL3_ST_SW_CHANGE;
|
||||
break;
|
||||
|
||||
case SSL3_ST_SW_CHANGE:
|
||||
if (!ssl->method->add_change_cipher_spec(ssl) ||
|
||||
!tls1_change_cipher_state(hs, SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
|
||||
ret = -1;
|
||||
goto end;
|
||||
}
|
||||
|
||||
hs->state = SSL3_ST_SW_FINISHED_A;
|
||||
break;
|
||||
|
||||
case SSL3_ST_SW_FINISHED_A:
|
||||
ret = ssl3_send_finished(hs);
|
||||
ret = ssl3_send_server_finished(hs);
|
||||
if (ret <= 0) {
|
||||
goto end;
|
||||
}
|
||||
@ -1825,8 +1805,10 @@ static int ssl3_get_channel_id(SSL_HANDSHAKE *hs) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int ssl3_send_new_session_ticket(SSL_HANDSHAKE *hs) {
|
||||
static int ssl3_send_server_finished(SSL_HANDSHAKE *hs) {
|
||||
SSL *const ssl = hs->ssl;
|
||||
|
||||
if (hs->ticket_expected) {
|
||||
const SSL_SESSION *session;
|
||||
SSL_SESSION *session_copy = NULL;
|
||||
if (ssl->session == NULL) {
|
||||
@ -1834,8 +1816,8 @@ static int ssl3_send_new_session_ticket(SSL_HANDSHAKE *hs) {
|
||||
ssl_session_rebase_time(ssl, hs->new_session);
|
||||
session = hs->new_session;
|
||||
} else {
|
||||
/* We are renewing an existing session. Duplicate the session to adjust the
|
||||
* timeout. */
|
||||
/* We are renewing an existing session. Duplicate the session to adjust
|
||||
* the timeout. */
|
||||
session_copy = SSL_SESSION_dup(ssl->session, SSL_SESSION_INCLUDE_NONAUTH);
|
||||
if (session_copy == NULL) {
|
||||
return -1;
|
||||
@ -1846,19 +1828,23 @@ static int ssl3_send_new_session_ticket(SSL_HANDSHAKE *hs) {
|
||||
}
|
||||
|
||||
CBB cbb, body, ticket;
|
||||
int ok =
|
||||
ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_NEW_SESSION_TICKET) &&
|
||||
int ok = ssl->method->init_message(ssl, &cbb, &body,
|
||||
SSL3_MT_NEW_SESSION_TICKET) &&
|
||||
CBB_add_u32(&body, session->timeout) &&
|
||||
CBB_add_u16_length_prefixed(&body, &ticket) &&
|
||||
ssl_encrypt_ticket(ssl, &ticket, session) &&
|
||||
ssl_add_message_cbb(ssl, &cbb);
|
||||
|
||||
SSL_SESSION_free(session_copy);
|
||||
CBB_cleanup(&cbb);
|
||||
|
||||
if (!ok) {
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
return 1;
|
||||
if (!ssl->method->add_change_cipher_spec(ssl) ||
|
||||
!tls1_change_cipher_state(hs, SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
return ssl3_send_finished(hs);
|
||||
}
|
||||
|
@ -146,7 +146,6 @@ const char *SSL_state_string_long(const SSL *ssl) {
|
||||
return "SSLv3 write certificate verify B";
|
||||
|
||||
case SSL3_ST_CW_CHANGE:
|
||||
case SSL3_ST_SW_CHANGE:
|
||||
return "SSLv3 write change cipher spec";
|
||||
|
||||
case SSL3_ST_CW_FINISHED_A:
|
||||
@ -186,9 +185,6 @@ const char *SSL_state_string_long(const SSL *ssl) {
|
||||
case SSL3_ST_SW_CERT_REQ_A:
|
||||
return "SSLv3 write certificate request A";
|
||||
|
||||
case SSL3_ST_SW_SESSION_TICKET_A:
|
||||
return "SSLv3 write session ticket A";
|
||||
|
||||
case SSL3_ST_SW_SRVR_DONE_A:
|
||||
return "SSLv3 write server done A";
|
||||
|
||||
@ -259,7 +255,6 @@ const char *SSL_state_string(const SSL *ssl) {
|
||||
case SSL3_ST_CW_CERT_VRFY_B:
|
||||
return "3WCV_B";
|
||||
|
||||
case SSL3_ST_SW_CHANGE:
|
||||
case SSL3_ST_CW_CHANGE:
|
||||
return "3WCCS_";
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user