From cde8abae14da0cf7d7047974246df5f0ccf4ca4d Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sun, 23 Nov 2014 15:47:20 -0500 Subject: [PATCH] Merge client/server SSL_METHODs into the generic one. Supporting both schemes seems pointless. Now that s->server and s->state are set appropriately late and get_ssl_method is gone, the only difference is that the client/server ones have non-functional ssl_accept or ssl_connect hooks. We can't lose the generic ones, so let's unify on that. Note: this means a static linker will no longer drop the client or server handshake code if unused by a consumer linking statically. However, Chromium needs the server half anyway for DTLS and WebRTC, so that's probably a lost cause. Android also exposes server APIs. Change-Id: I290f5fb4ed558f59fadb5d1f84e9d9c405004c23 Reviewed-on: https://boringssl-review.googlesource.com/2440 Reviewed-by: Adam Langley --- ssl/d1_clnt.c | 18 ------------------ ssl/d1_meth.c | 30 ++++++++++++++++++++++++++++++ ssl/d1_srvr.c | 18 ------------------ ssl/s23_clnt.c | 2 +- ssl/s23_srvr.c | 2 +- ssl/s3_clnt.c | 20 -------------------- ssl/s3_lib.c | 5 ----- ssl/s3_meth.c | 40 ++++++++++++++++++++++++++++++++++++++++ ssl/s3_srvr.c | 20 -------------------- ssl/test/bssl_shim.cc | 16 +--------------- 10 files changed, 73 insertions(+), 98 deletions(-) diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 8d1cceb4..64c1775a 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -128,24 +128,6 @@ static int dtls1_get_hello_verify(SSL *s); -IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, - DTLSv1_client_method, - ssl_undefined_function, - dtls1_connect, - DTLSv1_enc_data) - -IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, - DTLSv1_2_client_method, - ssl_undefined_function, - dtls1_connect, - DTLSv1_2_enc_data) - -IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, - DTLS_client_method, - ssl_undefined_function, - dtls1_connect, - DTLSv1_2_enc_data) - int dtls1_connect(SSL *s) { BUF_MEM *buf=NULL; diff --git a/ssl/d1_meth.c b/ssl/d1_meth.c index 172a7458..15b28921 100644 --- a/ssl/d1_meth.c +++ b/ssl/d1_meth.c @@ -75,3 +75,33 @@ IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, dtls1_accept, dtls1_connect, DTLSv1_2_enc_data) + +const SSL_METHOD *DTLSv1_2_server_method(void) + { + return DTLSv1_2_method(); + } + +const SSL_METHOD *DTLSv1_server_method(void) + { + return DTLSv1_method(); + } + +const SSL_METHOD *DTLS_server_method(void) + { + return DTLS_method(); + } + +const SSL_METHOD *DTLSv1_2_client_method(void) + { + return DTLSv1_2_method(); + } + +const SSL_METHOD *DTLSv1_client_method(void) + { + return DTLSv1_method(); + } + +const SSL_METHOD *DTLS_client_method(void) + { + return DTLS_method(); + } diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 2bad3633..5da2fa89 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -128,24 +128,6 @@ static int dtls1_send_hello_verify_request(SSL *s); -IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, - DTLSv1_server_method, - dtls1_accept, - ssl_undefined_function, - DTLSv1_enc_data) - -IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, - DTLSv1_2_server_method, - dtls1_accept, - ssl_undefined_function, - DTLSv1_2_enc_data) - -IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, - DTLS_server_method, - dtls1_accept, - ssl_undefined_function, - DTLSv1_2_enc_data) - int dtls1_accept(SSL *s) { BUF_MEM *buf; diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index b8bef74c..71b39364 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -120,7 +120,7 @@ static int ssl23_client_hello(SSL *s); static int ssl23_get_server_hello(SSL *s); IMPLEMENT_ssl23_meth_func(SSLv23_client_method, - ssl_undefined_function, + ssl23_accept, ssl23_connect) int ssl23_connect(SSL *s) diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 2101a915..57adbd75 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -137,7 +137,7 @@ static const SSL_METHOD *ssl23_get_server_method(int ver) IMPLEMENT_ssl23_meth_func(SSLv23_server_method, ssl23_accept, - ssl_undefined_function) + ssl23_connect) int ssl23_accept(SSL *s) { diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index f766a824..2b39ad16 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -166,26 +166,6 @@ #include "ssl_locl.h" #include "../crypto/dh/internal.h" -IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_client_method, - ssl_undefined_function, - ssl3_connect, - TLSv1_2_enc_data) - -IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_client_method, - ssl_undefined_function, - ssl3_connect, - TLSv1_1_enc_data) - -IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_client_method, - ssl_undefined_function, - ssl3_connect, - TLSv1_enc_data) - -IMPLEMENT_tls_meth_func(SSL3_VERSION, SSLv3_client_method, - ssl_undefined_function, - ssl3_connect, - SSLv3_enc_data) - int ssl3_connect(SSL *s) { BUF_MEM *buf=NULL; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 059f6952..ad09cd25 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1412,8 +1412,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) break; case SSL_CTRL_GET_CHANNEL_ID: - if (!s->server) - break; if (!s->s3->tlsext_channel_id_valid) break; memcpy(parg, s->s3->tlsext_channel_id, larg < 64 ? larg : 64); @@ -1666,9 +1664,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return ssl_cert_select_current(ctx->cert, (X509 *)parg); case SSL_CTRL_CHANNEL_ID: - /* must be called on a server */ - if (ctx->method->ssl_accept == ssl_undefined_function) - return 0; ctx->tlsext_channel_id_enabled=1; return 1; diff --git a/ssl/s3_meth.c b/ssl/s3_meth.c index 49bbc647..7c061a2f 100644 --- a/ssl/s3_meth.c +++ b/ssl/s3_meth.c @@ -77,3 +77,43 @@ IMPLEMENT_tls_meth_func(SSL3_VERSION, SSLv3_method, ssl3_accept, ssl3_connect, SSLv3_enc_data) + +const SSL_METHOD *TLSv1_2_server_method(void) + { + return TLSv1_2_method(); + } + +const SSL_METHOD *TLSv1_1_server_method(void) + { + return TLSv1_1_method(); + } + +const SSL_METHOD *TLSv1_server_method(void) + { + return TLSv1_method(); + } + +const SSL_METHOD *SSLv3_server_method(void) + { + return SSLv3_method(); + } + +const SSL_METHOD *TLSv1_2_client_method(void) + { + return TLSv1_2_method(); + } + +const SSL_METHOD *TLSv1_1_client_method(void) + { + return TLSv1_1_method(); + } + +const SSL_METHOD *TLSv1_client_method(void) + { + return TLSv1_method(); + } + +const SSL_METHOD *SSLv3_client_method(void) + { + return SSLv3_method(); + } diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 5a713a2a..5ba5b42e 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -172,26 +172,6 @@ #include "../crypto/internal.h" #include "../crypto/dh/internal.h" -IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_server_method, - ssl3_accept, - ssl_undefined_function, - TLSv1_2_enc_data) - -IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_server_method, - ssl3_accept, - ssl_undefined_function, - TLSv1_1_enc_data) - -IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_server_method, - ssl3_accept, - ssl_undefined_function, - TLSv1_enc_data) - -IMPLEMENT_tls_meth_func(SSL3_VERSION, SSLv3_server_method, - ssl3_accept, - ssl_undefined_function, - SSLv3_enc_data) - int ssl3_accept(SSL *s) { BUF_MEM *buf; diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc index 76b69581..8f6ee8d5 100644 --- a/ssl/test/bssl_shim.cc +++ b/ssl/test/bssl_shim.cc @@ -231,21 +231,7 @@ static SSL_CTX *setup_ctx(const TestConfig *config) { SSL_CTX *ssl_ctx = NULL; DH *dh = NULL; - const SSL_METHOD *method; - if (config->is_dtls) { - if (config->is_server) { - method = DTLS_server_method(); - } else { - method = DTLS_client_method(); - } - } else { - if (config->is_server) { - method = SSLv23_server_method(); - } else { - method = SSLv23_client_method(); - } - } - ssl_ctx = SSL_CTX_new(method); + ssl_ctx = SSL_CTX_new(config->is_dtls ? DTLS_method() : SSLv23_method()); if (ssl_ctx == NULL) { goto err; }