Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
接近 2 年 前同步成功

通知 12
Star 18
Fork 1
T
Third Party Openssl
提交 4004ce5f 编写于 作者: M Matt Caswell
浏览文件
操作

Introduce a new early_data state in the state machine 

Also simplifies the state machine a bit.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
上级 bc908c67
隐藏空白更改
内联 并排
Showing with 27 addition and 40 deletion
include/openssl/ssl.h
浏览文件 @ 4004ce5f
...@@ -899,7 +899,8 @@ typedef enum { ...@@ -899,7 +899,8 @@ typedef enum {
TLS_ST_SW_KEY_UPDATE, TLS_ST_SW_KEY_UPDATE,
TLS_ST_CW_KEY_UPDATE, TLS_ST_CW_KEY_UPDATE,
TLS_ST_SR_KEY_UPDATE, TLS_ST_SR_KEY_UPDATE,
TLS_ST_CR_KEY_UPDATE TLS_ST_CR_KEY_UPDATE,
TLS_ST_CW_EARLY_DATA
} OSSL_HANDSHAKE_STATE; } OSSL_HANDSHAKE_STATE;
/* /*
......
ssl/statem/statem_clnt.c
浏览文件 @ 4004ce5f
...@@ -191,11 +191,6 @@ static int ossl_statem_client13_read_transition(SSL *s, int mt) ...@@ -191,11 +191,6 @@ static int ossl_statem_client13_read_transition(SSL *s, int mt)
break; break;
case TLS_ST_OK: case TLS_ST_OK:
if (s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING
&& mt == SSL3_MT_SERVER_HELLO) {
st->hand_state = TLS_ST_CR_SRVR_HELLO;
return 1;
}
if (mt == SSL3_MT_NEWSESSION_TICKET) { if (mt == SSL3_MT_NEWSESSION_TICKET) {
st->hand_state = TLS_ST_CR_SESSION_TICKET; st->hand_state = TLS_ST_CR_SESSION_TICKET;
return 1; return 1;
...@@ -258,6 +253,22 @@ int ossl_statem_client_read_transition(SSL *s, int mt) ...@@ -258,6 +253,22 @@ int ossl_statem_client_read_transition(SSL *s, int mt)
} }
break; break;
case TLS_ST_CW_EARLY_DATA:
/*
* We've not actually selected TLSv1.3 yet, but we have sent early
* data. The only thing allowed now is a ServerHello or a
* HelloRetryRequest.
*/
if (mt == SSL3_MT_SERVER_HELLO) {
st->hand_state = TLS_ST_CR_SRVR_HELLO;
return 1;
}
if (mt == SSL3_MT_HELLO_RETRY_REQUEST) {
st->hand_state = TLS_ST_CR_HELLO_RETRY_REQUEST;
return 1;
}
break;
case TLS_ST_CR_SRVR_HELLO: case TLS_ST_CR_SRVR_HELLO:
if (s->hit) { if (s->hit) {
if (s->ext.ticket_expected) { if (s->ext.ticket_expected) {
...@@ -382,21 +393,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt) ...@@ -382,21 +393,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt)
break; break;
case TLS_ST_OK: case TLS_ST_OK:
if (s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING) { if (mt == SSL3_MT_HELLO_REQUEST) {
/*
* We've not actually selected TLSv1.3 yet, but we have sent early
* data. The only thing allowed now is a ServerHello or a
* HelloRetryRequest.
*/
if (mt == SSL3_MT_SERVER_HELLO) {
st->hand_state = TLS_ST_CR_SRVR_HELLO;
return 1;
}
if (mt == SSL3_MT_HELLO_RETRY_REQUEST) {
st->hand_state = TLS_ST_CR_HELLO_RETRY_REQUEST;
return 1;
}
} else if (mt == SSL3_MT_HELLO_REQUEST) {
st->hand_state = TLS_ST_CR_HELLO_REQ; st->hand_state = TLS_ST_CR_HELLO_REQ;
return 1; return 1;
} }
...@@ -463,7 +460,6 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s) ...@@ -463,7 +460,6 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s)
case TLS_ST_CR_SESSION_TICKET: case TLS_ST_CR_SESSION_TICKET:
case TLS_ST_CW_FINISHED: case TLS_ST_CW_FINISHED:
st->hand_state = TLS_ST_OK; st->hand_state = TLS_ST_OK;
ossl_statem_set_in_init(s, 0);
return WRITE_TRAN_CONTINUE; return WRITE_TRAN_CONTINUE;
case TLS_ST_OK: case TLS_ST_OK:
...@@ -499,13 +495,6 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) ...@@ -499,13 +495,6 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
return WRITE_TRAN_ERROR; return WRITE_TRAN_ERROR;
case TLS_ST_OK: case TLS_ST_OK:
if (s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING) {
/*
* We are assuming this is a TLSv1.3 connection, although we haven't
* actually selected a version yet.
*/
return WRITE_TRAN_FINISHED;
}
if (!s->renegotiate) { if (!s->renegotiate) {
/* /*
* We haven't requested a renegotiation ourselves so we must have * We haven't requested a renegotiation ourselves so we must have
...@@ -524,8 +513,7 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) ...@@ -524,8 +513,7 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
* We are assuming this is a TLSv1.3 connection, although we haven't * We are assuming this is a TLSv1.3 connection, although we haven't
* actually selected a version yet. * actually selected a version yet.
*/ */
st->hand_state = TLS_ST_OK; st->hand_state = TLS_ST_CW_EARLY_DATA;
ossl_statem_set_in_init(s, 0);
return WRITE_TRAN_CONTINUE; return WRITE_TRAN_CONTINUE;
} }
/* /*
...@@ -534,6 +522,9 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) ...@@ -534,6 +522,9 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
*/ */
return WRITE_TRAN_FINISHED; return WRITE_TRAN_FINISHED;
case TLS_ST_CW_EARLY_DATA:
return WRITE_TRAN_FINISHED;
case DTLS_ST_CR_HELLO_VERIFY_REQUEST: case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
st->hand_state = TLS_ST_CW_CLNT_HELLO; st->hand_state = TLS_ST_CW_CLNT_HELLO;
return WRITE_TRAN_CONTINUE; return WRITE_TRAN_CONTINUE;
...@@ -576,7 +567,8 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) ...@@ -576,7 +567,8 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
case TLS_ST_CW_CHANGE: case TLS_ST_CW_CHANGE:
#if defined(OPENSSL_NO_NEXTPROTONEG) #if defined(OPENSSL_NO_NEXTPROTONEG)
st->hand_state = TLS_ST_CW_FINISHED; st->
hand_state = TLS_ST_CW_FINISHED;
#else #else
if (!SSL_IS_DTLS(s) && s->s3->npn_seen) if (!SSL_IS_DTLS(s) && s->s3->npn_seen)
st->hand_state = TLS_ST_CW_NEXT_PROTO; st->hand_state = TLS_ST_CW_NEXT_PROTO;
...@@ -594,7 +586,6 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) ...@@ -594,7 +586,6 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
case TLS_ST_CW_FINISHED: case TLS_ST_CW_FINISHED:
if (s->hit) { if (s->hit) {
st->hand_state = TLS_ST_OK; st->hand_state = TLS_ST_OK;
ossl_statem_set_in_init(s, 0);
return WRITE_TRAN_CONTINUE; return WRITE_TRAN_CONTINUE;
} else { } else {
return WRITE_TRAN_FINISHED; return WRITE_TRAN_FINISHED;
...@@ -606,7 +597,6 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) ...@@ -606,7 +597,6 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
return WRITE_TRAN_CONTINUE; return WRITE_TRAN_CONTINUE;
} else { } else {
st->hand_state = TLS_ST_OK; st->hand_state = TLS_ST_OK;
ossl_statem_set_in_init(s, 0);
return WRITE_TRAN_CONTINUE; return WRITE_TRAN_CONTINUE;
} }
...@@ -624,7 +614,6 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) ...@@ -624,7 +614,6 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
return WRITE_TRAN_CONTINUE; return WRITE_TRAN_CONTINUE;
} }
st->hand_state = TLS_ST_OK; st->hand_state = TLS_ST_OK;
ossl_statem_set_in_init(s, 0);
return WRITE_TRAN_CONTINUE; return WRITE_TRAN_CONTINUE;
} }
} }
...@@ -669,6 +658,7 @@ WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst) ...@@ -669,6 +658,7 @@ WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst)
} }
break; break;
case TLS_ST_CW_EARLY_DATA:
case TLS_ST_OK: case TLS_ST_OK:
return tls_finish_handshake(s, wst, 1); return tls_finish_handshake(s, wst, 1);
} }
......
ssl/statem/statem_lib.c
浏览文件 @ 4004ce5f
...@@ -958,6 +958,7 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs) ...@@ -958,6 +958,7 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs)
if (!clearbufs) if (!clearbufs)
return WORK_FINISHED_CONTINUE; return WORK_FINISHED_CONTINUE;
ossl_statem_set_in_init(s, 0);
return WORK_FINISHED_STOP; return WORK_FINISHED_STOP;
} }
......
ssl/statem/statem_srvr.c
浏览文件 @ 4004ce5f
...@@ -462,7 +462,6 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s) ...@@ -462,7 +462,6 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s)
case TLS_ST_SW_FINISHED: case TLS_ST_SW_FINISHED:
if (s->early_data_state == SSL_EARLY_DATA_ACCEPTING) { if (s->early_data_state == SSL_EARLY_DATA_ACCEPTING) {
st->hand_state = TLS_ST_OK; st->hand_state = TLS_ST_OK;
ossl_statem_set_in_init(s, 0);
return WRITE_TRAN_CONTINUE; return WRITE_TRAN_CONTINUE;
} }
return WRITE_TRAN_FINISHED; return WRITE_TRAN_FINISHED;
...@@ -489,7 +488,6 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s) ...@@ -489,7 +488,6 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s)
case TLS_ST_SW_KEY_UPDATE: case TLS_ST_SW_KEY_UPDATE:
case TLS_ST_SW_SESSION_TICKET: case TLS_ST_SW_SESSION_TICKET:
st->hand_state = TLS_ST_OK; st->hand_state = TLS_ST_OK;
ossl_statem_set_in_init(s, 0);
return WRITE_TRAN_CONTINUE; return WRITE_TRAN_CONTINUE;
} }
} }
...@@ -535,7 +533,6 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s) ...@@ -535,7 +533,6 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s)
case TLS_ST_SW_HELLO_REQ: case TLS_ST_SW_HELLO_REQ:
st->hand_state = TLS_ST_OK; st->hand_state = TLS_ST_OK;
ossl_statem_set_in_init(s, 0);
return WRITE_TRAN_CONTINUE; return WRITE_TRAN_CONTINUE;
case TLS_ST_SR_CLNT_HELLO: case TLS_ST_SR_CLNT_HELLO:
...@@ -602,7 +599,6 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s) ...@@ -602,7 +599,6 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s)
case TLS_ST_SR_FINISHED: case TLS_ST_SR_FINISHED:
if (s->hit) { if (s->hit) {
st->hand_state = TLS_ST_OK; st->hand_state = TLS_ST_OK;
ossl_statem_set_in_init(s, 0);
return WRITE_TRAN_CONTINUE; return WRITE_TRAN_CONTINUE;
} else if (s->ext.ticket_expected) { } else if (s->ext.ticket_expected) {
st->hand_state = TLS_ST_SW_SESSION_TICKET; st->hand_state = TLS_ST_SW_SESSION_TICKET;
...@@ -624,7 +620,6 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s) ...@@ -624,7 +620,6 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s)
return WRITE_TRAN_FINISHED; return WRITE_TRAN_FINISHED;
} }
st->hand_state = TLS_ST_OK; st->hand_state = TLS_ST_OK;
ossl_statem_set_in_init(s, 0);
return WRITE_TRAN_CONTINUE; return WRITE_TRAN_CONTINUE;
} }
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册