Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
大约 1 年 前同步成功

通知 9
Star 18
Fork 1
T
Third Party Openssl

体验新版 GitCode,发现更多精彩内容 >>

提交 49ae7423 编写于 作者: M Matt Caswell
浏览文件
操作

Remove redundant code 

Clean up and remove lots of code that is now no longer needed due to the
move to the new state machine.
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
上级 c130dd8e
展开全部 隐藏空白更改
内联 并排
Showing with 279 addition and 2421 deletion
apps/s_server.c
浏览文件 @ 49ae7423
......@@ -2428,7 +2428,7 @@ static int init_ssl_connection(SSL *con)
#ifdef CERT_CB_TEST_RETRY
{
while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP
&& SSL_state(con) == SSL3_ST_SR_CLNT_HELLO_C) {
&& SSL_state(con) == TLS_ST_SR_CLNT_HELLO) {
BIO_printf(bio_err,
"LOOKUP from certificate callback during accept\n");
i = SSL_accept(con);
......
include/openssl/ssl.h
浏览文件 @ 49ae7423
......@@ -920,6 +920,59 @@ extern "C" {
# define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0))
# define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
/*
* The valid handshake states (one for each type message sent and one for each
* type of message received). There are also two "special" states:
* TLS = TLS or DTLS state
* DTLS = DTLS specific state
* CR/SR = Client Read/Server Read
* CW/SW = Client Write/Server Write
*
* The "special" states are:
* TLS_ST_BEFORE = No handshake has been initiated yet
* TLS_ST_OK = A handshake has been successfully completed
*/
enum HANDSHAKE_STATE {
TLS_ST_BEFORE,
TLS_ST_OK,
DTLS_ST_CR_HELLO_VERIFY_REQUEST,
TLS_ST_CR_SRVR_HELLO,
TLS_ST_CR_CERT,
TLS_ST_CR_CERT_STATUS,
TLS_ST_CR_KEY_EXCH,
TLS_ST_CR_CERT_REQ,
TLS_ST_CR_SRVR_DONE,
TLS_ST_CR_SESSION_TICKET,
TLS_ST_CR_CHANGE,
TLS_ST_CR_FINISHED,
TLS_ST_CW_CLNT_HELLO,
TLS_ST_CW_CERT,
TLS_ST_CW_KEY_EXCH,
TLS_ST_CW_CERT_VRFY,
TLS_ST_CW_CHANGE,
TLS_ST_CW_NEXT_PROTO,
TLS_ST_CW_FINISHED,
TLS_ST_SW_HELLO_REQ,
TLS_ST_SR_CLNT_HELLO,
DTLS_ST_SW_HELLO_VERIFY_REQUEST,
TLS_ST_SW_SRVR_HELLO,
TLS_ST_SW_CERT,
TLS_ST_SW_KEY_EXCH,
TLS_ST_SW_CERT_REQ,
TLS_ST_SW_SRVR_DONE,
TLS_ST_SR_CERT,
TLS_ST_SR_KEY_EXCH,
TLS_ST_SR_CERT_VRFY,
TLS_ST_SR_NEXT_PROTO,
TLS_ST_SR_CHANGE,
TLS_ST_SR_FINISHED,
TLS_ST_SW_SESSION_TICKET,
TLS_ST_SW_CERT_STATUS,
TLS_ST_SW_CHANGE,
TLS_ST_SW_FINISHED
};
/*
* The following are the possible values for ssl->state are are used to
* indicate where we are up to in the SSL connection establishment. The
......@@ -953,11 +1006,11 @@ extern "C" {
/* Is the SSL_connection established? */
# define SSL_get_state(a) SSL_state(a)
# define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK)
# define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT)
# define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE)
# define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT)
# define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT)
# define SSL_in_connect_init(a) (SSL_in_init(a) && !a->server)
# define SSL_in_accept_init(a) (SSL_in_init(a) && a->server)
int SSL_in_init(SSL *s);
int SSL_in_before(SSL *s);
int SSL_is_init_finished(SSL *s);
/*
* The following 3 states are kept in ssl->rlayer.rstate when reads fail, you
......@@ -1646,8 +1699,8 @@ void SSL_set_info_callback(SSL *ssl,
void (*cb) (const SSL *ssl, int type, int val));
void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type,
int val);
__owur int SSL_state(const SSL *ssl);
void SSL_set_state(SSL *ssl, int state);
__owur enum HANDSHAKE_STATE SSL_state(const SSL *ssl);
void SSL_set_state(SSL *ssl, enum HANDSHAKE_STATE state);
void SSL_set_verify_result(SSL *ssl, long v);
__owur long SSL_get_verify_result(const SSL *ssl);
......
ssl/d1_both.c
浏览文件 @ 49ae7423
......@@ -160,8 +160,6 @@ static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
unsigned short seq_num,
unsigned long frag_off,
unsigned long frag_len);
static long dtls1_get_message_fragment(SSL *s, int st1, int stn, int mt,
int *ok);
static int dtls_get_reassembled_message(SSL *s, long *len);
static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len,
......@@ -438,117 +436,6 @@ int dtls1_do_write(SSL *s, int type)
return (0);
}
/*
* Obtain handshake message of message type 'mt' (any if mt == -1), maximum
* acceptable body length 'max'. Read an entire handshake message. Handshake
* messages arrive in fragments.
*/
long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
{
int i, al;
struct hm_header_st *msg_hdr;
unsigned char *p;
unsigned long msg_len;
/*
* s3->tmp is used to store messages that are unexpected, caused by the
* absence of an optional handshake message
*/
if (s->s3->tmp.reuse_message) {
if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
*ok = 1;
/*
* Messages reused from dtls1_listen also have the record header in
* the buffer which we need to skip over.
*/
if (s->s3->tmp.reuse_message == DTLS1_SKIP_RECORD_HEADER) {
s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH
+ DTLS1_RT_HEADER_LENGTH;
} else {
s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
}
s->init_num = (int)s->s3->tmp.message_size;
s->s3->tmp.reuse_message = 0;
return s->init_num;
}
msg_hdr = &s->d1->r_msg_hdr;
memset(msg_hdr, 0, sizeof(*msg_hdr));
again:
i = dtls1_get_message_fragment(s, st1, stn, mt, ok);
if (i == DTLS1_HM_BAD_FRAGMENT || i == DTLS1_HM_FRAGMENT_RETRY) {
/* bad fragment received */
goto again;
} else if (i <= 0 && !*ok) {
return i;
}
if (mt >= 0 && s->s3->tmp.message_type != mt) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
p = (unsigned char *)s->init_buf->data;
if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
if (s->msg_callback) {
s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
p, 1, s, s->msg_callback_arg);
}
/*
* This isn't a real handshake message so skip the processing below.
* dtls1_get_message_fragment() will never return a CCS if mt == -1,
* so we are ok to continue in that case.
*/
return i;
}
msg_len = msg_hdr->msg_len;
/* reconstruct message header */
*(p++) = msg_hdr->type;
l2n3(msg_len, p);
s2n(msg_hdr->seq, p);
l2n3(0, p);
l2n3(msg_len, p);
if (s->version != DTLS1_BAD_VER) {
p -= DTLS1_HM_HEADER_LENGTH;
msg_len += DTLS1_HM_HEADER_LENGTH;
}
if (msg_len > (unsigned long)max) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
ssl3_finish_mac(s, p, msg_len);
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
p, msg_len, s, s->msg_callback_arg);
memset(msg_hdr, 0, sizeof(*msg_hdr));
s->d1->handshake_read_seq++;
s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
return s->init_num;
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
*ok = 0;
return -1;
}
int dtls_get_message(SSL *s, int *mt, unsigned long *len)
{
struct hm_header_st *msg_hdr;
......@@ -925,30 +812,6 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr,
return i;
}
static long
dtls1_get_message_fragment(SSL *s, int st1, int stn, int mt, int *ok)
{
long len;
do {
*ok = dtls_get_reassembled_message(s, &len);
/* A CCS isn't a real handshake message, so if we get one there is no
* message sequence number to give us confidence that this was really
* intended to be at this point in the handshake sequence. Therefore we
* only allow this if we were explicitly looking for it (i.e. if |mt|
* is -1 we still don't allow it). If we get one when we're not
* expecting it then probably something got re-ordered or this is a
* retransmit. We should drop this and try again.
*/
} while (*ok && mt != SSL3_MT_CHANGE_CIPHER_SPEC
&& s->s3->tmp.message_type == SSL3_MT_CHANGE_CIPHER_SPEC);
if (*ok)
s->state = stn;
return len;
}
static int dtls_get_reassembled_message(SSL *s, long *len)
{
unsigned char wire[DTLS1_HM_HEADER_LENGTH];
......@@ -1103,19 +966,6 @@ static int dtls_get_reassembled_message(SSL *s, long *len)
return 0;
}
int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
{
if (s->state == a) {
if (dtls_construct_change_cipher_spec(s) == 0)
return -1;
}
/* SSL3_ST_CW_CHANGE_B */
return (dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
}
/*-
* for these 2 messages, we need to
* ssl->enc_read_ctx re-init
......
ssl/d1_srvr.c
浏览文件 @ 49ae7423
此差异已折叠。
ssl/record/rec_layer_d1.c
浏览文件 @ 49ae7423
......@@ -283,8 +283,8 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
#ifndef OPENSSL_NO_SCTP
/* Store bio_dgram_sctp_rcvinfo struct */
if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
(s->state == SSL3_ST_SR_FINISHED_A
|| s->state == SSL3_ST_CR_FINISHED_A)) {
(SSL_state(s) == TLS_ST_SR_FINISHED
|| SSL_state(s) == TLS_ST_CR_FINISHED)) {
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO,
sizeof(rdata->recordinfo), &rdata->recordinfo);
}
......@@ -472,7 +472,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* We are not handshaking and have no data yet, so process data buffered
* during the last handshake in advance, if any.
*/
if (s->state == SSL_ST_OK && SSL3_RECORD_get_length(rr) == 0) {
if (SSL_is_init_finished(s) && SSL3_RECORD_get_length(rr) == 0) {
pitem *item;
item = pqueue_pop(s->rlayer.d->buffered_app_data.q);
if (item) {
......@@ -901,9 +901,9 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
goto start;
}
if (((s->state & SSL_ST_MASK) == SSL_ST_OK) &&
if (SSL_is_init_finished(s) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
statem_set_in_init(s, 1);
s->renegotiate = 1;
s->new_session = 1;
}
......@@ -966,14 +966,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
*/
if (s->s3->in_read_app_data &&
(s->s3->total_renegotiations != 0) &&
(((s->state & SSL_ST_CONNECT) &&
(s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
(s->state <= SSL3_ST_CR_SRVR_HELLO_A)
) || ((s->state & SSL_ST_ACCEPT) &&
(s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
(s->state >= SSL3_ST_SR_CLNT_HELLO_A)
)
)) {
statem_app_data_allowed(s)) {
s->s3->in_read_app_data = 2;
return (-1);
} else {
......
ssl/record/rec_layer_s3.c
浏览文件 @ 49ae7423
......@@ -779,7 +779,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
* Some servers hang if iniatial client hello is larger than 256 bytes
* and record version number > TLS 1.0
*/
if (s->state == SSL3_ST_CW_CLNT_HELLO_B
if (SSL_get_state(s) == TLS_ST_CW_CLNT_HELLO
&& !s->renegotiate && TLS1_get_version(s) > TLS1_VERSION)
*(p++) = 0x1;
else
......@@ -1384,9 +1384,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* Unexpected handshake message (Client Hello, or protocol violation)
*/
if ((s->rlayer.handshake_fragment_len >= 4) && !s->in_handshake) {
if (((s->state & SSL_ST_MASK) == SSL_ST_OK) &&
if (SSL_is_init_finished(s) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
statem_set_in_init(s, 1);
s->renegotiate = 1;
s->new_session = 1;
}
......
ssl/s3_both.c
浏览文件 @ 49ae7423
......@@ -156,20 +156,6 @@ int ssl3_do_write(SSL *s, int type)
return (0);
}
int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
{
if (s->state == a) {
if (tls_construct_finished(s, sender, slen) == 0) {
statem_set_error(s);
return -1;
}
s->state = b;
}
/* SSL3_ST_SEND_xxxxxx_HELLO_B */
return ssl_do_write(s);
}
int tls_construct_finished(SSL *s, const char *sender, int slen)
{
unsigned char *p;
......@@ -223,7 +209,7 @@ static void ssl3_take_mac(SSL *s)
*/
if (s->s3->tmp.new_cipher == NULL)
return;
if (s->state & SSL_ST_CONNECT) {
if (!s->server) {
sender = s->method->ssl3_enc->server_finished_label;
slen = s->method->ssl3_enc->server_finished_label_len;
} else {
......@@ -238,24 +224,6 @@ static void ssl3_take_mac(SSL *s)
}
#endif
int ssl3_get_change_cipher_spec(SSL *s, int a, int b)
{
int ok;
long n;
n = s->method->ssl_get_message(s, a, b, SSL3_MT_CHANGE_CIPHER_SPEC, 1, &ok);
if (!ok)
return ((int)n);
if (tls_process_change_cipher_spec(s, n) == 0) {
statem_set_error(s);
return -1;
}
return 1;
}
enum MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, long n)
{
int al;
......@@ -320,28 +288,6 @@ enum MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, long n)
return MSG_PROCESS_ERROR;
}
int ssl3_get_finished(SSL *s, int a, int b)
{
int ok;
long n;
#ifdef OPENSSL_NO_NEXTPROTONEG
/*
* the mac has already been generated when we received the change cipher
* spec message and is in s->s3->tmp.peer_finish_md
*/
#endif
/* 64 argument should actually be 36+4 :-) */
n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED, 64, &ok);
if (!ok)
return ((int)n);
return tls_process_finished(s, (unsigned long)n);
}
enum MSG_PROCESS_RETURN tls_process_finished(SSL *s, unsigned long n)
{
int al, i;
......@@ -390,30 +336,6 @@ enum MSG_PROCESS_RETURN tls_process_finished(SSL *s, unsigned long n)
return MSG_PROCESS_ERROR;
}
/*-
* for these 2 messages, we need to
* ssl->enc_read_ctx re-init
* ssl->rlayer.read_sequence zero
* ssl->s3->read_mac_secret re-init
* ssl->session->read_sym_enc assign
* ssl->session->read_compression assign
* ssl->session->read_hash assign
*/
int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
{
if (s->state == a) {
if(tls_construct_change_cipher_spec(s) == 0) {
statem_set_error(s);
return 0;
}
s->state = b;
}
/* SSL3_ST_CW_CHANGE_B */
return (ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
}
int tls_construct_change_cipher_spec(SSL *s)
{
unsigned char *p;
......@@ -516,87 +438,6 @@ enum WORK_STATE tls_finish_handshake(SSL *s, enum WORK_STATE wst)
return WORK_FINISHED_STOP;
}
/*
* Obtain handshake message of message type 'mt' (any if mt == -1), maximum
* acceptable body length 'max'. The first four bytes (msg_type and length)
* are read in state 'st1', the body is read in state 'stn'.
*/
long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
{
unsigned char *p;
long n;
int al, mtin;
if (s->s3->tmp.reuse_message) {
s->s3->tmp.reuse_message = 0;
if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
*ok = 1;
s->state = stn;
s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH;
s->init_num = (int)s->s3->tmp.message_size;
return s->init_num;
}
p = (unsigned char *)s->init_buf->data;
if (s->state == st1) {
if (tls_get_message_header(s, &mtin) == 0) {
/* Could be NBIO */
*ok = 0;
return -1;
}
s->state = stn;
if (s->init_num == 0
&& mtin == SSL3_MT_CHANGE_CIPHER_SPEC
&& (mt < 0 || mt == SSL3_MT_CHANGE_CIPHER_SPEC)) {
if (*p != SSL3_MT_CCS) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_GET_MESSAGE,
SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
s->init_msg = p + 1;
s->s3->tmp.message_type = SSL3_MT_CHANGE_CIPHER_SPEC;
s->s3->tmp.message_size = s->init_num;
*ok = 1;
if (s->msg_callback)
s->msg_callback(0, s->version,
SSL3_RT_CHANGE_CIPHER_SPEC, p, 1, s,
s->msg_callback_arg);
return s->init_num;
}
if (s->s3->tmp.message_size > (unsigned long)max) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
if ((mt >= 0) && (mtin != mt)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
}
/* next state (stn) */
if (tls_get_message_body(s, (unsigned long *)&n) == 0) {
*ok = 0;
return n;
}
*ok = 1;
return n;
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
statem_set_error(s);
*ok = 0;
return 0;
}
int tls_get_message_header(SSL *s, int *mt)
{
/* s->init_num < SSL3_HM_HEADER_LENGTH */
......
ssl/s3_lib.c
浏览文件 @ 49ae7423
......@@ -5014,7 +5014,7 @@ int ssl3_shutdown(SSL *s)
* Don't do anything much if we have not done the handshake or we don't
* want to send messages :-)
*/
if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) {
if ((s->quiet_shutdown) || (SSL_in_before(s))) {
s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
return (1);
}
......@@ -5128,10 +5128,9 @@ int ssl3_renegotiate_check(SSL *s)
&& !SSL_in_init(s)) {
/*
* if we are the server, and we have sent a 'RENEGOTIATE'
* message, we need to go to SSL_ST_ACCEPT.
* message, we need to set the state machine into the renegotiate
* state.
*/
/* SSL_ST_ACCEPT */
s->state = SSL_ST_RENEGOTIATE;
statem_set_renegotiate(s);
s->s3->renegotiate = 0;
s->s3->num_renegotiations++;
......
ssl/s3_msg.c
浏览文件 @ 49ae7423
......@@ -118,7 +118,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
const char *sender;
int slen;
if (s->state & SSL_ST_ACCEPT)
if (s->server)
i = SSL3_CHANGE_CIPHER_SERVER_READ;
else
i = SSL3_CHANGE_CIPHER_CLIENT_READ;
......@@ -143,7 +143,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
* we have to record the message digest at this point so we can get it
* before we read the finished message
*/
if (s->state & SSL_ST_CONNECT) {
if (!s->server) {
sender = s->method->ssl3_enc->server_finished_label;
slen = s->method->ssl3_enc->server_finished_label_len;
} else {
......
ssl/s3_srvr.c
浏览文件 @ 49ae7423
此差异已折叠。
ssl/ssl_lib.c
浏览文件 @ 49ae7423
......@@ -217,7 +217,6 @@ int SSL_clear(SSL *s)
s->type = 0;
s->state = SSL_ST_BEFORE | ((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
statem_clear(s);
s->version = s->method->version;
......@@ -2399,7 +2398,7 @@ void SSL_set_accept_state(SSL *s)
{
s->server = 1;
s->shutdown = 0;
s->state = SSL_ST_ACCEPT | SSL_ST_BEFORE;
statem_clear(s);
s->handshake_func = s->method->ssl_accept;
clear_ciphers(s);
}
......@@ -2408,7 +2407,7 @@ void SSL_set_connect_state(SSL *s)
{
s->server = 0;
s->shutdown = 0;
s->state = SSL_ST_CONNECT | SSL_ST_BEFORE;
statem_clear(s);
s->handshake_func = s->method->ssl_connect;
clear_ciphers(s);
}
......@@ -2538,8 +2537,8 @@ SSL *SSL_dup(SSL *s)
ret->new_session = s->new_session;
ret->quiet_shutdown = s->quiet_shutdown;
ret->shutdown = s->shutdown;
ret->state = s->state; /* SSL_dup does not really work at any state,
* though */
ret->statem = s->statem; /* SSL_dup does not really work at any state,
* though */
RECORD_LAYER_dup(&ret->rlayer, &s->rlayer);
ret->init_num = 0; /* would have to copy ret->init_buf,
* ret->init_msg, ret->init_num,
......@@ -2841,16 +2840,6 @@ void (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ ,
return ssl->info_callback;
}
int SSL_state(const SSL *ssl)
{
return (ssl->state);
}
void SSL_set_state(SSL *ssl, int state)
{
ssl->state = state;
}
void SSL_set_verify_result(SSL *ssl, long arg)
{
ssl->verify_result = arg;
......
ssl/ssl_locl.h
浏览文件 @ 49ae7423
......@@ -717,58 +717,6 @@ struct ssl_comp_st {
DECLARE_STACK_OF(SSL_COMP)
DECLARE_LHASH_OF(SSL_SESSION);
/*
* The valid handshake states (one for each type message sent and one for each
* type of message received). There are also two "special" states:
* TLS = TLS or DTLS state
* DTLS = DTLS specific state
* CR/SR = Client Read/Server Read
* CW/SW = Client Write/Server Write
*
* The "special" states are:
* TLS_ST_BEFORE = No handshake has been initiated yet
* TLS_ST_OK = A handshake has been successfully completed
*/
enum HANDSHAKE_STATE {
TLS_ST_BEFORE,
TLS_ST_OK,
DTLS_ST_CR_HELLO_VERIFY_REQUEST,
TLS_ST_CR_SRVR_HELLO,
TLS_ST_CR_CERT,
TLS_ST_CR_CERT_STATUS,
TLS_ST_CR_KEY_EXCH,
TLS_ST_CR_CERT_REQ,
TLS_ST_CR_SRVR_DONE,
TLS_ST_CR_SESSION_TICKET,
TLS_ST_CR_CHANGE,
TLS_ST_CR_FINISHED,
TLS_ST_CW_CLNT_HELLO,
TLS_ST_CW_CERT,
TLS_ST_CW_KEY_EXCH,
TLS_ST_CW_CERT_VRFY,
TLS_ST_CW_CHANGE,
TLS_ST_CW_NEXT_PROTO,
TLS_ST_CW_FINISHED,
TLS_ST_SW_HELLO_REQ,
TLS_ST_SR_CLNT_HELLO,
DTLS_ST_SW_HELLO_VERIFY_REQUEST,
TLS_ST_SW_SRVR_HELLO,
TLS_ST_SW_CERT,
TLS_ST_SW_KEY_EXCH,
TLS_ST_SW_CERT_REQ,
TLS_ST_SW_SRVR_DONE,
TLS_ST_SR_CERT,
TLS_ST_SR_KEY_EXCH,
TLS_ST_SR_CERT_VRFY,
TLS_ST_SR_NEXT_PROTO,
TLS_ST_SR_CHANGE,
TLS_ST_SR_FINISHED,
TLS_ST_SW_SESSION_TICKET,
TLS_ST_SW_CERT_STATUS,
TLS_ST_SW_CHANGE,
TLS_ST_SW_FINISHED
};
/*
* Valid return codes used for functions performing work prior to or after
* sending or receiving a message
......@@ -842,6 +790,7 @@ struct statem_st {
enum READ_STATE read_state;
enum WORK_STATE read_state_work;
enum HANDSHAKE_STATE hand_state;
int in_init;
int read_state_first_init;
int use_timer;
#ifndef OPENSSL_NO_SCTP
......@@ -1398,7 +1347,6 @@ typedef struct ssl3_state_st {
# endif
/* used when SSL_ST_FLUSH_DATA is entered */
int next_state;
int reuse_message;
/* used for certificate requests */
int cert_req;
int ctype_num;
......@@ -1885,7 +1833,7 @@ const SSL_METHOD *func_name(void) \
ssl3_shutdown, \
ssl3_renegotiate, \
ssl3_renegotiate_check, \
ssl3_get_message, \
NULL /*TODO: Fix this */, \
ssl3_read_bytes, \
ssl3_write_bytes, \
ssl3_dispatch_alert, \
......@@ -1922,7 +1870,7 @@ const SSL_METHOD *func_name(void) \
ssl3_shutdown, \
ssl3_renegotiate, \
ssl3_renegotiate_check, \
ssl3_get_message, \
NULL /*TODO: Fix this */, \
ssl3_read_bytes, \
ssl3_write_bytes, \
ssl3_dispatch_alert, \
......@@ -1960,7 +1908,7 @@ const SSL_METHOD *func_name(void) \
dtls1_shutdown, \
ssl3_renegotiate, \
ssl3_renegotiate_check, \
dtls1_get_message, \
NULL /*TODO: fix this */, \
dtls1_read_bytes, \
dtls1_write_app_data_bytes, \
dtls1_dispatch_alert, \
......@@ -2054,18 +2002,12 @@ __owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
__owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
__owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
void ssl3_init_finished_mac(SSL *s);
__owur int ssl3_send_server_certificate(SSL *s);
__owur int tls_construct_server_certificate(SSL *s);
__owur int ssl3_send_newsession_ticket(SSL *s);
__owur int tls_construct_new_session_ticket(SSL *s);
__owur int ssl3_send_cert_status(SSL *s);
__owur int ssl3_get_change_cipher_spec(SSL *s, int a, int b);
__owur int ssl3_get_finished(SSL *s, int state_a, int state_b);
__owur int tls_construct_cert_status(SSL *s);
__owur enum MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, long n);
__owur enum MSG_PROCESS_RETURN tls_process_finished(SSL *s, unsigned long n);
__owur int ssl3_setup_key_block(SSL *s);
__owur int ssl3_send_change_cipher_spec(SSL *s, int state_a, int state_b);
__owur int tls_construct_change_cipher_spec(SSL *s);
__owur int dtls_construct_change_cipher_spec(SSL *s);
__owur int ssl3_change_cipher_state(SSL *s, int which);
......@@ -2078,7 +2020,6 @@ __owur int ssl3_get_req_cert_type(SSL *s, unsigned char *p);
__owur long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
__owur int tls_get_message_header(SSL *s, int *mt);
__owur int tls_get_message_body(SSL *s, unsigned long *len);
__owur int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen);
__owur int tls_construct_finished(SSL *s, const char *sender, int slen);
__owur enum WORK_STATE tls_finish_handshake(SSL *s, enum WORK_STATE wst);
__owur enum WORK_STATE dtls_wait_for_dry(SSL *s);
......@@ -2103,6 +2044,8 @@ __owur int ssl3_connect(SSL *s);
void statem_clear(SSL *s);
void statem_set_renegotiate(SSL *s);
void statem_set_error(SSL *s);
int statem_in_error(const SSL *s);
void statem_set_in_init(SSL *s, int init);
__owur int statem_app_data_allowed(SSL *s);
#ifndef OPENSSL_NO_SCTP
void statem_set_sctp_read_sock(SSL *s, int read_sock);
......@@ -2136,7 +2079,6 @@ void dtls1_set_message_header(SSL *s,
__owur int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
__owur int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
__owur int dtls1_read_failed(SSL *s, int code);
__owur int dtls1_buffer_message(SSL *s, int ccs);
__owur int dtls1_retransmit_message(SSL *s, unsigned short seq,
......@@ -2192,31 +2134,21 @@ __owur enum MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s,
unsigned long n);
/* some server-only functions */
__owur int ssl3_get_client_hello(SSL *s);
__owur int ssl3_send_server_hello(SSL *s);
__owur enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, long n);
__owur enum WORK_STATE tls_post_process_client_hello(SSL *s,
enum WORK_STATE wst);
__owur int tls_construct_server_hello(SSL *s);
__owur int ssl3_send_hello_request(SSL *s);
__owur int tls_construct_hello_request(SSL *s);
__owur int ssl3_send_server_key_exchange(SSL *s);
__owur int dtls_construct_hello_verify_request(SSL *s);
__owur int tls_construct_server_key_exchange(SSL *s);
__owur int ssl3_send_certificate_request(SSL *s);
__owur int tls_construct_certificate_request(SSL *s);
__owur int ssl3_send_server_done(SSL *s);
__owur int tls_construct_server_done(SSL *s);
__owur int ssl3_get_client_certificate(SSL *s);
__owur int ssl3_get_client_key_exchange(SSL *s);
__owur int ssl3_get_cert_verify(SSL *s);
__owur enum MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, long n);
__owur enum MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, long n);
__owur enum WORK_STATE tls_post_process_client_key_exchange(SSL *s,
enum WORK_STATE wst);
__owur enum MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, long n);
# ifndef OPENSSL_NO_NEXTPROTONEG
__owur int ssl3_get_next_proto(SSL *s);
__owur enum MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, long n);
# endif
......@@ -2234,7 +2166,6 @@ void dtls1_clear(SSL *s);
long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);
__owur int dtls1_shutdown(SSL *s);
__owur long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
__owur int dtls_get_message(SSL *s, int *mt, unsigned long *len);
__owur int dtls1_dispatch_alert(SSL *s);
......
ssl/ssl_stat.c
浏览文件 @ 49ae7423
......@@ -89,231 +89,107 @@ const char *SSL_state_string_long(const SSL *s)
{
const char *str;
switch (s->state) {
case SSL_ST_BEFORE:
if (statem_in_error(s)) {
return "error";
}
switch (SSL_state(s)) {
case TLS_ST_BEFORE:
str = "before SSL initialization";
break;
case SSL_ST_ACCEPT:
str = "before accept initialization";
break;
case SSL_ST_CONNECT:
str = "before connect initialization";
break;
case SSL_ST_OK:
case TLS_ST_OK:
str = "SSL negotiation finished successfully";
break;
case SSL_ST_RENEGOTIATE:
str = "SSL renegotiate ciphers";
break;
case SSL_ST_BEFORE | SSL_ST_CONNECT:
str = "before/connect initialization";
break;
case SSL_ST_OK | SSL_ST_CONNECT:
str = "ok/connect SSL initialization";
break;
case SSL_ST_BEFORE | SSL_ST_ACCEPT:
str = "before/accept initialization";
break;
case SSL_ST_OK | SSL_ST_ACCEPT:
str = "ok/accept SSL initialization";
break;
case SSL_ST_ERR:
str = "error";
break;
#ifndef OPENSSL_NO_SSL3
/* SSLv3 additions */
case SSL3_ST_CW_CLNT_HELLO_A:
str = "SSLv3 write client hello A";
break;
case SSL3_ST_CW_CLNT_HELLO_B:
str = "SSLv3 write client hello B";
break;
case SSL3_ST_CR_SRVR_HELLO_A:
str = "SSLv3 read server hello A";
break;
case SSL3_ST_CR_SRVR_HELLO_B:
str = "SSLv3 read server hello B";
break;
case SSL3_ST_CR_CERT_A:
str = "SSLv3 read server certificate A";
break;
case SSL3_ST_CR_CERT_B:
str = "SSLv3 read server certificate B";
break;
case SSL3_ST_CR_KEY_EXCH_A:
str = "SSLv3 read server key exchange A";
break;
case SSL3_ST_CR_KEY_EXCH_B:
str = "SSLv3 read server key exchange B";
break;
case SSL3_ST_CR_CERT_REQ_A:
str = "SSLv3 read server certificate request A";
break;
case SSL3_ST_CR_CERT_REQ_B:
str = "SSLv3 read server certificate request B";
break;
case SSL3_ST_CR_SESSION_TICKET_A:
str = "SSLv3 read server session ticket A";
case TLS_ST_CW_CLNT_HELLO:
str = "SSLv3/TLS write client hello";
break;
case SSL3_ST_CR_SESSION_TICKET_B:
str = "SSLv3 read server session ticket B";
case TLS_ST_CR_SRVR_HELLO:
str = "SSLv3/TLS read server hello";
break;
case SSL3_ST_CR_SRVR_DONE_A:
str = "SSLv3 read server done A";
case TLS_ST_CR_CERT:
str = "SSLv3/TLS read server certificate";
break;
case SSL3_ST_CR_SRVR_DONE_B:
str = "SSLv3 read server done B";
case TLS_ST_CR_KEY_EXCH:
str = "SSLv3/TLS read server key exchange";
break;
case SSL3_ST_CW_CERT_A:
str = "SSLv3 write client certificate A";
case TLS_ST_CR_CERT_REQ:
str = "SSLv3/TLS read server certificate request";
break;
case SSL3_ST_CW_CERT_B:
str = "SSLv3 write client certificate B";
case TLS_ST_CR_SESSION_TICKET:
str = "SSLv3/TLS read server session ticket";
break;
case SSL3_ST_CW_CERT_C:
str = "SSLv3 write client certificate C";
case TLS_ST_CR_SRVR_DONE:
str = "SSLv3/TLS read server done";
break;
case SSL3_ST_CW_CERT_D:
str = "SSLv3 write client certificate D";
case TLS_ST_CW_CERT:
str = "SSLv3/TLS write client certificate";
break;
case SSL3_ST_CW_KEY_EXCH_A:
str = "SSLv3 write client key exchange A";
case TLS_ST_CW_KEY_EXCH:
str = "SSLv3/TLS write client key exchange";
break;
case SSL3_ST_CW_KEY_EXCH_B:
str = "SSLv3 write client key exchange B";
break;
case SSL3_ST_CW_CERT_VRFY_A:
str = "SSLv3 write certificate verify A";
break;
case SSL3_ST_CW_CERT_VRFY_B:
str = "SSLv3 write certificate verify B";
case TLS_ST_CW_CERT_VRFY:
str = "SSLv3/TLS write certificate verify";
break;
case SSL3_ST_CW_CHANGE_A:
case SSL3_ST_SW_CHANGE_A:
str = "SSLv3 write change cipher spec A";
break;
case SSL3_ST_CW_CHANGE_B:
case SSL3_ST_SW_CHANGE_B:
str = "SSLv3 write change cipher spec B";
break;
case SSL3_ST_CW_FINISHED_A:
case SSL3_ST_SW_FINISHED_A:
str = "SSLv3 write finished A";
break;
case SSL3_ST_CW_FINISHED_B:
case SSL3_ST_SW_FINISHED_B:
str = "SSLv3 write finished B";
case TLS_ST_CW_CHANGE:
case TLS_ST_SW_CHANGE:
str = "SSLv3/TLS write change cipher spec";
break;
case SSL3_ST_CR_CHANGE_A:
case SSL3_ST_SR_CHANGE_A:
str = "SSLv3 read change cipher spec A";
case TLS_ST_CW_FINISHED:
case TLS_ST_SW_FINISHED:
str = "SSLv3/TLS write finished";
break;
case SSL3_ST_CR_CHANGE_B:
case SSL3_ST_SR_CHANGE_B:
str = "SSLv3 read change cipher spec B";
case TLS_ST_CR_CHANGE:
case TLS_ST_SR_CHANGE:
str = "SSLv3/TLS read change cipher spec";
break;
case SSL3_ST_CR_FINISHED_A:
case SSL3_ST_SR_FINISHED_A:
str = "SSLv3 read finished A";
break;
case SSL3_ST_CR_FINISHED_B:
case SSL3_ST_SR_FINISHED_B:
str = "SSLv3 read finished B";
break;
case SSL3_ST_CW_FLUSH:
case SSL3_ST_SW_FLUSH:
str = "SSLv3 flush data";
case TLS_ST_CR_FINISHED:
case TLS_ST_SR_FINISHED:
str = "SSLv3/TLS read finished";
break;
case SSL3_ST_SR_CLNT_HELLO_A:
str = "SSLv3 read client hello A";
break;
case SSL3_ST_SR_CLNT_HELLO_B:
str = "SSLv3 read client hello B";
break;
case SSL3_ST_SR_CLNT_HELLO_C:
str = "SSLv3 read client hello C";
break;
case SSL3_ST_SW_HELLO_REQ_A:
str = "SSLv3 write hello request A";
break;
case SSL3_ST_SW_HELLO_REQ_B:
str = "SSLv3 write hello request B";
break;
case SSL3_ST_SW_HELLO_REQ_C:
str = "SSLv3 write hello request C";
break;
case SSL3_ST_SW_SRVR_HELLO_A:
str = "SSLv3 write server hello A";
break;
case SSL3_ST_SW_SRVR_HELLO_B:
str = "SSLv3 write server hello B";
break;
case SSL3_ST_SW_CERT_A:
str = "SSLv3 write certificate A";
break;
case SSL3_ST_SW_CERT_B:
str = "SSLv3 write certificate B";
break;
case SSL3_ST_SW_KEY_EXCH_A:
str = "SSLv3 write key exchange A";
break;
case SSL3_ST_SW_KEY_EXCH_B:
str = "SSLv3 write key exchange B";
break;
case SSL3_ST_SW_CERT_REQ_A:
str = "SSLv3 write certificate request A";
case TLS_ST_SR_CLNT_HELLO:
str = "SSLv3/TLS read client hello";
break;
case SSL3_ST_SW_CERT_REQ_B:
str = "SSLv3 write certificate request B";
case TLS_ST_SW_HELLO_REQ:
str = "SSLv3/TLS write hello request";
break;
case SSL3_ST_SW_SESSION_TICKET_A:
str = "SSLv3 write session ticket A";
case TLS_ST_SW_SRVR_HELLO:
str = "SSLv3/TLS write server hello";
break;
case SSL3_ST_SW_SESSION_TICKET_B:
str = "SSLv3 write session ticket B";
case TLS_ST_SW_CERT:
str = "SSLv3/TLS write certificate";
break;
case SSL3_ST_SW_SRVR_DONE_A:
str = "SSLv3 write server done A";
case TLS_ST_SW_KEY_EXCH:
str = "SSLv3/TLS write key exchange";
break;
case SSL3_ST_SW_SRVR_DONE_B:
str = "SSLv3 write server done B";
case TLS_ST_SW_CERT_REQ:
str = "SSLv3/TLS write certificate request";
break;
case SSL3_ST_SR_CERT_A:
str = "SSLv3 read client certificate A";
case TLS_ST_SW_SESSION_TICKET:
str = "SSLv3/TLS write session ticket";
break;
case SSL3_ST_SR_CERT_B:
str = "SSLv3 read client certificate B";
case TLS_ST_SW_SRVR_DONE:
str = "SSLv3/TLS write server done";
break;
case SSL3_ST_SR_KEY_EXCH_A:
str = "SSLv3 read client key exchange A";
case TLS_ST_SR_CERT:
str = "SSLv3/TLS read client certificate";
break;
case SSL3_ST_SR_KEY_EXCH_B:
str = "SSLv3 read client key exchange B";
case TLS_ST_SR_KEY_EXCH:
str = "SSLv3/TLS read client key exchange";
break;
case SSL3_ST_SR_CERT_VRFY_A:
str = "SSLv3 read certificate verify A";
case TLS_ST_SR_CERT_VRFY:
str = "SSLv3/TLS read certificate verify";
break;
case SSL3_ST_SR_CERT_VRFY_B:
str = "SSLv3 read certificate verify B";
break;
#endif
/* DTLS */
case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
str = "DTLS1 read hello verify request A";
break;
case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
str = "DTLS1 read hello verify request B";
break;
case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
str = "DTLS1 write hello verify request A";
case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
str = "DTLS1 read hello verify request";
break;
case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
str = "DTLS1 write hello verify request B";
case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
str = "DTLS1 write hello verify request";
break;
default:
......@@ -328,203 +204,100 @@ const char *SSL_state_string(const SSL *s)
{
const char *str;
switch (s->state) {
case SSL_ST_BEFORE:
if (statem_in_error(s)) {
return "SSLERR";
}
switch (SSL_state(s)) {
case TLS_ST_BEFORE:
str = "PINIT ";
break;
case SSL_ST_ACCEPT:
str = "AINIT ";
break;
case SSL_ST_CONNECT:
str = "CINIT ";
break;
case SSL_ST_OK:
case TLS_ST_OK:
str = "SSLOK ";
break;
case SSL_ST_ERR:
str = "SSLERR";
break;
#ifndef OPENSSL_NO_SSL3
/* SSLv3 additions */
case SSL3_ST_SW_FLUSH:
case SSL3_ST_CW_FLUSH:
str = "3FLUSH";
break;
case SSL3_ST_CW_CLNT_HELLO_A:
str = "3WCH_A";
break;
case SSL3_ST_CW_CLNT_HELLO_B:
str = "3WCH_B";
break;
case SSL3_ST_CR_SRVR_HELLO_A:
str = "3RSH_A";
break;
case SSL3_ST_CR_SRVR_HELLO_B:
str = "3RSH_B";
break;
case SSL3_ST_CR_CERT_A:
str = "3RSC_A";
break;
case SSL3_ST_CR_CERT_B:
str = "3RSC_B";
break;
case SSL3_ST_CR_KEY_EXCH_A:
str = "3RSKEA";
break;
case SSL3_ST_CR_KEY_EXCH_B:
str = "3RSKEB";
break;
case SSL3_ST_CR_CERT_REQ_A:
str = "3RCR_A";
break;
case SSL3_ST_CR_CERT_REQ_B:
str = "3RCR_B";
break;
case SSL3_ST_CR_SRVR_DONE_A:
str = "3RSD_A";
case TLS_ST_CW_CLNT_HELLO:
str = "3WCH";
break;
case SSL3_ST_CR_SRVR_DONE_B:
str = "3RSD_B";
case TLS_ST_CR_SRVR_HELLO:
str = "3RSH";
break;
case SSL3_ST_CW_CERT_A:
str = "3WCC_A";
case TLS_ST_CR_CERT:
str = "3RSC";
break;
case SSL3_ST_CW_CERT_B:
str = "3WCC_B";
case TLS_ST_CR_KEY_EXCH:
str = "3RSKE";
break;
case SSL3_ST_CW_CERT_C:
str = "3WCC_C";
case TLS_ST_CR_CERT_REQ:
str = "3RCR";
break;
case SSL3_ST_CW_CERT_D:
str = "3WCC_D";
case TLS_ST_CR_SRVR_DONE:
str = "3RSD";
break;
case SSL3_ST_CW_KEY_EXCH_A:
str = "3WCKEA";
case TLS_ST_CW_CERT:
str = "3WCC";
break;
case SSL3_ST_CW_KEY_EXCH_B:
str = "3WCKEB";
case TLS_ST_CW_KEY_EXCH:
str = "3WCKE";
break;
case SSL3_ST_CW_CERT_VRFY_A:
str = "3WCV_A";
break;
case SSL3_ST_CW_CERT_VRFY_B:
str = "3WCV_B";
case TLS_ST_CW_CERT_VRFY:
str = "3WCV";
break;
case SSL3_ST_SW_CHANGE_A:
case SSL3_ST_CW_CHANGE_A:
str = "3WCCSA";
break;
case SSL3_ST_SW_CHANGE_B:
case SSL3_ST_CW_CHANGE_B:
str = "3WCCSB";
break;
case SSL3_ST_SW_FINISHED_A:
case SSL3_ST_CW_FINISHED_A:
str = "3WFINA";
break;
case SSL3_ST_SW_FINISHED_B:
case SSL3_ST_CW_FINISHED_B:
str = "3WFINB";
break;
case SSL3_ST_SR_CHANGE_A:
case SSL3_ST_CR_CHANGE_A:
str = "3RCCSA";
case TLS_ST_SW_CHANGE:
case TLS_ST_CW_CHANGE:
str = "3WCCS";
break;
case SSL3_ST_SR_CHANGE_B:
case SSL3_ST_CR_CHANGE_B:
str = "3RCCSB";
case TLS_ST_SW_FINISHED:
case TLS_ST_CW_FINISHED:
str = "3WFIN";
break;
case SSL3_ST_SR_FINISHED_A:
case SSL3_ST_CR_FINISHED_A:
str = "3RFINA";
case TLS_ST_SR_CHANGE:
case TLS_ST_CR_CHANGE:
str = "3RCCS";
break;
case SSL3_ST_SR_FINISHED_B:
case SSL3_ST_CR_FINISHED_B:
str = "3RFINB";
case TLS_ST_SR_FINISHED:
case TLS_ST_CR_FINISHED:
str = "3RFIN";
break;
case SSL3_ST_SW_HELLO_REQ_A:
str = "3WHR_A";
break;
case SSL3_ST_SW_HELLO_REQ_B:
str = "3WHR_B";
break;
case SSL3_ST_SW_HELLO_REQ_C:
str = "3WHR_C";
break;
case SSL3_ST_SR_CLNT_HELLO_A:
str = "3RCH_A";
break;
case SSL3_ST_SR_CLNT_HELLO_B:
str = "3RCH_B";
break;
case SSL3_ST_SR_CLNT_HELLO_C:
str = "3RCH_C";
case TLS_ST_SW_HELLO_REQ:
str = "3WHR";
break;
case SSL3_ST_SW_SRVR_HELLO_A:
str = "3WSH_A";
case TLS_ST_SR_CLNT_HELLO:
str = "3RCH";
break;
case SSL3_ST_SW_SRVR_HELLO_B:
str = "3WSH_B";
case TLS_ST_SW_SRVR_HELLO:
str = "3WSH";
break;
case SSL3_ST_SW_CERT_A:
str = "3WSC_A";
case TLS_ST_SW_CERT:
str = "3WSC";
break;
case SSL3_ST_SW_CERT_B:
str = "3WSC_B";
case TLS_ST_SW_KEY_EXCH:
str = "3WSKE";
break;
case SSL3_ST_SW_KEY_EXCH_A:
str = "3WSKEA";
case TLS_ST_SW_CERT_REQ:
str = "3WCR";
break;
case SSL3_ST_SW_KEY_EXCH_B:
str = "3WSKEB";
case TLS_ST_SW_SRVR_DONE:
str = "3WSD";
break;
case SSL3_ST_SW_CERT_REQ_A:
str = "3WCR_A";
case TLS_ST_SR_CERT:
str = "3RCC";
break;
case SSL3_ST_SW_CERT_REQ_B:
str = "3WCR_B";
case TLS_ST_SR_KEY_EXCH:
str = "3RCKE";
break;
case SSL3_ST_SW_SRVR_DONE_A:
str = "3WSD_A";
case TLS_ST_SR_CERT_VRFY:
str = "3RCV";
break;
case SSL3_ST_SW_SRVR_DONE_B:
str = "3WSD_B";
break;
case SSL3_ST_SR_CERT_A:
str = "3RCC_A";
break;
case SSL3_ST_SR_CERT_B:
str = "3RCC_B";
break;
case SSL3_ST_SR_KEY_EXCH_A:
str = "3RCKEA";
break;
case SSL3_ST_SR_KEY_EXCH_B:
str = "3RCKEB";
break;
case SSL3_ST_SR_CERT_VRFY_A:
str = "3RCV_A";
break;
case SSL3_ST_SR_CERT_VRFY_B:
str = "3RCV_B";
break;
#endif
/* DTLS */
case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
str = "DRCHVA";
break;
case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
str = "DRCHVB";
break;
case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
str = "DWCHVA";
case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
str = "DRCHV";
break;
case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
str = "DWCHVB";
case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
str = "DWCHV";
break;
default:
......
ssl/statem.c
浏览文件 @ 49ae7423
......@@ -130,12 +130,52 @@ static unsigned long server_max_message_size(SSL *s);
static enum MSG_PROCESS_RETURN server_process_message(SSL *s, unsigned long len);
static enum WORK_STATE server_post_process_message(SSL *s, enum WORK_STATE wst);
enum HANDSHAKE_STATE SSL_state(const SSL *ssl)
{
return ssl->statem.hand_state;
}
void SSL_set_state(SSL *ssl, enum HANDSHAKE_STATE state)
{
/*
* This function seems like a really bad idea. Should we remove it
* completely?
*/
ssl->statem.hand_state = state;
}
int SSL_in_init(SSL *s)
{
return s->statem.in_init;
}
int SSL_is_init_finished(SSL *s)
{
return !(s->statem.in_init) && (s->statem.hand_state == TLS_ST_OK);
}
int SSL_in_before(SSL *s)
{
/*
* Historically being "in before" meant before anything had happened. In the
* current code though we remain in the "before" state for a while after we
* have started the handshake process (e.g. as a server waiting for the
* first message to arrive). There "in before" is taken to mean "in before"
* and not started any handshake process yet.
*/
return (s->statem.hand_state == TLS_ST_BEFORE)
&& (s->statem.state == MSG_FLOW_UNINITED);
}
/*
* Clear the state machine state and reset back to MSG_FLOW_UNINITED
*/
void statem_clear(SSL *s)
{
s->statem.state = MSG_FLOW_UNINITED;
s->statem.hand_state = TLS_ST_BEFORE;
s->statem.in_init = 1;
}
/*
......@@ -153,8 +193,26 @@ void statem_set_renegotiate(SSL *s)
void statem_set_error(SSL *s)
{
s->statem.state = MSG_FLOW_ERROR;
/* TODO: This is temporary - remove me */
s->state = SSL_ST_ERR;
}
/*
* Discover whether the current connection is in the error state.
*
* Valid return values are:
* 1: Yes
* 0: No
*/
int statem_in_error(const SSL *s)
{
if (s->statem.state == MSG_FLOW_ERROR)
return 1;
return 0;
}
void statem_set_in_init(SSL *s, int init)
{
s->statem.in_init = init;
}
int ssl3_connect(SSL *s) {
......@@ -266,12 +324,6 @@ static int state_machine(SSL *s, int server) {
}
if (st->state == MSG_FLOW_UNINITED || st->state == MSG_FLOW_RENEGOTIATE) {
/* TODO: Temporary - fix this */
if (server)
s->state = SSL_ST_ACCEPT;
else
s->state = SSL_ST_CONNECT;
if (st->state == MSG_FLOW_UNINITED) {
st->hand_state = TLS_ST_BEFORE;
}
......@@ -1123,8 +1175,7 @@ static enum WRITE_TRAN client_write_transition(SSL *s)
case TLS_ST_CW_FINISHED:
if (s->hit) {
st->hand_state = TLS_ST_OK;
/* TODO: This needs removing */
s->state = SSL_ST_OK;
statem_set_in_init(s, 0);
return WRITE_TRAN_CONTINUE;
} else {
return WRITE_TRAN_FINISHED;
......@@ -1136,8 +1187,7 @@ static enum WRITE_TRAN client_write_transition(SSL *s)
return WRITE_TRAN_CONTINUE;
} else {
st->hand_state = TLS_ST_OK;
/* TODO: This needs removing */
s->state = SSL_ST_OK;
statem_set_in_init(s, 0);
return WRITE_TRAN_CONTINUE;
}
......@@ -1727,8 +1777,7 @@ static enum WRITE_TRAN server_write_transition(SSL *s)
case TLS_ST_SW_HELLO_REQ:
st->hand_state = TLS_ST_OK;
/* TODO: This needs removing */
s->state = SSL_ST_OK;
statem_set_in_init(s, 0);
return WRITE_TRAN_CONTINUE;
case TLS_ST_SR_CLNT_HELLO:
......@@ -1795,8 +1844,7 @@ static enum WRITE_TRAN server_write_transition(SSL *s)
case TLS_ST_SR_FINISHED:
if (s->hit) {
st->hand_state = TLS_ST_OK;
/* TODO: This needs removing */
s->state = SSL_ST_OK;
statem_set_in_init(s, 0);
return WRITE_TRAN_CONTINUE;
} else if (s->tlsext_ticket_expected) {
st->hand_state = TLS_ST_SW_SESSION_TICKET;
......@@ -1818,8 +1866,7 @@ static enum WRITE_TRAN server_write_transition(SSL *s)
return WRITE_TRAN_FINISHED;
}
st->hand_state = TLS_ST_OK;
/* TODO: This needs removing */
s->state = SSL_ST_OK;
statem_set_in_init(s, 0);
return WRITE_TRAN_CONTINUE;
default:
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册