Remove state parameters to ssl3_get_message.
They're completely unused now. The handshake message reassembly logic should
not depend on the state machine. This should partially free it up (ugly as it
is) to be shared with a future TLS 1.3 implementation while, in parallel, it
and the layers below, get reworked. This also cuts down on the number of states
significantly.
Partially because I expect we'd want to get ssl_hash_message_t out of there
too. Having it in common code is fine, but it needs to be in the (supposed to
be) protocol-agnostic handshake state machine, not the protocol-specific
handshake message layer.
Change-Id: I12f9dc57bf433ceead0591106ab165d352ef6ee4
Reviewed-on: https://boringssl-review.googlesource.com/7949
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index 957b740..52e5743 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -312,17 +312,12 @@
#define SSL3_ST_CW_CLNT_HELLO_B (0x111 | SSL_ST_CONNECT)
/* read from server */
#define SSL3_ST_CR_SRVR_HELLO_A (0x120 | SSL_ST_CONNECT)
-#define SSL3_ST_CR_SRVR_HELLO_B (0x121 | SSL_ST_CONNECT)
#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126 | SSL_ST_CONNECT)
-#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127 | SSL_ST_CONNECT)
#define SSL3_ST_CR_CERT_A (0x130 | SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_B (0x131 | SSL_ST_CONNECT)
#define SSL3_ST_CR_KEY_EXCH_A (0x140 | SSL_ST_CONNECT)
#define SSL3_ST_CR_KEY_EXCH_B (0x141 | SSL_ST_CONNECT)
#define SSL3_ST_CR_CERT_REQ_A (0x150 | SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_REQ_B (0x151 | SSL_ST_CONNECT)
#define SSL3_ST_CR_SRVR_DONE_A (0x160 | SSL_ST_CONNECT)
-#define SSL3_ST_CR_SRVR_DONE_B (0x161 | SSL_ST_CONNECT)
/* write to server */
#define SSL3_ST_CW_CERT_A (0x170 | SSL_ST_CONNECT)
#define SSL3_ST_CW_CERT_B (0x171 | SSL_ST_CONNECT)
@@ -344,11 +339,12 @@
/* read from server */
#define SSL3_ST_CR_CHANGE (0x1C0 | SSL_ST_CONNECT)
#define SSL3_ST_CR_FINISHED_A (0x1D0 | SSL_ST_CONNECT)
-#define SSL3_ST_CR_FINISHED_B (0x1D1 | SSL_ST_CONNECT)
#define SSL3_ST_CR_SESSION_TICKET_A (0x1E0 | SSL_ST_CONNECT)
-#define SSL3_ST_CR_SESSION_TICKET_B (0x1E1 | SSL_ST_CONNECT)
#define SSL3_ST_CR_CERT_STATUS_A (0x1F0 | SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_STATUS_B (0x1F1 | SSL_ST_CONNECT)
+
+/* SSL3_ST_CR_SRVR_HELLO_B is a legacy alias for |SSL3_ST_CR_SRVR_HELLO_A| used
+ * by some consumers which check |SSL_state|. */
+#define SSL3_ST_CR_SRVR_HELLO_B SSL3_ST_CR_SRVR_HELLO_A
/* server */
/* extra state */
@@ -359,7 +355,6 @@
#define SSL3_ST_SR_CLNT_HELLO_A (0x110 | SSL_ST_ACCEPT)
#define SSL3_ST_SR_CLNT_HELLO_B (0x111 | SSL_ST_ACCEPT)
#define SSL3_ST_SR_CLNT_HELLO_C (0x112 | SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CLNT_HELLO_D (0x115 | SSL_ST_ACCEPT)
/* write to client */
#define SSL3_ST_SW_HELLO_REQ_A (0x120 | SSL_ST_ACCEPT)
#define SSL3_ST_SW_HELLO_REQ_B (0x121 | SSL_ST_ACCEPT)
@@ -377,19 +372,13 @@
#define SSL3_ST_SW_SRVR_DONE_B (0x171 | SSL_ST_ACCEPT)
/* read from client */
#define SSL3_ST_SR_CERT_A (0x180 | SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CERT_B (0x181 | SSL_ST_ACCEPT)
#define SSL3_ST_SR_KEY_EXCH_A (0x190 | SSL_ST_ACCEPT)
#define SSL3_ST_SR_KEY_EXCH_B (0x191 | SSL_ST_ACCEPT)
-#define SSL3_ST_SR_KEY_EXCH_C (0x192 | SSL_ST_ACCEPT)
#define SSL3_ST_SR_CERT_VRFY_A (0x1A0 | SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CERT_VRFY_B (0x1A1 | SSL_ST_ACCEPT)
#define SSL3_ST_SR_CHANGE (0x1B0 | SSL_ST_ACCEPT)
#define SSL3_ST_SR_NEXT_PROTO_A (0x210 | SSL_ST_ACCEPT)
-#define SSL3_ST_SR_NEXT_PROTO_B (0x211 | SSL_ST_ACCEPT)
#define SSL3_ST_SR_CHANNEL_ID_A (0x230 | SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CHANNEL_ID_B (0x231 | SSL_ST_ACCEPT)
#define SSL3_ST_SR_FINISHED_A (0x1C0 | SSL_ST_ACCEPT)
-#define SSL3_ST_SR_FINISHED_B (0x1C1 | SSL_ST_ACCEPT)
/* write to client */
#define SSL3_ST_SW_CHANGE_A (0x1D0 | SSL_ST_ACCEPT)
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 86fbe4a..074668c 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -558,7 +558,7 @@
/* dtls1_get_message reads a handshake message of message type |msg_type| (any
* if |msg_type| == -1). Read an entire handshake message. Handshake messages
* arrive in fragments. */
-long dtls1_get_message(SSL *ssl, int st1, int stn, int msg_type,
+long dtls1_get_message(SSL *ssl, int msg_type,
enum ssl_hash_message_t hash_message, int *ok) {
pitem *item = NULL;
hm_fragment *frag = NULL;
@@ -646,7 +646,6 @@
pitem_free(item);
dtls1_hm_fragment_free(frag);
- ssl->state = stn;
*ok = 1;
return ssl->init_num;
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index 62da175..7d75ff8 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -200,7 +200,6 @@
break;
case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
- case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
ret = dtls1_get_hello_verify(ssl);
if (ret <= 0) {
goto end;
@@ -216,7 +215,6 @@
break;
case SSL3_ST_CR_SRVR_HELLO_A:
- case SSL3_ST_CR_SRVR_HELLO_B:
ret = ssl3_get_server_hello(ssl);
if (ret <= 0) {
goto end;
@@ -235,7 +233,6 @@
break;
case SSL3_ST_CR_CERT_A:
- case SSL3_ST_CR_CERT_B:
if (ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) {
ret = ssl3_get_server_certificate(ssl);
if (ret <= 0) {
@@ -264,7 +261,6 @@
break;
case SSL3_ST_CR_KEY_EXCH_A:
- case SSL3_ST_CR_KEY_EXCH_B:
ret = ssl3_get_server_key_exchange(ssl);
if (ret <= 0) {
goto end;
@@ -278,7 +274,6 @@
break;
case SSL3_ST_CR_CERT_REQ_A:
- case SSL3_ST_CR_CERT_REQ_B:
ret = ssl3_get_certificate_request(ssl);
if (ret <= 0) {
goto end;
@@ -288,7 +283,6 @@
break;
case SSL3_ST_CR_SRVR_DONE_A:
- case SSL3_ST_CR_SRVR_DONE_B:
ret = ssl3_get_server_done(ssl);
if (ret <= 0) {
goto end;
@@ -393,7 +387,6 @@
break;
case SSL3_ST_CR_SESSION_TICKET_A:
- case SSL3_ST_CR_SESSION_TICKET_B:
ret = ssl3_get_new_session_ticket(ssl);
if (ret <= 0) {
goto end;
@@ -403,7 +396,6 @@
break;
case SSL3_ST_CR_CERT_STATUS_A:
- case SSL3_ST_CR_CERT_STATUS_B:
ret = ssl3_get_cert_status(ssl);
if (ret <= 0) {
goto end;
@@ -426,9 +418,7 @@
break;
case SSL3_ST_CR_FINISHED_A:
- case SSL3_ST_CR_FINISHED_B:
- ret =
- ssl3_get_finished(ssl, SSL3_ST_CR_FINISHED_A, SSL3_ST_CR_FINISHED_B);
+ ret = ssl3_get_finished(ssl);
if (ret <= 0) {
goto end;
}
@@ -507,9 +497,7 @@
CBS hello_verify_request, cookie;
uint16_t server_version;
- n = ssl->method->ssl_get_message(ssl, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
- DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1,
- ssl_hash_message, &ok);
+ n = ssl->method->ssl_get_message(ssl, -1, ssl_hash_message, &ok);
if (!ok) {
return n;
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index f715f29..f7be396 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -185,7 +185,6 @@
case SSL3_ST_SR_CLNT_HELLO_A:
case SSL3_ST_SR_CLNT_HELLO_B:
case SSL3_ST_SR_CLNT_HELLO_C:
- case SSL3_ST_SR_CLNT_HELLO_D:
ret = ssl3_get_client_hello(ssl);
if (ret <= 0) {
goto end;
@@ -310,7 +309,6 @@
break;
case SSL3_ST_SR_CERT_A:
- case SSL3_ST_SR_CERT_B:
if (ssl->s3->tmp.cert_request) {
ret = ssl3_get_client_certificate(ssl);
if (ret <= 0) {
@@ -323,7 +321,6 @@
case SSL3_ST_SR_KEY_EXCH_A:
case SSL3_ST_SR_KEY_EXCH_B:
- case SSL3_ST_SR_KEY_EXCH_C:
ret = ssl3_get_client_key_exchange(ssl);
if (ret <= 0) {
goto end;
@@ -333,7 +330,6 @@
break;
case SSL3_ST_SR_CERT_VRFY_A:
- case SSL3_ST_SR_CERT_VRFY_B:
ret = ssl3_get_cert_verify(ssl);
if (ret <= 0) {
goto end;
@@ -357,9 +353,7 @@
break;
case SSL3_ST_SR_FINISHED_A:
- case SSL3_ST_SR_FINISHED_B:
- ret = ssl3_get_finished(ssl, SSL3_ST_SR_FINISHED_A,
- SSL3_ST_SR_FINISHED_B);
+ ret = ssl3_get_finished(ssl);
if (ret <= 0) {
goto end;
}
diff --git a/ssl/internal.h b/ssl/internal.h
index cb16b34..962d835 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -853,9 +853,8 @@
void (*ssl_free)(SSL *ssl);
int (*ssl_accept)(SSL *ssl);
int (*ssl_connect)(SSL *ssl);
- long (*ssl_get_message)(SSL *ssl, int header_state, int body_state,
- int msg_type, enum ssl_hash_message_t hash_message,
- int *ok);
+ long (*ssl_get_message)(SSL *ssl, int msg_type,
+ enum ssl_hash_message_t hash_message, int *ok);
int (*ssl_read_app_data)(SSL *ssl, uint8_t *buf, int len, int peek);
int (*ssl_read_change_cipher_spec)(SSL *ssl);
void (*ssl_read_close_notify)(SSL *ssl);
@@ -1044,13 +1043,13 @@
int ssl3_send_server_certificate(SSL *ssl);
int ssl3_send_new_session_ticket(SSL *ssl);
int ssl3_send_certificate_status(SSL *ssl);
-int ssl3_get_finished(SSL *ssl, int state_a, int state_b);
+int ssl3_get_finished(SSL *ssl);
int ssl3_send_change_cipher_spec(SSL *ssl, int state_a, int state_b);
void ssl3_cleanup_key_block(SSL *ssl);
int ssl3_do_write(SSL *ssl, int type);
int ssl3_send_alert(SSL *ssl, int level, int desc);
int ssl3_get_req_cert_type(SSL *ssl, uint8_t *p);
-long ssl3_get_message(SSL *ssl, int header_state, int body_state, int msg_type,
+long ssl3_get_message(SSL *ssl, int msg_type,
enum ssl_hash_message_t hash_message, int *ok);
/* ssl3_hash_current_message incorporates the current handshake message into the
@@ -1156,8 +1155,8 @@
int dtls1_connect(SSL *ssl);
void dtls1_free(SSL *ssl);
-long dtls1_get_message(SSL *ssl, int st1, int stn, int mt,
- enum ssl_hash_message_t hash_message, int *ok);
+long dtls1_get_message(SSL *ssl, int mt, enum ssl_hash_message_t hash_message,
+ int *ok);
int dtls1_dispatch_alert(SSL *ssl);
/* ssl_is_wbio_buffered returns one if |ssl|'s write BIO is buffered and zero
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 48519cb..d5e304d 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -211,12 +211,12 @@
ssl, !ssl->server, ssl->s3->tmp.peer_finish_md);
}
-int ssl3_get_finished(SSL *ssl, int a, int b) {
+int ssl3_get_finished(SSL *ssl) {
int al, finished_len, ok;
long message_len;
uint8_t *p;
- message_len = ssl->method->ssl_get_message(ssl, a, b, SSL3_MT_FINISHED,
+ message_len = ssl->method->ssl_get_message(ssl, SSL3_MT_FINISHED,
ssl_dont_hash_message, &ok);
if (!ok) {
@@ -328,9 +328,8 @@
}
/* Obtain handshake message of message type |msg_type| (any if |msg_type| ==
- * -1). The first four bytes (msg_type and length) are read in state
- * |header_state|, the body is read in state |body_state|. */
-long ssl3_get_message(SSL *ssl, int header_state, int body_state, int msg_type,
+ * -1). */
+long ssl3_get_message(SSL *ssl, int msg_type,
enum ssl_hash_message_t hash_message, int *ok) {
*ok = 0;
@@ -347,7 +346,6 @@
return -1;
}
*ok = 1;
- ssl->state = body_state;
assert(ssl->init_buf->length >= 4);
ssl->init_msg = (uint8_t *)ssl->init_buf->data + 4;
ssl->init_num = (int)ssl->init_buf->length - 4;
@@ -405,7 +403,6 @@
return -1;
}
ssl->s3->tmp.message_type = actual_type;
- ssl->state = body_state;
ssl->init_msg = (uint8_t*)ssl->init_buf->data + 4;
ssl->init_num = ssl->init_buf->length - 4;
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 8a6064a..9f92849 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -236,7 +236,6 @@
break;
case SSL3_ST_CR_SRVR_HELLO_A:
- case SSL3_ST_CR_SRVR_HELLO_B:
ret = ssl3_get_server_hello(ssl);
if (ret <= 0) {
goto end;
@@ -255,7 +254,6 @@
break;
case SSL3_ST_CR_CERT_A:
- case SSL3_ST_CR_CERT_B:
if (ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) {
ret = ssl3_get_server_certificate(ssl);
if (ret <= 0) {
@@ -284,7 +282,6 @@
break;
case SSL3_ST_CR_KEY_EXCH_A:
- case SSL3_ST_CR_KEY_EXCH_B:
ret = ssl3_get_server_key_exchange(ssl);
if (ret <= 0) {
goto end;
@@ -298,7 +295,6 @@
break;
case SSL3_ST_CR_CERT_REQ_A:
- case SSL3_ST_CR_CERT_REQ_B:
ret = ssl3_get_certificate_request(ssl);
if (ret <= 0) {
goto end;
@@ -308,7 +304,6 @@
break;
case SSL3_ST_CR_SRVR_DONE_A:
- case SSL3_ST_CR_SRVR_DONE_B:
ret = ssl3_get_server_done(ssl);
if (ret <= 0) {
goto end;
@@ -448,7 +443,6 @@
break;
case SSL3_ST_CR_SESSION_TICKET_A:
- case SSL3_ST_CR_SESSION_TICKET_B:
ret = ssl3_get_new_session_ticket(ssl);
if (ret <= 0) {
goto end;
@@ -458,7 +452,6 @@
break;
case SSL3_ST_CR_CERT_STATUS_A:
- case SSL3_ST_CR_CERT_STATUS_B:
ret = ssl3_get_cert_status(ssl);
if (ret <= 0) {
goto end;
@@ -481,9 +474,7 @@
break;
case SSL3_ST_CR_FINISHED_A:
- case SSL3_ST_CR_FINISHED_B:
- ret = ssl3_get_finished(ssl, SSL3_ST_CR_FINISHED_A,
- SSL3_ST_CR_FINISHED_B);
+ ret = ssl3_get_finished(ssl);
if (ret <= 0) {
goto end;
}
@@ -729,9 +720,8 @@
uint16_t server_version, cipher_suite;
uint8_t compression_method;
- n = ssl->method->ssl_get_message(ssl, SSL3_ST_CR_SRVR_HELLO_A,
- SSL3_ST_CR_SRVR_HELLO_B,
- SSL3_MT_SERVER_HELLO, ssl_hash_message, &ok);
+ n = ssl->method->ssl_get_message(ssl, SSL3_MT_SERVER_HELLO, ssl_hash_message,
+ &ok);
if (!ok) {
uint32_t err = ERR_peek_error();
@@ -959,8 +949,8 @@
CBS cbs, certificate_list;
const uint8_t *data;
- n = ssl->method->ssl_get_message(ssl, SSL3_ST_CR_CERT_A, SSL3_ST_CR_CERT_B,
- SSL3_MT_CERTIFICATE, ssl_hash_message, &ok);
+ n = ssl->method->ssl_get_message(ssl, SSL3_MT_CERTIFICATE, ssl_hash_message,
+ &ok);
if (!ok) {
return n;
@@ -1048,9 +1038,7 @@
EC_KEY *ecdh = NULL;
EC_POINT *srvr_ecpoint = NULL;
- long n = ssl->method->ssl_get_message(ssl, SSL3_ST_CR_KEY_EXCH_A,
- SSL3_ST_CR_KEY_EXCH_B, -1,
- ssl_hash_message, &ok);
+ long n = ssl->method->ssl_get_message(ssl, -1, ssl_hash_message, &ok);
if (!ok) {
return n;
}
@@ -1295,9 +1283,7 @@
X509_NAME *xn = NULL;
STACK_OF(X509_NAME) *ca_sk = NULL;
- long n = ssl->method->ssl_get_message(ssl, SSL3_ST_CR_CERT_REQ_A,
- SSL3_ST_CR_CERT_REQ_B, -1,
- ssl_hash_message, &ok);
+ long n = ssl->method->ssl_get_message(ssl, -1, ssl_hash_message, &ok);
if (!ok) {
return n;
@@ -1402,9 +1388,8 @@
int ssl3_get_new_session_ticket(SSL *ssl) {
int ok, al;
- long n = ssl->method->ssl_get_message(
- ssl, SSL3_ST_CR_SESSION_TICKET_A, SSL3_ST_CR_SESSION_TICKET_B,
- SSL3_MT_NEWSESSION_TICKET, ssl_hash_message, &ok);
+ long n = ssl->method->ssl_get_message(ssl, SSL3_MT_NEWSESSION_TICKET,
+ ssl_hash_message, &ok);
if (!ok) {
return n;
@@ -1480,9 +1465,7 @@
CBS certificate_status, ocsp_response;
uint8_t status_type;
- n = ssl->method->ssl_get_message(ssl, SSL3_ST_CR_CERT_STATUS_A,
- SSL3_ST_CR_CERT_STATUS_B, -1,
- ssl_hash_message, &ok);
+ n = ssl->method->ssl_get_message(ssl, -1, ssl_hash_message, &ok);
if (!ok) {
return n;
@@ -1523,9 +1506,8 @@
int ok;
long n;
- n = ssl->method->ssl_get_message(ssl, SSL3_ST_CR_SRVR_DONE_A,
- SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE,
- ssl_hash_message, &ok);
+ n = ssl->method->ssl_get_message(ssl, SSL3_MT_SERVER_DONE, ssl_hash_message,
+ &ok);
if (!ok) {
return n;
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 266fb62..3303d00 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -257,7 +257,6 @@
case SSL3_ST_SR_CLNT_HELLO_A:
case SSL3_ST_SR_CLNT_HELLO_B:
case SSL3_ST_SR_CLNT_HELLO_C:
- case SSL3_ST_SR_CLNT_HELLO_D:
ret = ssl3_get_client_hello(ssl);
if (ret <= 0) {
goto end;
@@ -380,7 +379,6 @@
break;
case SSL3_ST_SR_CERT_A:
- case SSL3_ST_SR_CERT_B:
if (ssl->s3->tmp.cert_request) {
ret = ssl3_get_client_certificate(ssl);
if (ret <= 0) {
@@ -393,7 +391,6 @@
case SSL3_ST_SR_KEY_EXCH_A:
case SSL3_ST_SR_KEY_EXCH_B:
- case SSL3_ST_SR_KEY_EXCH_C:
ret = ssl3_get_client_key_exchange(ssl);
if (ret <= 0) {
goto end;
@@ -403,7 +400,6 @@
break;
case SSL3_ST_SR_CERT_VRFY_A:
- case SSL3_ST_SR_CERT_VRFY_B:
ret = ssl3_get_cert_verify(ssl);
if (ret <= 0) {
goto end;
@@ -434,7 +430,6 @@
break;
case SSL3_ST_SR_NEXT_PROTO_A:
- case SSL3_ST_SR_NEXT_PROTO_B:
ret = ssl3_get_next_proto(ssl);
if (ret <= 0) {
goto end;
@@ -448,7 +443,6 @@
break;
case SSL3_ST_SR_CHANNEL_ID_A:
- case SSL3_ST_SR_CHANNEL_ID_B:
ret = ssl3_get_channel_id(ssl);
if (ret <= 0) {
goto end;
@@ -458,9 +452,7 @@
break;
case SSL3_ST_SR_FINISHED_A:
- case SSL3_ST_SR_FINISHED_B:
- ret = ssl3_get_finished(ssl, SSL3_ST_SR_FINISHED_A,
- SSL3_ST_SR_FINISHED_B);
+ ret = ssl3_get_finished(ssl);
if (ret <= 0) {
goto end;
}
@@ -765,19 +757,17 @@
* SSLv3, even if prompted with TLSv1. */
switch (ssl->state) {
case SSL3_ST_SR_CLNT_HELLO_A:
- case SSL3_ST_SR_CLNT_HELLO_B:
- n = ssl->method->ssl_get_message(
- ssl, SSL3_ST_SR_CLNT_HELLO_A, SSL3_ST_SR_CLNT_HELLO_B,
- SSL3_MT_CLIENT_HELLO, ssl_hash_message, &ok);
+ n = ssl->method->ssl_get_message(ssl, SSL3_MT_CLIENT_HELLO,
+ ssl_hash_message, &ok);
if (!ok) {
return n;
}
- ssl->state = SSL3_ST_SR_CLNT_HELLO_C;
+ ssl->state = SSL3_ST_SR_CLNT_HELLO_B;
/* fallthrough */
+ case SSL3_ST_SR_CLNT_HELLO_B:
case SSL3_ST_SR_CLNT_HELLO_C:
- case SSL3_ST_SR_CLNT_HELLO_D:
/* We have previously parsed the ClientHello message, and can't call
* ssl_get_message again without hashing the message into the Finished
* digest again. */
@@ -793,9 +783,9 @@
goto f_err;
}
- if (ssl->state == SSL3_ST_SR_CLNT_HELLO_C &&
+ if (ssl->state == SSL3_ST_SR_CLNT_HELLO_B &&
ssl->ctx->select_certificate_cb != NULL) {
- ssl->state = SSL3_ST_SR_CLNT_HELLO_D;
+ ssl->state = SSL3_ST_SR_CLNT_HELLO_C;
switch (ssl->ctx->select_certificate_cb(&early_ctx)) {
case 0:
ssl->rwstate = SSL_CERTIFICATE_SELECTION_PENDING;
@@ -811,7 +801,7 @@
/* fallthrough */;
}
}
- ssl->state = SSL3_ST_SR_CLNT_HELLO_D;
+ ssl->state = SSL3_ST_SR_CLNT_HELLO_C;
break;
default:
@@ -1446,12 +1436,10 @@
unsigned psk_len = 0;
uint8_t psk[PSK_MAX_PSK_LEN];
- if (ssl->state == SSL3_ST_SR_KEY_EXCH_A ||
- ssl->state == SSL3_ST_SR_KEY_EXCH_B) {
+ if (ssl->state == SSL3_ST_SR_KEY_EXCH_A) {
int ok;
const long n = ssl->method->ssl_get_message(
- ssl, SSL3_ST_SR_KEY_EXCH_A, SSL3_ST_SR_KEY_EXCH_B,
- SSL3_MT_CLIENT_KEY_EXCHANGE, ssl_hash_message, &ok);
+ ssl, SSL3_MT_CLIENT_KEY_EXCHANGE, ssl_hash_message, &ok);
if (!ok) {
return n;
}
@@ -1521,7 +1509,7 @@
enum ssl_private_key_result_t decrypt_result;
size_t decrypt_len;
- if (ssl->state == SSL3_ST_SR_KEY_EXCH_B) {
+ if (ssl->state == SSL3_ST_SR_KEY_EXCH_A) {
if (!ssl_has_private_key(ssl) ||
ssl_private_key_type(ssl) != EVP_PKEY_RSA) {
al = SSL_AD_HANDSHAKE_FAILURE;
@@ -1549,7 +1537,7 @@
CBS_data(&encrypted_premaster_secret),
CBS_len(&encrypted_premaster_secret));
} else {
- assert(ssl->state == SSL3_ST_SR_KEY_EXCH_C);
+ assert(ssl->state == SSL3_ST_SR_KEY_EXCH_B);
/* Complete async decrypt. */
decrypt_result = ssl_private_key_decrypt_complete(
ssl, decrypt_buf, &decrypt_len, rsa_size);
@@ -1562,7 +1550,7 @@
goto err;
case ssl_private_key_retry:
ssl->rwstate = SSL_PRIVATE_KEY_OPERATION;
- ssl->state = SSL3_ST_SR_KEY_EXCH_C;
+ ssl->state = SSL3_ST_SR_KEY_EXCH_B;
goto err;
}
@@ -1731,9 +1719,8 @@
return 1;
}
- n = ssl->method->ssl_get_message(
- ssl, SSL3_ST_SR_CERT_VRFY_A, SSL3_ST_SR_CERT_VRFY_B,
- SSL3_MT_CERTIFICATE_VERIFY, ssl_dont_hash_message, &ok);
+ n = ssl->method->ssl_get_message(ssl, SSL3_MT_CERTIFICATE_VERIFY,
+ ssl_dont_hash_message, &ok);
if (!ok) {
return n;
@@ -1829,8 +1816,7 @@
int is_first_certificate = 1;
assert(ssl->s3->tmp.cert_request);
- n = ssl->method->ssl_get_message(ssl, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
- -1, ssl_hash_message, &ok);
+ n = ssl->method->ssl_get_message(ssl, -1, ssl_hash_message, &ok);
if (!ok) {
return n;
@@ -2117,9 +2103,8 @@
return -1;
}
- n = ssl->method->ssl_get_message(ssl, SSL3_ST_SR_NEXT_PROTO_A,
- SSL3_ST_SR_NEXT_PROTO_B, SSL3_MT_NEXT_PROTO,
- ssl_hash_message, &ok);
+ n = ssl->method->ssl_get_message(ssl, SSL3_MT_NEXT_PROTO, ssl_hash_message,
+ &ok);
if (!ok) {
return n;
@@ -2158,9 +2143,8 @@
BIGNUM x, y;
CBS encrypted_extensions, extension;
- n = ssl->method->ssl_get_message(
- ssl, SSL3_ST_SR_CHANNEL_ID_A, SSL3_ST_SR_CHANNEL_ID_B,
- SSL3_MT_ENCRYPTED_EXTENSIONS, ssl_dont_hash_message, &ok);
+ n = ssl->method->ssl_get_message(ssl, SSL3_MT_ENCRYPTED_EXTENSIONS,
+ ssl_dont_hash_message, &ok);
if (!ok) {
return n;
diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c
index 8fa197d..15d1270 100644
--- a/ssl/ssl_stat.c
+++ b/ssl/ssl_stat.c
@@ -110,39 +110,21 @@
case SSL3_ST_CR_SRVR_HELLO_A:
return "SSLv3 read server hello A";
- case SSL3_ST_CR_SRVR_HELLO_B:
- return "SSLv3 read server hello B";
-
case SSL3_ST_CR_CERT_A:
return "SSLv3 read server certificate A";
- case SSL3_ST_CR_CERT_B:
- return "SSLv3 read server certificate B";
-
case SSL3_ST_CR_KEY_EXCH_A:
return "SSLv3 read server key exchange A";
- case SSL3_ST_CR_KEY_EXCH_B:
- return "SSLv3 read server key exchange B";
-
case SSL3_ST_CR_CERT_REQ_A:
return "SSLv3 read server certificate request A";
- case SSL3_ST_CR_CERT_REQ_B:
- return "SSLv3 read server certificate request B";
-
case SSL3_ST_CR_SESSION_TICKET_A:
return "SSLv3 read server session ticket A";
- case SSL3_ST_CR_SESSION_TICKET_B:
- return "SSLv3 read server session ticket B";
-
case SSL3_ST_CR_SRVR_DONE_A:
return "SSLv3 read server done A";
- case SSL3_ST_CR_SRVR_DONE_B:
- return "SSLv3 read server done B";
-
case SSL3_ST_CW_CERT_A:
return "SSLv3 write client certificate A";
@@ -191,10 +173,6 @@
case SSL3_ST_SR_FINISHED_A:
return "SSLv3 read finished A";
- case SSL3_ST_CR_FINISHED_B:
- case SSL3_ST_SR_FINISHED_B:
- return "SSLv3 read finished B";
-
case SSL3_ST_CW_FLUSH:
case SSL3_ST_SW_FLUSH:
return "SSLv3 flush data";
@@ -208,9 +186,6 @@
case SSL3_ST_SR_CLNT_HELLO_C:
return "SSLv3 read client hello C";
- case SSL3_ST_SR_CLNT_HELLO_D:
- return "SSLv3 read client hello D";
-
case SSL3_ST_SW_HELLO_REQ_A:
return "SSLv3 write hello request A";
@@ -259,9 +234,6 @@
case SSL3_ST_SR_CERT_A:
return "SSLv3 read client certificate A";
- case SSL3_ST_SR_CERT_B:
- return "SSLv3 read client certificate B";
-
case SSL3_ST_SR_KEY_EXCH_A:
return "SSLv3 read client key exchange A";
@@ -271,16 +243,10 @@
case SSL3_ST_SR_CERT_VRFY_A:
return "SSLv3 read certificate verify A";
- case SSL3_ST_SR_CERT_VRFY_B:
- return "SSLv3 read certificate verify B";
-
/* DTLS */
case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
return "DTLS1 read hello verify request A";
- case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
- return "DTLS1 read hello verify request B";
-
default:
return "unknown state";
}
@@ -311,33 +277,18 @@
case SSL3_ST_CR_SRVR_HELLO_A:
return "3RSH_A";
- case SSL3_ST_CR_SRVR_HELLO_B:
- return "3RSH_B";
-
case SSL3_ST_CR_CERT_A:
return "3RSC_A";
- case SSL3_ST_CR_CERT_B:
- return "3RSC_B";
-
case SSL3_ST_CR_KEY_EXCH_A:
return "3RSKEA";
- case SSL3_ST_CR_KEY_EXCH_B:
- return "3RSKEB";
-
case SSL3_ST_CR_CERT_REQ_A:
return "3RCR_A";
- case SSL3_ST_CR_CERT_REQ_B:
- return "3RCR_B";
-
case SSL3_ST_CR_SRVR_DONE_A:
return "3RSD_A";
- case SSL3_ST_CR_SRVR_DONE_B:
- return "3RSD_B";
-
case SSL3_ST_CW_CERT_A:
return "3WCC_A";
@@ -386,10 +337,6 @@
case SSL3_ST_CR_FINISHED_A:
return "3RFINA";
- case SSL3_ST_SR_FINISHED_B:
- case SSL3_ST_CR_FINISHED_B:
- return "3RFINB";
-
case SSL3_ST_SW_HELLO_REQ_A:
return "3WHR_A";
@@ -408,9 +355,6 @@
case SSL3_ST_SR_CLNT_HELLO_C:
return "3RCH_C";
- case SSL3_ST_SR_CLNT_HELLO_D:
- return "3RCH_D";
-
case SSL3_ST_SW_SRVR_HELLO_A:
return "3WSH_A";
@@ -444,28 +388,16 @@
case SSL3_ST_SR_CERT_A:
return "3RCC_A";
- case SSL3_ST_SR_CERT_B:
- return "3RCC_B";
-
case SSL3_ST_SR_KEY_EXCH_A:
return "3RCKEA";
- case SSL3_ST_SR_KEY_EXCH_B:
- return "3RCKEB";
-
case SSL3_ST_SR_CERT_VRFY_A:
return "3RCV_A";
- case SSL3_ST_SR_CERT_VRFY_B:
- return "3RCV_B";
-
/* DTLS */
case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
return "DRCHVA";
- case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
- return "DRCHVB";
-
default:
return "UNKWN ";
}
