Rename TLS-specific functions to tls_foo from ssl3_foo. Some of the TLS-specific functions begin with ssl3_, otherwise with tls_. Align on tls_ since we don't implement SSL 3.0 anymore. (Plain ssl_ means common to TLS and DTLS, which is an odd backronym, but SSL_foo for the APIs are thoroughly stuck.) Change-Id: Ib7acffd21ee370bb9bed46789fb511d00fac24ca Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/39985 Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/d1_lib.cc b/ssl/d1_lib.cc index 0e0b211..52fbfae 100644 --- a/ssl/d1_lib.cc +++ b/ssl/d1_lib.cc
@@ -86,12 +86,12 @@ DTLS1_STATE::~DTLS1_STATE() {} bool dtls1_new(SSL *ssl) { - if (!ssl3_new(ssl)) { + if (!tls_new(ssl)) { return false; } UniquePtr<DTLS1_STATE> d1 = MakeUnique<DTLS1_STATE>(); if (!d1) { - ssl3_free(ssl); + tls_free(ssl); return false; } @@ -107,7 +107,7 @@ } void dtls1_free(SSL *ssl) { - ssl3_free(ssl); + tls_free(ssl); if (ssl == NULL) { return;
diff --git a/ssl/internal.h b/ssl/internal.h index 932dd0c..257f7ec 100644 --- a/ssl/internal.h +++ b/ssl/internal.h
@@ -2837,29 +2837,29 @@ void ssl_send_alert(SSL *ssl, int level, int desc); int ssl_send_alert_impl(SSL *ssl, int level, int desc); -bool ssl3_get_message(const SSL *ssl, SSLMessage *out); -ssl_open_record_t ssl3_open_handshake(SSL *ssl, size_t *out_consumed, - uint8_t *out_alert, Span<uint8_t> in); -void ssl3_next_message(SSL *ssl); +bool tls_get_message(const SSL *ssl, SSLMessage *out); +ssl_open_record_t tls_open_handshake(SSL *ssl, size_t *out_consumed, + uint8_t *out_alert, Span<uint8_t> in); +void tls_next_message(SSL *ssl); -int ssl3_dispatch_alert(SSL *ssl); -ssl_open_record_t ssl3_open_app_data(SSL *ssl, Span<uint8_t> *out, - size_t *out_consumed, uint8_t *out_alert, - Span<uint8_t> in); -ssl_open_record_t ssl3_open_change_cipher_spec(SSL *ssl, size_t *out_consumed, - uint8_t *out_alert, - Span<uint8_t> in); -int ssl3_write_app_data(SSL *ssl, bool *out_needs_handshake, const uint8_t *buf, - int len); +int tls_dispatch_alert(SSL *ssl); +ssl_open_record_t tls_open_app_data(SSL *ssl, Span<uint8_t> *out, + size_t *out_consumed, uint8_t *out_alert, + Span<uint8_t> in); +ssl_open_record_t tls_open_change_cipher_spec(SSL *ssl, size_t *out_consumed, + uint8_t *out_alert, + Span<uint8_t> in); +int tls_write_app_data(SSL *ssl, bool *out_needs_handshake, const uint8_t *buf, + int len); -bool ssl3_new(SSL *ssl); -void ssl3_free(SSL *ssl); +bool tls_new(SSL *ssl); +void tls_free(SSL *ssl); -bool ssl3_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type); -bool ssl3_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg); -bool ssl3_add_message(SSL *ssl, Array<uint8_t> msg); -bool ssl3_add_change_cipher_spec(SSL *ssl); -int ssl3_flush_flight(SSL *ssl); +bool tls_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type); +bool tls_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg); +bool tls_add_message(SSL *ssl, Array<uint8_t> msg); +bool tls_add_change_cipher_spec(SSL *ssl); +int tls_flush_flight(SSL *ssl); bool dtls1_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type); bool dtls1_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg);
diff --git a/ssl/s3_both.cc b/ssl/s3_both.cc index 1ec596a..4415bd7 100644 --- a/ssl/s3_both.cc +++ b/ssl/s3_both.cc
@@ -168,7 +168,7 @@ return true; } -bool ssl3_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type) { +bool tls_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type) { // Pick a modest size hint to save most of the |realloc| calls. if (!CBB_init(cbb, 64) || !CBB_add_u8(cbb, type) || @@ -181,11 +181,11 @@ return true; } -bool ssl3_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg) { +bool tls_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg) { return CBBFinishArray(cbb, out_msg); } -bool ssl3_add_message(SSL *ssl, Array<uint8_t> msg) { +bool tls_add_message(SSL *ssl, Array<uint8_t> msg) { // Pack handshake data into the minimal number of records. This avoids // unnecessary encryption overhead, notably in TLS 1.3 where we send several // encrypted messages in a row. For now, we do not do this for the null @@ -262,7 +262,7 @@ return add_record_to_flight(ssl, SSL3_RT_HANDSHAKE, data); } -bool ssl3_add_change_cipher_spec(SSL *ssl) { +bool tls_add_change_cipher_spec(SSL *ssl) { static const uint8_t kChangeCipherSpec[1] = {SSL3_MT_CCS}; if (!tls_flush_pending_hs_data(ssl)) { @@ -280,7 +280,7 @@ return true; } -int ssl3_flush_flight(SSL *ssl) { +int tls_flush_flight(SSL *ssl) { if (!tls_flush_pending_hs_data(ssl)) { return -1; } @@ -496,7 +496,7 @@ return true; } -bool ssl3_get_message(const SSL *ssl, SSLMessage *out) { +bool tls_get_message(const SSL *ssl, SSLMessage *out) { size_t unused; if (!parse_message(ssl, out, &unused)) { return false; @@ -552,8 +552,8 @@ BUF_MEM_append(ssl->s3->hs_buf.get(), data.data(), data.size()); } -ssl_open_record_t ssl3_open_handshake(SSL *ssl, size_t *out_consumed, - uint8_t *out_alert, Span<uint8_t> in) { +ssl_open_record_t tls_open_handshake(SSL *ssl, size_t *out_consumed, + uint8_t *out_alert, Span<uint8_t> in) { *out_consumed = 0; // Bypass the record layer for the first message to handle V2ClientHello. if (ssl->server && !ssl->s3->v2_hello_done) { @@ -631,9 +631,9 @@ return ssl_open_record_success; } -void ssl3_next_message(SSL *ssl) { +void tls_next_message(SSL *ssl) { SSLMessage msg; - if (!ssl3_get_message(ssl, &msg) || + if (!tls_get_message(ssl, &msg) || !ssl->s3->hs_buf || ssl->s3->hs_buf->length < CBS_len(&msg.raw)) { assert(0);
diff --git a/ssl/s3_lib.cc b/ssl/s3_lib.cc index 978b108..ee35604 100644 --- a/ssl/s3_lib.cc +++ b/ssl/s3_lib.cc
@@ -185,7 +185,7 @@ SSL3_STATE::~SSL3_STATE() {} -bool ssl3_new(SSL *ssl) { +bool tls_new(SSL *ssl) { UniquePtr<SSL3_STATE> s3 = MakeUnique<SSL3_STATE>(); if (!s3) { return false; @@ -209,7 +209,7 @@ return true; } -void ssl3_free(SSL *ssl) { +void tls_free(SSL *ssl) { if (ssl == NULL || ssl->s3 == NULL) { return; }
diff --git a/ssl/s3_pkt.cc b/ssl/s3_pkt.cc index 2fcc2a5..457696d 100644 --- a/ssl/s3_pkt.cc +++ b/ssl/s3_pkt.cc
@@ -124,10 +124,10 @@ BSSL_NAMESPACE_BEGIN -static int do_ssl3_write(SSL *ssl, int type, const uint8_t *in, unsigned len); +static int do_tls_write(SSL *ssl, int type, const uint8_t *in, unsigned len); -int ssl3_write_app_data(SSL *ssl, bool *out_needs_handshake, const uint8_t *in, - int len) { +int tls_write_app_data(SSL *ssl, bool *out_needs_handshake, const uint8_t *in, + int len) { assert(ssl_can_write(ssl)); assert(!ssl->s3->aead_write_ctx->is_null_cipher()); @@ -147,7 +147,7 @@ // Ensure that if we end up with a smaller value of data to write out than // the the original len from a write which didn't complete for non-blocking // I/O and also somehow ended up avoiding the check for this in - // ssl3_write_pending/SSL_R_BAD_WRITE_RETRY as it must never be possible to + // tls_write_pending/SSL_R_BAD_WRITE_RETRY as it must never be possible to // end up with (len-tot) as a large number that will then promptly send // beyond the end of the users buffer ... so we trap and report the error in // a way the user will notice. @@ -182,7 +182,7 @@ nw = n; } - int ret = do_ssl3_write(ssl, SSL3_RT_APPLICATION_DATA, &in[tot], nw); + int ret = do_tls_write(ssl, SSL3_RT_APPLICATION_DATA, &in[tot], nw); if (ret <= 0) { ssl->s3->wnum = tot; return ret; @@ -201,8 +201,8 @@ } } -static int ssl3_write_pending(SSL *ssl, int type, const uint8_t *in, - unsigned int len) { +static int tls_write_pending(SSL *ssl, int type, const uint8_t *in, + unsigned int len) { if (ssl->s3->wpend_tot > (int)len || (!(ssl->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) && ssl->s3->wpend_buf != in) || @@ -219,11 +219,11 @@ return ssl->s3->wpend_ret; } -// do_ssl3_write writes an SSL record of the given type. -static int do_ssl3_write(SSL *ssl, int type, const uint8_t *in, unsigned len) { +// do_tls_write writes an SSL record of the given type. +static int do_tls_write(SSL *ssl, int type, const uint8_t *in, unsigned len) { // If there is still data from the previous record, flush it. if (ssl->s3->wpend_pending) { - return ssl3_write_pending(ssl, type, in, len); + return tls_write_pending(ssl, type, in, len); } SSLBuffer *buf = &ssl->s3->write_buffer; @@ -287,7 +287,7 @@ // acknowledgments. ssl->s3->key_update_pending = false; - // Memorize arguments so that ssl3_write_pending can detect bad write retries + // Memorize arguments so that tls_write_pending can detect bad write retries // later. ssl->s3->wpend_tot = len; ssl->s3->wpend_buf = in; @@ -296,12 +296,12 @@ ssl->s3->wpend_pending = true; // We now just need to write the buffer. - return ssl3_write_pending(ssl, type, in, len); + return tls_write_pending(ssl, type, in, len); } -ssl_open_record_t ssl3_open_app_data(SSL *ssl, Span<uint8_t> *out, - size_t *out_consumed, uint8_t *out_alert, - Span<uint8_t> in) { +ssl_open_record_t tls_open_app_data(SSL *ssl, Span<uint8_t> *out, + size_t *out_consumed, uint8_t *out_alert, + Span<uint8_t> in) { assert(ssl_can_read(ssl)); assert(!ssl->s3->aead_read_ctx->is_null_cipher()); @@ -316,7 +316,7 @@ if (type == SSL3_RT_HANDSHAKE) { // Post-handshake data prior to TLS 1.3 is always renegotiation, which we - // never accept as a server. Otherwise |ssl3_get_message| will send + // never accept as a server. Otherwise |tls_get_message| will send // |SSL_R_EXCESSIVE_MESSAGE_SIZE|. if (ssl->server && ssl_protocol_version(ssl) < TLS1_3_VERSION) { OPENSSL_PUT_ERROR(SSL, SSL_R_NO_RENEGOTIATION); @@ -355,9 +355,9 @@ return ssl_open_record_success; } -ssl_open_record_t ssl3_open_change_cipher_spec(SSL *ssl, size_t *out_consumed, - uint8_t *out_alert, - Span<uint8_t> in) { +ssl_open_record_t tls_open_change_cipher_spec(SSL *ssl, size_t *out_consumed, + uint8_t *out_alert, + Span<uint8_t> in) { uint8_t type; Span<uint8_t> body; auto ret = tls_open_record(ssl, &type, &body, out_consumed, out_alert, in); @@ -426,7 +426,7 @@ return -1; } -int ssl3_dispatch_alert(SSL *ssl) { +int tls_dispatch_alert(SSL *ssl) { if (ssl->quic_method) { if (!ssl->quic_method->send_alert(ssl, ssl->s3->write_level, ssl->s3->send_alert[1])) { @@ -434,7 +434,7 @@ return 0; } } else { - int ret = do_ssl3_write(ssl, SSL3_RT_ALERT, &ssl->s3->send_alert[0], 2); + int ret = do_tls_write(ssl, SSL3_RT_ALERT, &ssl->s3->send_alert[0], 2); if (ret <= 0) { return ret; }
diff --git a/ssl/tls_method.cc b/ssl/tls_method.cc index a642e75..1ca8bc5 100644 --- a/ssl/tls_method.cc +++ b/ssl/tls_method.cc
@@ -67,7 +67,7 @@ BSSL_NAMESPACE_BEGIN -static void ssl3_on_handshake_complete(SSL *ssl) { +static void tls_on_handshake_complete(SSL *ssl) { // The handshake should have released its final message. assert(!ssl->s3->has_message); @@ -81,7 +81,7 @@ } } -static bool ssl3_set_read_state(SSL *ssl, UniquePtr<SSLAEADContext> aead_ctx) { +static bool tls_set_read_state(SSL *ssl, UniquePtr<SSLAEADContext> aead_ctx) { // Cipher changes are forbidden if the current epoch has leftover data. if (tls_has_unprocessed_handshake_data(ssl)) { OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFERED_MESSAGES_ON_CIPHER_CHANGE); @@ -94,7 +94,7 @@ return true; } -static bool ssl3_set_write_state(SSL *ssl, UniquePtr<SSLAEADContext> aead_ctx) { +static bool tls_set_write_state(SSL *ssl, UniquePtr<SSLAEADContext> aead_ctx) { if (!tls_flush_pending_hs_data(ssl)) { return false; } @@ -106,23 +106,23 @@ static const SSL_PROTOCOL_METHOD kTLSProtocolMethod = { false /* is_dtls */, - ssl3_new, - ssl3_free, - ssl3_get_message, - ssl3_next_message, - ssl3_open_handshake, - ssl3_open_change_cipher_spec, - ssl3_open_app_data, - ssl3_write_app_data, - ssl3_dispatch_alert, - ssl3_init_message, - ssl3_finish_message, - ssl3_add_message, - ssl3_add_change_cipher_spec, - ssl3_flush_flight, - ssl3_on_handshake_complete, - ssl3_set_read_state, - ssl3_set_write_state, + tls_new, + tls_free, + tls_get_message, + tls_next_message, + tls_open_handshake, + tls_open_change_cipher_spec, + tls_open_app_data, + tls_write_app_data, + tls_dispatch_alert, + tls_init_message, + tls_finish_message, + tls_add_message, + tls_add_change_cipher_spec, + tls_flush_flight, + tls_on_handshake_complete, + tls_set_read_state, + tls_set_write_state, }; static bool ssl_noop_x509_check_client_CA_names(