commit 84ec49e914fa812f5d0169e977eb47e52afc17ff
author David Benjamin <davidben@chromium.org> Tue Jul 22 14:25:28 2014 -0400
committer Adam Langley <agl@google.com> Fri Jul 25 17:44:40 2014 +0000
tree febd024426a1571e7970e113d4ed909f2874b370
parent 794bf6e0cea9eca3406a821330be5dde0d014c47

Consolidate CCS_OK codepaths in s3_srvr.c.

Rename SSL3_ST_SR_POST_CLIENT_CERT to SSL3_ST_SR_CHANGE and have this be the
point at which CCS_OK is set. The copy before ssl3_get_finished is redundant as
we never transition to SR_FINISHED directly.

Change-Id: I3eefeb821e7ae53d52dacc587fdc59de9ea9a667
Reviewed-on: https://boringssl-review.googlesource.com/1297
Reviewed-by: Adam Langley <agl@google.com>

ssl/s3_srvr.c

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index bc2f538..36b421e 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -501,7 +501,7 @@
 				 * message is not sent.
 				 */
 				s->init_num = 0;
-				s->state=SSL3_ST_SR_POST_CLIENT_CERT;
+				s->state = SSL3_ST_SR_CHANGE;
 				}
 			else if (SSL_USE_SIGALGS(s))
 				{
@@ -559,11 +559,11 @@
 			ret=ssl3_get_cert_verify(s);
 			if (ret <= 0) goto end;
 
-			s->state=SSL3_ST_SR_POST_CLIENT_CERT;
+			s->state = SSL3_ST_SR_CHANGE;
 			s->init_num=0;
 			break;
 
-		case SSL3_ST_SR_POST_CLIENT_CERT: {
+		case SSL3_ST_SR_CHANGE: {
 			char next_proto_neg = 0;
 			char channel_id = 0;
 # if !defined(OPENSSL_NO_NEXTPROTONEG)
@@ -571,13 +571,15 @@
 # endif
 			channel_id = s->s3->tlsext_channel_id_valid;
 
+			/* At this point, the next message must be entirely
+			 * behind a ChangeCipherSpec. */
 			s->s3->flags |= SSL3_FLAGS_CCS_OK;
 			if (next_proto_neg)
-				s->state=SSL3_ST_SR_NEXT_PROTO_A;
+				s->state = SSL3_ST_SR_NEXT_PROTO_A;
 			else if (channel_id)
-				s->state=SSL3_ST_SR_CHANNEL_ID_A;
+				s->state = SSL3_ST_SR_CHANNEL_ID_A;
 			else
-				s->state=SSL3_ST_SR_FINISHED_A;
+				s->state = SSL3_ST_SR_FINISHED_A;
 			break;
 		}
 
@@ -604,7 +606,6 @@
 
 		case SSL3_ST_SR_FINISHED_A:
 		case SSL3_ST_SR_FINISHED_B:
-			s->s3->flags |= SSL3_FLAGS_CCS_OK;
 			ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
 				SSL3_ST_SR_FINISHED_B);
 			if (ret <= 0) goto end;
@@ -672,11 +673,11 @@
 				s->method->ssl3_enc->server_finished_label,
 				s->method->ssl3_enc->server_finished_label_len);
 			if (ret <= 0) goto end;
-			s->state=SSL3_ST_SW_FLUSH;
+			s->state = SSL3_ST_SW_FLUSH;
 			if (s->hit)
-				s->s3->tmp.next_state=SSL3_ST_SR_POST_CLIENT_CERT;
+				s->s3->tmp.next_state = SSL3_ST_SR_CHANGE;
 			else
-				s->s3->tmp.next_state=SSL_ST_OK;
+				s->s3->tmp.next_state = SSL_ST_OK;
 			s->init_num=0;
 			break;