Rename and move a few more ssl3_ functions around.
I think that's the last of the ssl3_ prefix being used for common
functions.
Change-Id: Id83e6f2065c3765931250bd074f6ebf1fc251696
Reviewed-on: https://boringssl-review.googlesource.com/21347
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
diff --git a/ssl/handshake.cc b/ssl/handshake.cc
index 604227f..41ff7dc 100644
--- a/ssl/handshake.cc
+++ b/ssl/handshake.cc
@@ -420,6 +420,66 @@
return ssl_hs_ok;
}
+bool ssl_send_finished(SSL_HANDSHAKE *hs) {
+ SSL *const ssl = hs->ssl;
+ const SSL_SESSION *session = SSL_get_session(ssl);
+
+ uint8_t finished[EVP_MAX_MD_SIZE];
+ size_t finished_len;
+ if (!hs->transcript.GetFinishedMAC(finished, &finished_len, session,
+ ssl->server)) {
+ return 0;
+ }
+
+ // Log the master secret, if logging is enabled.
+ if (!ssl_log_secret(ssl, "CLIENT_RANDOM",
+ session->master_key,
+ session->master_key_length)) {
+ return 0;
+ }
+
+ // Copy the Finished so we can use it for renegotiation checks.
+ if (ssl->version != SSL3_VERSION) {
+ if (finished_len > sizeof(ssl->s3->previous_client_finished) ||
+ finished_len > sizeof(ssl->s3->previous_server_finished)) {
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ if (ssl->server) {
+ OPENSSL_memcpy(ssl->s3->previous_server_finished, finished, finished_len);
+ ssl->s3->previous_server_finished_len = finished_len;
+ } else {
+ OPENSSL_memcpy(ssl->s3->previous_client_finished, finished, finished_len);
+ ssl->s3->previous_client_finished_len = finished_len;
+ }
+ }
+
+ ScopedCBB cbb;
+ CBB body;
+ if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_FINISHED) ||
+ !CBB_add_bytes(&body, finished, finished_len) ||
+ !ssl_add_message_cbb(ssl, cbb.get())) {
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ return 1;
+}
+
+bool ssl_output_cert_chain(SSL *ssl) {
+ ScopedCBB cbb;
+ CBB body;
+ if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_CERTIFICATE) ||
+ !ssl_add_cert_chain(ssl, &body) ||
+ !ssl_add_message_cbb(ssl, cbb.get())) {
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
+ return false;
+ }
+
+ return true;
+}
+
int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) {
SSL *const ssl = hs->ssl;
for (;;) {
diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc
index bf9209f..1533411 100644
--- a/ssl/handshake_client.cc
+++ b/ssl/handshake_client.cc
@@ -1210,7 +1210,7 @@
}
if (!ssl_on_certificate_selected(hs) ||
- !ssl3_output_cert_chain(ssl)) {
+ !ssl_output_cert_chain(ssl)) {
return ssl_hs_error;
}
@@ -1511,7 +1511,7 @@
}
}
- if (!ssl3_send_finished(hs)) {
+ if (!ssl_send_finished(hs)) {
return ssl_hs_error;
}
@@ -1519,6 +1519,18 @@
return ssl_hs_flush;
}
+static bool can_false_start(const SSL_HANDSHAKE *hs) {
+ SSL *const ssl = hs->ssl;
+
+ // False Start only for TLS 1.2 with an ECDHE+AEAD cipher and ALPN or NPN.
+ return !SSL_is_dtls(ssl) &&
+ SSL_version(ssl) == TLS1_2_VERSION &&
+ (ssl->s3->alpn_selected != NULL ||
+ ssl->s3->next_proto_negotiated != NULL) &&
+ hs->new_cipher->algorithm_mkey == SSL_kECDHE &&
+ hs->new_cipher->algorithm_mac == SSL_AEAD;
+}
+
static enum ssl_hs_wait_t do_finish_flight(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
if (ssl->session != NULL) {
@@ -1536,7 +1548,7 @@
hs->state = state_read_session_ticket;
if ((SSL_get_mode(ssl) & SSL_MODE_ENABLE_FALSE_START) &&
- ssl3_can_false_start(ssl) &&
+ can_false_start(hs) &&
// No False Start on renegotiation (would complicate the state machine).
!ssl->s3->initial_handshake_complete) {
hs->in_false_start = true;
diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc
index bce9502..74bfce9 100644
--- a/ssl/handshake_server.cc
+++ b/ssl/handshake_server.cc
@@ -749,7 +749,7 @@
return ssl_hs_error;
}
- if (!ssl3_output_cert_chain(ssl)) {
+ if (!ssl_output_cert_chain(ssl)) {
return ssl_hs_error;
}
@@ -1493,7 +1493,7 @@
if (!ssl->method->add_change_cipher_spec(ssl) ||
!tls1_change_cipher_state(hs, evp_aead_seal) ||
- !ssl3_send_finished(hs)) {
+ !ssl_send_finished(hs)) {
return ssl_hs_error;
}
diff --git a/ssl/internal.h b/ssl/internal.h
index 8b98ba5..092ad8c 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -1564,6 +1564,10 @@
// ssl_verify_peer_cert verifies the peer certificate for |hs|.
enum ssl_verify_result_t ssl_verify_peer_cert(SSL_HANDSHAKE *hs);
+enum ssl_hs_wait_t ssl_get_finished(SSL_HANDSHAKE *hs);
+bool ssl_send_finished(SSL_HANDSHAKE *hs);
+bool ssl_output_cert_chain(SSL *ssl);
+
// SSLKEYLOGFILE functions.
@@ -2672,13 +2676,11 @@
void ssl_update_cache(SSL_HANDSHAKE *hs, int mode);
-enum ssl_hs_wait_t ssl_get_finished(SSL_HANDSHAKE *hs);
int ssl_send_alert(SSL *ssl, int level, int desc);
bool ssl3_get_message(SSL *ssl, SSLMessage *out);
int ssl3_read_message(SSL *ssl);
void ssl3_next_message(SSL *ssl);
-int ssl3_send_finished(SSL_HANDSHAKE *hs);
int ssl3_dispatch_alert(SSL *ssl);
int ssl3_read_app_data(SSL *ssl, bool *out_got_handshake, uint8_t *buf, int len,
int peek);
@@ -2687,7 +2689,6 @@
int ssl3_read_handshake_bytes(SSL *ssl, uint8_t *buf, int len);
int ssl3_write_app_data(SSL *ssl, bool *out_needs_handshake, const uint8_t *buf,
int len);
-int ssl3_output_cert_chain(SSL *ssl);
int ssl3_new(SSL *ssl);
void ssl3_free(SSL *ssl);
@@ -2835,10 +2836,6 @@
// operation should be retried later.
int ssl_do_channel_id_callback(SSL *ssl);
-// ssl3_can_false_start returns one if |ssl| is allowed to False Start and zero
-// otherwise.
-int ssl3_can_false_start(const SSL *ssl);
-
// ssl_can_write returns one if |ssl| is allowed to write and zero otherwise.
int ssl_can_write(const SSL *ssl);
diff --git a/ssl/s3_both.cc b/ssl/s3_both.cc
index 8442c62..b2edc9e 100644
--- a/ssl/s3_both.cc
+++ b/ssl/s3_both.cc
@@ -274,66 +274,6 @@
return 1;
}
-int ssl3_send_finished(SSL_HANDSHAKE *hs) {
- SSL *const ssl = hs->ssl;
- const SSL_SESSION *session = SSL_get_session(ssl);
-
- uint8_t finished[EVP_MAX_MD_SIZE];
- size_t finished_len;
- if (!hs->transcript.GetFinishedMAC(finished, &finished_len, session,
- ssl->server)) {
- return 0;
- }
-
- // Log the master secret, if logging is enabled.
- if (!ssl_log_secret(ssl, "CLIENT_RANDOM",
- session->master_key,
- session->master_key_length)) {
- return 0;
- }
-
- // Copy the Finished so we can use it for renegotiation checks.
- if (ssl->version != SSL3_VERSION) {
- if (finished_len > sizeof(ssl->s3->previous_client_finished) ||
- finished_len > sizeof(ssl->s3->previous_server_finished)) {
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- return 0;
- }
-
- if (ssl->server) {
- OPENSSL_memcpy(ssl->s3->previous_server_finished, finished, finished_len);
- ssl->s3->previous_server_finished_len = finished_len;
- } else {
- OPENSSL_memcpy(ssl->s3->previous_client_finished, finished, finished_len);
- ssl->s3->previous_client_finished_len = finished_len;
- }
- }
-
- ScopedCBB cbb;
- CBB body;
- if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_FINISHED) ||
- !CBB_add_bytes(&body, finished, finished_len) ||
- !ssl_add_message_cbb(ssl, cbb.get())) {
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- return 0;
- }
-
- return 1;
-}
-
-int ssl3_output_cert_chain(SSL *ssl) {
- ScopedCBB cbb;
- CBB body;
- if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_CERTIFICATE) ||
- !ssl_add_cert_chain(ssl, &body) ||
- !ssl_add_message_cbb(ssl, cbb.get())) {
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- return 0;
- }
-
- return 1;
-}
-
static int extend_handshake_buffer(SSL *ssl, size_t length) {
if (!BUF_MEM_reserve(ssl->init_buf, length)) {
return -1;
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 48ca9ff..88161ad 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -317,19 +317,6 @@
return 1;
}
-int ssl3_can_false_start(const SSL *ssl) {
- const SSL_CIPHER *const cipher = SSL_get_current_cipher(ssl);
-
- // False Start only for TLS 1.2 with an ECDHE+AEAD cipher and ALPN or NPN.
- return !SSL_is_dtls(ssl) &&
- SSL_version(ssl) == TLS1_2_VERSION &&
- (ssl->s3->alpn_selected != NULL ||
- ssl->s3->next_proto_negotiated != NULL) &&
- cipher != NULL &&
- cipher->algorithm_mkey == SSL_kECDHE &&
- cipher->algorithm_mac == SSL_AEAD;
-}
-
void ssl_do_info_callback(const SSL *ssl, int type, int value) {
void (*cb)(const SSL *ssl, int type, int value) = NULL;
if (ssl->info_callback != NULL) {
