Rename TLS-specific functions to tls_foo from ssl3_foo.
Some of the TLS-specific functions begin with ssl3_, otherwise with
tls_. Align on tls_ since we don't implement SSL 3.0 anymore. (Plain ssl_
means common to TLS and DTLS, which is an odd backronym, but SSL_foo for
the APIs are thoroughly stuck.)
Change-Id: Ib7acffd21ee370bb9bed46789fb511d00fac24ca
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/39985
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/d1_lib.cc b/ssl/d1_lib.cc
index 0e0b211..52fbfae 100644
--- a/ssl/d1_lib.cc
+++ b/ssl/d1_lib.cc
@@ -86,12 +86,12 @@
DTLS1_STATE::~DTLS1_STATE() {}
bool dtls1_new(SSL *ssl) {
- if (!ssl3_new(ssl)) {
+ if (!tls_new(ssl)) {
return false;
}
UniquePtr<DTLS1_STATE> d1 = MakeUnique<DTLS1_STATE>();
if (!d1) {
- ssl3_free(ssl);
+ tls_free(ssl);
return false;
}
@@ -107,7 +107,7 @@
}
void dtls1_free(SSL *ssl) {
- ssl3_free(ssl);
+ tls_free(ssl);
if (ssl == NULL) {
return;
diff --git a/ssl/internal.h b/ssl/internal.h
index 932dd0c..257f7ec 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -2837,29 +2837,29 @@
void ssl_send_alert(SSL *ssl, int level, int desc);
int ssl_send_alert_impl(SSL *ssl, int level, int desc);
-bool ssl3_get_message(const SSL *ssl, SSLMessage *out);
-ssl_open_record_t ssl3_open_handshake(SSL *ssl, size_t *out_consumed,
- uint8_t *out_alert, Span<uint8_t> in);
-void ssl3_next_message(SSL *ssl);
+bool tls_get_message(const SSL *ssl, SSLMessage *out);
+ssl_open_record_t tls_open_handshake(SSL *ssl, size_t *out_consumed,
+ uint8_t *out_alert, Span<uint8_t> in);
+void tls_next_message(SSL *ssl);
-int ssl3_dispatch_alert(SSL *ssl);
-ssl_open_record_t ssl3_open_app_data(SSL *ssl, Span<uint8_t> *out,
- size_t *out_consumed, uint8_t *out_alert,
- Span<uint8_t> in);
-ssl_open_record_t ssl3_open_change_cipher_spec(SSL *ssl, size_t *out_consumed,
- uint8_t *out_alert,
- Span<uint8_t> in);
-int ssl3_write_app_data(SSL *ssl, bool *out_needs_handshake, const uint8_t *buf,
- int len);
+int tls_dispatch_alert(SSL *ssl);
+ssl_open_record_t tls_open_app_data(SSL *ssl, Span<uint8_t> *out,
+ size_t *out_consumed, uint8_t *out_alert,
+ Span<uint8_t> in);
+ssl_open_record_t tls_open_change_cipher_spec(SSL *ssl, size_t *out_consumed,
+ uint8_t *out_alert,
+ Span<uint8_t> in);
+int tls_write_app_data(SSL *ssl, bool *out_needs_handshake, const uint8_t *buf,
+ int len);
-bool ssl3_new(SSL *ssl);
-void ssl3_free(SSL *ssl);
+bool tls_new(SSL *ssl);
+void tls_free(SSL *ssl);
-bool ssl3_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type);
-bool ssl3_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg);
-bool ssl3_add_message(SSL *ssl, Array<uint8_t> msg);
-bool ssl3_add_change_cipher_spec(SSL *ssl);
-int ssl3_flush_flight(SSL *ssl);
+bool tls_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type);
+bool tls_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg);
+bool tls_add_message(SSL *ssl, Array<uint8_t> msg);
+bool tls_add_change_cipher_spec(SSL *ssl);
+int tls_flush_flight(SSL *ssl);
bool dtls1_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type);
bool dtls1_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg);
diff --git a/ssl/s3_both.cc b/ssl/s3_both.cc
index 1ec596a..4415bd7 100644
--- a/ssl/s3_both.cc
+++ b/ssl/s3_both.cc
@@ -168,7 +168,7 @@
return true;
}
-bool ssl3_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type) {
+bool tls_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type) {
// Pick a modest size hint to save most of the |realloc| calls.
if (!CBB_init(cbb, 64) ||
!CBB_add_u8(cbb, type) ||
@@ -181,11 +181,11 @@
return true;
}
-bool ssl3_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg) {
+bool tls_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg) {
return CBBFinishArray(cbb, out_msg);
}
-bool ssl3_add_message(SSL *ssl, Array<uint8_t> msg) {
+bool tls_add_message(SSL *ssl, Array<uint8_t> msg) {
// Pack handshake data into the minimal number of records. This avoids
// unnecessary encryption overhead, notably in TLS 1.3 where we send several
// encrypted messages in a row. For now, we do not do this for the null
@@ -262,7 +262,7 @@
return add_record_to_flight(ssl, SSL3_RT_HANDSHAKE, data);
}
-bool ssl3_add_change_cipher_spec(SSL *ssl) {
+bool tls_add_change_cipher_spec(SSL *ssl) {
static const uint8_t kChangeCipherSpec[1] = {SSL3_MT_CCS};
if (!tls_flush_pending_hs_data(ssl)) {
@@ -280,7 +280,7 @@
return true;
}
-int ssl3_flush_flight(SSL *ssl) {
+int tls_flush_flight(SSL *ssl) {
if (!tls_flush_pending_hs_data(ssl)) {
return -1;
}
@@ -496,7 +496,7 @@
return true;
}
-bool ssl3_get_message(const SSL *ssl, SSLMessage *out) {
+bool tls_get_message(const SSL *ssl, SSLMessage *out) {
size_t unused;
if (!parse_message(ssl, out, &unused)) {
return false;
@@ -552,8 +552,8 @@
BUF_MEM_append(ssl->s3->hs_buf.get(), data.data(), data.size());
}
-ssl_open_record_t ssl3_open_handshake(SSL *ssl, size_t *out_consumed,
- uint8_t *out_alert, Span<uint8_t> in) {
+ssl_open_record_t tls_open_handshake(SSL *ssl, size_t *out_consumed,
+ uint8_t *out_alert, Span<uint8_t> in) {
*out_consumed = 0;
// Bypass the record layer for the first message to handle V2ClientHello.
if (ssl->server && !ssl->s3->v2_hello_done) {
@@ -631,9 +631,9 @@
return ssl_open_record_success;
}
-void ssl3_next_message(SSL *ssl) {
+void tls_next_message(SSL *ssl) {
SSLMessage msg;
- if (!ssl3_get_message(ssl, &msg) ||
+ if (!tls_get_message(ssl, &msg) ||
!ssl->s3->hs_buf ||
ssl->s3->hs_buf->length < CBS_len(&msg.raw)) {
assert(0);
diff --git a/ssl/s3_lib.cc b/ssl/s3_lib.cc
index 978b108..ee35604 100644
--- a/ssl/s3_lib.cc
+++ b/ssl/s3_lib.cc
@@ -185,7 +185,7 @@
SSL3_STATE::~SSL3_STATE() {}
-bool ssl3_new(SSL *ssl) {
+bool tls_new(SSL *ssl) {
UniquePtr<SSL3_STATE> s3 = MakeUnique<SSL3_STATE>();
if (!s3) {
return false;
@@ -209,7 +209,7 @@
return true;
}
-void ssl3_free(SSL *ssl) {
+void tls_free(SSL *ssl) {
if (ssl == NULL || ssl->s3 == NULL) {
return;
}
diff --git a/ssl/s3_pkt.cc b/ssl/s3_pkt.cc
index 2fcc2a5..457696d 100644
--- a/ssl/s3_pkt.cc
+++ b/ssl/s3_pkt.cc
@@ -124,10 +124,10 @@
BSSL_NAMESPACE_BEGIN
-static int do_ssl3_write(SSL *ssl, int type, const uint8_t *in, unsigned len);
+static int do_tls_write(SSL *ssl, int type, const uint8_t *in, unsigned len);
-int ssl3_write_app_data(SSL *ssl, bool *out_needs_handshake, const uint8_t *in,
- int len) {
+int tls_write_app_data(SSL *ssl, bool *out_needs_handshake, const uint8_t *in,
+ int len) {
assert(ssl_can_write(ssl));
assert(!ssl->s3->aead_write_ctx->is_null_cipher());
@@ -147,7 +147,7 @@
// Ensure that if we end up with a smaller value of data to write out than
// the the original len from a write which didn't complete for non-blocking
// I/O and also somehow ended up avoiding the check for this in
- // ssl3_write_pending/SSL_R_BAD_WRITE_RETRY as it must never be possible to
+ // tls_write_pending/SSL_R_BAD_WRITE_RETRY as it must never be possible to
// end up with (len-tot) as a large number that will then promptly send
// beyond the end of the users buffer ... so we trap and report the error in
// a way the user will notice.
@@ -182,7 +182,7 @@
nw = n;
}
- int ret = do_ssl3_write(ssl, SSL3_RT_APPLICATION_DATA, &in[tot], nw);
+ int ret = do_tls_write(ssl, SSL3_RT_APPLICATION_DATA, &in[tot], nw);
if (ret <= 0) {
ssl->s3->wnum = tot;
return ret;
@@ -201,8 +201,8 @@
}
}
-static int ssl3_write_pending(SSL *ssl, int type, const uint8_t *in,
- unsigned int len) {
+static int tls_write_pending(SSL *ssl, int type, const uint8_t *in,
+ unsigned int len) {
if (ssl->s3->wpend_tot > (int)len ||
(!(ssl->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) &&
ssl->s3->wpend_buf != in) ||
@@ -219,11 +219,11 @@
return ssl->s3->wpend_ret;
}
-// do_ssl3_write writes an SSL record of the given type.
-static int do_ssl3_write(SSL *ssl, int type, const uint8_t *in, unsigned len) {
+// do_tls_write writes an SSL record of the given type.
+static int do_tls_write(SSL *ssl, int type, const uint8_t *in, unsigned len) {
// If there is still data from the previous record, flush it.
if (ssl->s3->wpend_pending) {
- return ssl3_write_pending(ssl, type, in, len);
+ return tls_write_pending(ssl, type, in, len);
}
SSLBuffer *buf = &ssl->s3->write_buffer;
@@ -287,7 +287,7 @@
// acknowledgments.
ssl->s3->key_update_pending = false;
- // Memorize arguments so that ssl3_write_pending can detect bad write retries
+ // Memorize arguments so that tls_write_pending can detect bad write retries
// later.
ssl->s3->wpend_tot = len;
ssl->s3->wpend_buf = in;
@@ -296,12 +296,12 @@
ssl->s3->wpend_pending = true;
// We now just need to write the buffer.
- return ssl3_write_pending(ssl, type, in, len);
+ return tls_write_pending(ssl, type, in, len);
}
-ssl_open_record_t ssl3_open_app_data(SSL *ssl, Span<uint8_t> *out,
- size_t *out_consumed, uint8_t *out_alert,
- Span<uint8_t> in) {
+ssl_open_record_t tls_open_app_data(SSL *ssl, Span<uint8_t> *out,
+ size_t *out_consumed, uint8_t *out_alert,
+ Span<uint8_t> in) {
assert(ssl_can_read(ssl));
assert(!ssl->s3->aead_read_ctx->is_null_cipher());
@@ -316,7 +316,7 @@
if (type == SSL3_RT_HANDSHAKE) {
// Post-handshake data prior to TLS 1.3 is always renegotiation, which we
- // never accept as a server. Otherwise |ssl3_get_message| will send
+ // never accept as a server. Otherwise |tls_get_message| will send
// |SSL_R_EXCESSIVE_MESSAGE_SIZE|.
if (ssl->server && ssl_protocol_version(ssl) < TLS1_3_VERSION) {
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_RENEGOTIATION);
@@ -355,9 +355,9 @@
return ssl_open_record_success;
}
-ssl_open_record_t ssl3_open_change_cipher_spec(SSL *ssl, size_t *out_consumed,
- uint8_t *out_alert,
- Span<uint8_t> in) {
+ssl_open_record_t tls_open_change_cipher_spec(SSL *ssl, size_t *out_consumed,
+ uint8_t *out_alert,
+ Span<uint8_t> in) {
uint8_t type;
Span<uint8_t> body;
auto ret = tls_open_record(ssl, &type, &body, out_consumed, out_alert, in);
@@ -426,7 +426,7 @@
return -1;
}
-int ssl3_dispatch_alert(SSL *ssl) {
+int tls_dispatch_alert(SSL *ssl) {
if (ssl->quic_method) {
if (!ssl->quic_method->send_alert(ssl, ssl->s3->write_level,
ssl->s3->send_alert[1])) {
@@ -434,7 +434,7 @@
return 0;
}
} else {
- int ret = do_ssl3_write(ssl, SSL3_RT_ALERT, &ssl->s3->send_alert[0], 2);
+ int ret = do_tls_write(ssl, SSL3_RT_ALERT, &ssl->s3->send_alert[0], 2);
if (ret <= 0) {
return ret;
}
diff --git a/ssl/tls_method.cc b/ssl/tls_method.cc
index a642e75..1ca8bc5 100644
--- a/ssl/tls_method.cc
+++ b/ssl/tls_method.cc
@@ -67,7 +67,7 @@
BSSL_NAMESPACE_BEGIN
-static void ssl3_on_handshake_complete(SSL *ssl) {
+static void tls_on_handshake_complete(SSL *ssl) {
// The handshake should have released its final message.
assert(!ssl->s3->has_message);
@@ -81,7 +81,7 @@
}
}
-static bool ssl3_set_read_state(SSL *ssl, UniquePtr<SSLAEADContext> aead_ctx) {
+static bool tls_set_read_state(SSL *ssl, UniquePtr<SSLAEADContext> aead_ctx) {
// Cipher changes are forbidden if the current epoch has leftover data.
if (tls_has_unprocessed_handshake_data(ssl)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFERED_MESSAGES_ON_CIPHER_CHANGE);
@@ -94,7 +94,7 @@
return true;
}
-static bool ssl3_set_write_state(SSL *ssl, UniquePtr<SSLAEADContext> aead_ctx) {
+static bool tls_set_write_state(SSL *ssl, UniquePtr<SSLAEADContext> aead_ctx) {
if (!tls_flush_pending_hs_data(ssl)) {
return false;
}
@@ -106,23 +106,23 @@
static const SSL_PROTOCOL_METHOD kTLSProtocolMethod = {
false /* is_dtls */,
- ssl3_new,
- ssl3_free,
- ssl3_get_message,
- ssl3_next_message,
- ssl3_open_handshake,
- ssl3_open_change_cipher_spec,
- ssl3_open_app_data,
- ssl3_write_app_data,
- ssl3_dispatch_alert,
- ssl3_init_message,
- ssl3_finish_message,
- ssl3_add_message,
- ssl3_add_change_cipher_spec,
- ssl3_flush_flight,
- ssl3_on_handshake_complete,
- ssl3_set_read_state,
- ssl3_set_write_state,
+ tls_new,
+ tls_free,
+ tls_get_message,
+ tls_next_message,
+ tls_open_handshake,
+ tls_open_change_cipher_spec,
+ tls_open_app_data,
+ tls_write_app_data,
+ tls_dispatch_alert,
+ tls_init_message,
+ tls_finish_message,
+ tls_add_message,
+ tls_add_change_cipher_spec,
+ tls_flush_flight,
+ tls_on_handshake_complete,
+ tls_set_read_state,
+ tls_set_write_state,
};
static bool ssl_noop_x509_check_client_CA_names(