Rename cutthrough to False Start.
False Start is the name it's known by now. Deprecate the old API and expose new
ones with the new name.
Change-Id: I32d307027e178fd7d9c0069686cc046f75fdbf6f
Reviewed-on: https://boringssl-review.googlesource.com/3481
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index b1b1b7f..cabc56d 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -474,9 +474,14 @@
/* Clear verification errors from queue */
#define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR 0x10
-/* When set, clients may send application data before receipt of CCS and
- * Finished. This mode enables full-handshakes to 'complete' in one RTT. */
-#define SSL_MODE_HANDSHAKE_CUTTHROUGH 0x00000080L
+/* SSL_MODE_ENABLE_FALSE_START allows clients to send application data before
+ * receipt of CCS and Finished. This mode enables full-handshakes to 'complete'
+ * in one RTT. See draft-bmoeller-tls-falsestart-01. */
+#define SSL_MODE_ENABLE_FALSE_START 0x00000080L
+
+/* Deprecated: SSL_MODE_HANDSHAKE_CUTTHROUGH is the same as
+ * SSL_MODE_ENABLE_FALSE_START. */
+#define SSL_MODE_HANDSHAKE_CUTTHROUGH SSL_MODE_ENABLE_FALSE_START
/* When set, TLS 1.0 and SSLv3, multi-byte, CBC records will be split in two:
* the first record will contain a single byte and the second will contain the
@@ -1386,10 +1391,12 @@
#define SSL_in_connect_init(a) (SSL_state(a) & SSL_ST_CONNECT)
#define SSL_in_accept_init(a) (SSL_state(a) & SSL_ST_ACCEPT)
-/* SSL_cutthrough_complete returns one if |s| has a pending unfinished handshake
- * that has completed cut-through. |SSL_write| may be called at this point
- * without waiting for the peer, but |SSL_read| will require the handshake
- * to be completed. */
+/* SSL_in_false_start returns one if |s| has a pending unfinished handshake that
+ * is in False Start. |SSL_write| may be called at this point without waiting
+ * for the peer, but |SSL_read| will require the handshake to be completed. */
+OPENSSL_EXPORT int SSL_in_false_start(const SSL *s);
+
+/* Deprecated: SSL_cutthrough_complete calls |SSL_in_false_start|. */
OPENSSL_EXPORT int SSL_cutthrough_complete(const SSL *s);
/* The following 2 states are kept in ssl->rstate when reads fail,
diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index de3b96c..ce53801 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -485,9 +485,9 @@
* be updated. It is only needed for EAP-FAST, which we don't support. */
uint8_t new_mac_secret_size;
- /* Client-only: cutthrough_complete is one if there is a pending handshake,
- * but cut-through is completed so the client may write data. */
- char cutthrough_complete;
+ /* Client-only: in_false_start is one if there is a pending handshake in
+ * False Start. The client may write data at this point. */
+ char in_false_start;
} tmp;
/* Connection binding to prevent renegotiation attacks */
@@ -530,7 +530,7 @@
/* client */
/* extra state */
#define SSL3_ST_CW_FLUSH (0x100 | SSL_ST_CONNECT)
-#define SSL3_ST_CUTTHROUGH_COMPLETE (0x101 | SSL_ST_CONNECT)
+#define SSL3_ST_FALSE_START (0x101 | SSL_ST_CONNECT)
/* write to server */
#define SSL3_ST_CW_CLNT_HELLO_A (0x110 | SSL_ST_CONNECT)
#define SSL3_ST_CW_CLNT_HELLO_B (0x111 | SSL_ST_CONNECT)
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index c6752eb..c51ba6d 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -450,12 +450,12 @@
goto end;
}
}
- if ((SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) &&
- ssl3_can_cutthrough(s) &&
- /* no cutthrough on renegotiation (would complicate the state
- * machine) */
+ if ((SSL_get_mode(s) & SSL_MODE_ENABLE_FALSE_START) &&
+ ssl3_can_false_start(s) &&
+ /* No False Start on renegotiation (would complicate the state
+ * machine). */
s->s3->previous_server_finished_len == 0) {
- s->s3->tmp.next_state = SSL3_ST_CUTTHROUGH_COMPLETE;
+ s->s3->tmp.next_state = SSL3_ST_FALSE_START;
} else {
/* Allow NewSessionTicket if ticket expected */
if (s->tlsext_ticket_expected) {
@@ -524,14 +524,14 @@
s->state = s->s3->tmp.next_state;
break;
- case SSL3_ST_CUTTHROUGH_COMPLETE:
+ case SSL3_ST_FALSE_START:
/* Allow NewSessionTicket if ticket expected */
if (s->tlsext_ticket_expected) {
s->state = SSL3_ST_CR_SESSION_TICKET_A;
} else {
s->state = SSL3_ST_CR_CHANGE;
}
- s->s3->tmp.cutthrough_complete = 1;
+ s->s3->tmp.in_false_start = 1;
ssl_free_wbio_buffer(s);
ret = 1;
@@ -552,7 +552,7 @@
s->init_num = 0;
s->renegotiate = 0;
s->new_session = 0;
- s->s3->tmp.cutthrough_complete = 0;
+ s->s3->tmp.in_false_start = 0;
ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
if (s->hit) {
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 57bb54b..52ab5c0 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -427,7 +427,7 @@
tot = s->s3->wnum;
s->s3->wnum = 0;
- if (!s->in_handshake && SSL_in_init(s) && !SSL_cutthrough_complete(s)) {
+ if (!s->in_handshake && SSL_in_init(s) && !SSL_in_false_start(s)) {
i = s->handshake_func(s);
if (i < 0) {
return i;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index a4c94dc..348e2a5 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2887,8 +2887,12 @@
return ret;
}
+int SSL_in_false_start(const SSL *s) {
+ return s->s3->tmp.in_false_start;
+}
+
int SSL_cutthrough_complete(const SSL *s) {
- return s->s3->tmp.cutthrough_complete;
+ return SSL_in_false_start(s);
}
void SSL_get_structure_sizes(size_t *ssl_size, size_t *ssl_ctx_size,
@@ -2898,7 +2902,7 @@
*ssl_session_size = sizeof(SSL_SESSION);
}
-int ssl3_can_cutthrough(const SSL *s) {
+int ssl3_can_false_start(const SSL *s) {
const SSL_CIPHER *c;
/* require a strong enough cipher */
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 7019540..d63ddda 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -974,7 +974,9 @@
size_t client_random_len, const uint8_t *master,
size_t master_len);
-int ssl3_can_cutthrough(const SSL *s);
+/* ssl3_can_false_start returns one if |s| is allowed to False Start and zero
+ * otherwise. */
+int ssl3_can_false_start(const SSL *s);
/* ssl3_get_enc_method returns the SSL3_ENC_METHOD corresponding to
* |version|. */
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index 6ec3aff..90d142a 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -415,7 +415,7 @@
SkipVerify);
}
if (config->false_start) {
- SSL_set_mode(ssl.get(), SSL_MODE_HANDSHAKE_CUTTHROUGH);
+ SSL_set_mode(ssl.get(), SSL_MODE_ENABLE_FALSE_START);
}
if (config->cbc_record_splitting) {
SSL_set_mode(ssl.get(), SSL_MODE_CBC_RECORD_SPLITTING);