Fold SSL_want constants into SSL_get_error constants.
There's no sense in having two of these (with similar but slightly
different numbers, no less!). Fold them together and remove the
redundant SSL_want constants. Almost everything uses SSL_get_error.
Update-Note: Most of the SSL_want constants have been removed, except
SSL_NOTHING, SSL_READING, and SSL_WRITING which are used by external
code.
Change-Id: I75727f7cf6333694767ce8129ee6815fd464c163
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/37187
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 679ee44..d86ebf0 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -4291,19 +4291,9 @@
OPENSSL_EXPORT void SSL_CTX_set_client_cert_cb(
SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **out_x509, EVP_PKEY **out_pkey));
-#define SSL_NOTHING 1
-#define SSL_WRITING 2
-#define SSL_READING 3
-#define SSL_X509_LOOKUP 4
-#define SSL_CHANNEL_ID_LOOKUP 5
-#define SSL_PENDING_SESSION 7
-#define SSL_CERTIFICATE_SELECTION_PENDING 8
-#define SSL_PRIVATE_KEY_OPERATION 9
-#define SSL_PENDING_TICKET 10
-#define SSL_EARLY_DATA_REJECTED 11
-#define SSL_CERTIFICATE_VERIFY 12
-#define SSL_HANDOFF 13
-#define SSL_HANDBACK 14
+#define SSL_NOTHING SSL_ERROR_NONE
+#define SSL_WRITING SSL_ERROR_WANT_WRITE
+#define SSL_READING SSL_ERROR_WANT_READ
// SSL_want returns one of the above values to determine what the most recent
// operation on |ssl| was blocked on. Use |SSL_get_error| instead.
diff --git a/ssl/d1_both.cc b/ssl/d1_both.cc
index f68cd1c..5a24fb2 100644
--- a/ssl/d1_both.cc
+++ b/ssl/d1_both.cc
@@ -799,14 +799,14 @@
// Retry this packet the next time around.
ssl->d1->outgoing_written = old_written;
ssl->d1->outgoing_offset = old_offset;
- ssl->s3->rwstate = SSL_WRITING;
+ ssl->s3->rwstate = SSL_ERROR_WANT_WRITE;
ret = bio_ret;
goto err;
}
}
if (BIO_flush(ssl->wbio.get()) <= 0) {
- ssl->s3->rwstate = SSL_WRITING;
+ ssl->s3->rwstate = SSL_ERROR_WANT_WRITE;
goto err;
}
diff --git a/ssl/handoff.cc b/ssl/handoff.cc
index db5886a..c48918e 100644
--- a/ssl/handoff.cc
+++ b/ssl/handoff.cc
@@ -54,7 +54,7 @@
const SSL3_STATE *const s3 = ssl->s3;
if (!ssl->server ||
s3->hs == nullptr ||
- s3->rwstate != SSL_HANDOFF) {
+ s3->rwstate != SSL_ERROR_HANDOFF) {
return false;
}
@@ -81,7 +81,7 @@
const SSL3_STATE *const s3 = ssl->s3;
if (!ssl->server ||
s3->hs == nullptr ||
- s3->rwstate != SSL_HANDOFF) {
+ s3->rwstate != SSL_ERROR_HANDOFF) {
return false;
}
diff --git a/ssl/handshake.cc b/ssl/handshake.cc
index d62f986..6791d2a 100644
--- a/ssl/handshake.cc
+++ b/ssl/handshake.cc
@@ -557,7 +557,7 @@
hs->wait = ssl_hs_ok;
// The change cipher spec is omitted in QUIC.
if (hs->wait != ssl_hs_read_change_cipher_spec) {
- ssl->s3->rwstate = SSL_READING;
+ ssl->s3->rwstate = SSL_ERROR_WANT_READ;
return -1;
}
break;
@@ -611,53 +611,53 @@
}
case ssl_hs_certificate_selection_pending:
- ssl->s3->rwstate = SSL_CERTIFICATE_SELECTION_PENDING;
+ ssl->s3->rwstate = SSL_ERROR_PENDING_CERTIFICATE;
hs->wait = ssl_hs_ok;
return -1;
case ssl_hs_handoff:
- ssl->s3->rwstate = SSL_HANDOFF;
+ ssl->s3->rwstate = SSL_ERROR_HANDOFF;
hs->wait = ssl_hs_ok;
return -1;
case ssl_hs_handback:
- ssl->s3->rwstate = SSL_HANDBACK;
+ ssl->s3->rwstate = SSL_ERROR_HANDBACK;
hs->wait = ssl_hs_handback;
return -1;
case ssl_hs_x509_lookup:
- ssl->s3->rwstate = SSL_X509_LOOKUP;
+ ssl->s3->rwstate = SSL_ERROR_WANT_X509_LOOKUP;
hs->wait = ssl_hs_ok;
return -1;
case ssl_hs_channel_id_lookup:
- ssl->s3->rwstate = SSL_CHANNEL_ID_LOOKUP;
+ ssl->s3->rwstate = SSL_ERROR_WANT_CHANNEL_ID_LOOKUP;
hs->wait = ssl_hs_ok;
return -1;
case ssl_hs_private_key_operation:
- ssl->s3->rwstate = SSL_PRIVATE_KEY_OPERATION;
+ ssl->s3->rwstate = SSL_ERROR_WANT_PRIVATE_KEY_OPERATION;
hs->wait = ssl_hs_ok;
return -1;
case ssl_hs_pending_session:
- ssl->s3->rwstate = SSL_PENDING_SESSION;
+ ssl->s3->rwstate = SSL_ERROR_PENDING_SESSION;
hs->wait = ssl_hs_ok;
return -1;
case ssl_hs_pending_ticket:
- ssl->s3->rwstate = SSL_PENDING_TICKET;
+ ssl->s3->rwstate = SSL_ERROR_PENDING_TICKET;
hs->wait = ssl_hs_ok;
return -1;
case ssl_hs_certificate_verify:
- ssl->s3->rwstate = SSL_CERTIFICATE_VERIFY;
+ ssl->s3->rwstate = SSL_ERROR_WANT_CERTIFICATE_VERIFY;
hs->wait = ssl_hs_ok;
return -1;
case ssl_hs_early_data_rejected:
assert(ssl->s3->early_data_reason != ssl_early_data_unknown);
- ssl->s3->rwstate = SSL_EARLY_DATA_REJECTED;
+ ssl->s3->rwstate = SSL_ERROR_EARLY_DATA_REJECTED;
// Cause |SSL_write| to start failing immediately.
hs->can_early_write = false;
return -1;
diff --git a/ssl/internal.h b/ssl/internal.h
index ed37993..f55e047 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -1663,7 +1663,8 @@
// handback indicates that a server should pause the handshake after
// finishing operations that require private key material, in such a way that
- // |SSL_get_error| returns |SSL_HANDBACK|. It is set by |SSL_apply_handoff|.
+ // |SSL_get_error| returns |SSL_ERROR_HANDBACK|. It is set by
+ // |SSL_apply_handoff|.
bool handback : 1;
// cert_compression_negotiated is true iff |cert_compression_alg_id| is valid.
@@ -2201,7 +2202,7 @@
// This holds a variable that indicates what we were doing when a 0 or -1 is
// returned. This is needed for non-blocking IO so we know what request
// needs re-doing when in SSL_accept or SSL_connect
- int rwstate = SSL_NOTHING;
+ int rwstate = SSL_ERROR_NONE;
enum ssl_encryption_level_t read_level = ssl_encryption_initial;
enum ssl_encryption_level_t write_level = ssl_encryption_initial;
@@ -2598,7 +2599,7 @@
// handoff indicates that a server should stop after receiving the
// ClientHello and pause the handshake in such a way that |SSL_get_error|
- // returns |SSL_HANDOFF|. This is copied in |SSL_new| from the |SSL_CTX|
+ // returns |SSL_ERROR_HANDOFF|. This is copied in |SSL_new| from the |SSL_CTX|
// element of the same name and may be cleared if the handoff is declined.
bool handoff : 1;
@@ -3207,7 +3208,7 @@
// handoff indicates that a server should stop after receiving the
// ClientHello and pause the handshake in such a way that |SSL_get_error|
- // returns |SSL_HANDOFF|.
+ // returns |SSL_ERROR_HANDOFF|.
bool handoff : 1;
// If enable_early_data is true, early data can be sent and accepted.
diff --git a/ssl/s3_both.cc b/ssl/s3_both.cc
index 842ec67..58f0f8a 100644
--- a/ssl/s3_both.cc
+++ b/ssl/s3_both.cc
@@ -317,7 +317,7 @@
if (!ssl->s3->write_buffer.empty()) {
int ret = ssl_write_buffer_flush(ssl);
if (ret <= 0) {
- ssl->s3->rwstate = SSL_WRITING;
+ ssl->s3->rwstate = SSL_ERROR_WANT_WRITE;
return ret;
}
}
@@ -329,7 +329,7 @@
ssl->s3->pending_flight->data + ssl->s3->pending_flight_offset,
ssl->s3->pending_flight->length - ssl->s3->pending_flight_offset);
if (ret <= 0) {
- ssl->s3->rwstate = SSL_WRITING;
+ ssl->s3->rwstate = SSL_ERROR_WANT_WRITE;
return ret;
}
@@ -337,7 +337,7 @@
}
if (BIO_flush(ssl->wbio.get()) <= 0) {
- ssl->s3->rwstate = SSL_WRITING;
+ ssl->s3->rwstate = SSL_ERROR_WANT_WRITE;
return -1;
}
diff --git a/ssl/ssl_buffer.cc b/ssl/ssl_buffer.cc
index b94f081..49ecf90 100644
--- a/ssl/ssl_buffer.cc
+++ b/ssl/ssl_buffer.cc
@@ -116,7 +116,7 @@
int ret =
BIO_read(ssl->rbio.get(), buf->data(), static_cast<int>(buf->cap()));
if (ret <= 0) {
- ssl->s3->rwstate = SSL_READING;
+ ssl->s3->rwstate = SSL_ERROR_WANT_READ;
return ret;
}
buf->DidWrite(static_cast<size_t>(ret));
@@ -138,7 +138,7 @@
int ret = BIO_read(ssl->rbio.get(), buf->data() + buf->size(),
static_cast<int>(len - buf->size()));
if (ret <= 0) {
- ssl->s3->rwstate = SSL_READING;
+ ssl->s3->rwstate = SSL_ERROR_WANT_READ;
return ret;
}
buf->DidWrite(static_cast<size_t>(ret));
@@ -243,7 +243,7 @@
while (!buf->empty()) {
int ret = BIO_write(ssl->wbio.get(), buf->data(), buf->size());
if (ret <= 0) {
- ssl->s3->rwstate = SSL_WRITING;
+ ssl->s3->rwstate = SSL_ERROR_WANT_WRITE;
return ret;
}
buf->Consume(static_cast<size_t>(ret));
@@ -260,7 +260,7 @@
int ret = BIO_write(ssl->wbio.get(), buf->data(), buf->size());
if (ret <= 0) {
- ssl->s3->rwstate = SSL_WRITING;
+ ssl->s3->rwstate = SSL_ERROR_WANT_WRITE;
// If the write failed, drop the write buffer anyway. Datagram transports
// can't write half a packet, so the caller is expected to retry from the
// top.
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 80a33bc..9cf14d5 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -201,7 +201,7 @@
void ssl_reset_error_state(SSL *ssl) {
// Functions which use |SSL_get_error| must reset I/O and error state on
// entry.
- ssl->s3->rwstate = SSL_NOTHING;
+ ssl->s3->rwstate = SSL_ERROR_NONE;
ERR_clear_error();
ERR_clear_system_error();
}
@@ -1343,19 +1343,19 @@
}
switch (ssl->s3->rwstate) {
- case SSL_PENDING_SESSION:
- return SSL_ERROR_PENDING_SESSION;
+ case SSL_ERROR_PENDING_SESSION:
+ case SSL_ERROR_PENDING_CERTIFICATE:
+ case SSL_ERROR_HANDOFF:
+ case SSL_ERROR_HANDBACK:
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP:
+ case SSL_ERROR_WANT_PRIVATE_KEY_OPERATION:
+ case SSL_ERROR_PENDING_TICKET:
+ case SSL_ERROR_EARLY_DATA_REJECTED:
+ case SSL_ERROR_WANT_CERTIFICATE_VERIFY:
+ return ssl->s3->rwstate;
- case SSL_CERTIFICATE_SELECTION_PENDING:
- return SSL_ERROR_PENDING_CERTIFICATE;
-
- case SSL_HANDOFF:
- return SSL_ERROR_HANDOFF;
-
- case SSL_HANDBACK:
- return SSL_ERROR_HANDBACK;
-
- case SSL_READING: {
+ case SSL_ERROR_WANT_READ: {
if (ssl->quic_method) {
return SSL_ERROR_WANT_READ;
}
@@ -1377,7 +1377,7 @@
break;
}
- case SSL_WRITING: {
+ case SSL_ERROR_WANT_WRITE: {
BIO *bio = SSL_get_wbio(ssl);
if (BIO_should_write(bio)) {
return SSL_ERROR_WANT_WRITE;
@@ -1395,24 +1395,6 @@
break;
}
-
- case SSL_X509_LOOKUP:
- return SSL_ERROR_WANT_X509_LOOKUP;
-
- case SSL_CHANNEL_ID_LOOKUP:
- return SSL_ERROR_WANT_CHANNEL_ID_LOOKUP;
-
- case SSL_PRIVATE_KEY_OPERATION:
- return SSL_ERROR_WANT_PRIVATE_KEY_OPERATION;
-
- case SSL_PENDING_TICKET:
- return SSL_ERROR_PENDING_TICKET;
-
- case SSL_EARLY_DATA_REJECTED:
- return SSL_ERROR_EARLY_DATA_REJECTED;
-
- case SSL_CERTIFICATE_VERIFY:
- return SSL_ERROR_WANT_CERTIFICATE_VERIFY;
}
return SSL_ERROR_SYSCALL;
