}
/*
- * client_read_transition() encapsulates the logic for the allowed handshake
- * state transitions when the client is reading messages from the server. The
- * message type that the server has sent is provided in |mt|. The current state
- * is in |s->statem.hand_state|.
+ * ossl_statem_client_read_transition() encapsulates the logic for the allowed
+ * handshake state transitions when the client is reading messages from the
+ * server. The message type that the server has sent is provided in |mt|. The
+ * current state is in |s->statem.hand_state|.
*
* Return values are:
* 1: Success (transition allowed)
* 0: Error (transition not allowed)
*/
-int client_read_transition(SSL *s, int mt)
+int ossl_statem_client_read_transition(SSL *s, int mt)
{
- STATEM *st = &s->statem;
+ OSSL_STATEM *st = &s->statem;
int ske_expected;
switch(st->hand_state) {
* client_write_transition() works out what handshake state to move to next
* when the client is writing messages to be sent to the server.
*/
-enum WRITE_TRAN client_write_transition(SSL *s)
+WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
{
- STATEM *st = &s->statem;
+ OSSL_STATEM *st = &s->statem;
switch(st->hand_state) {
case TLS_ST_OK:
case TLS_ST_CW_FINISHED:
if (s->hit) {
st->hand_state = TLS_ST_OK;
- statem_set_in_init(s, 0);
+ ossl_statem_set_in_init(s, 0);
return WRITE_TRAN_CONTINUE;
} else {
return WRITE_TRAN_FINISHED;
return WRITE_TRAN_CONTINUE;
} else {
st->hand_state = TLS_ST_OK;
- statem_set_in_init(s, 0);
+ ossl_statem_set_in_init(s, 0);
return WRITE_TRAN_CONTINUE;
}
* Perform any pre work that needs to be done prior to sending a message from
* the client to the server.
*/
-enum WORK_STATE client_pre_work(SSL *s, enum WORK_STATE wst)
+WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst)
{
- STATEM *st = &s->statem;
+ OSSL_STATEM *st = &s->statem;
switch(st->hand_state) {
case TLS_ST_CW_CLNT_HELLO:
* Perform any work that needs to be done after sending a message from the
* client to the server.
*/
-enum WORK_STATE client_post_work(SSL *s, enum WORK_STATE wst)
+WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst)
{
- STATEM *st = &s->statem;
+ OSSL_STATEM *st = &s->statem;
s->init_num = 0;
* 1: Success
* 0: Error
*/
-int client_construct_message(SSL *s)
+int ossl_statem_client_construct_message(SSL *s)
{
- STATEM *st = &s->statem;
+ OSSL_STATEM *st = &s->statem;
switch(st->hand_state) {
case TLS_ST_CW_CLNT_HELLO:
* Returns the maximum allowed length for the current message that we are
* reading. Excludes the message header.
*/
-unsigned long client_max_message_size(SSL *s)
+unsigned long ossl_statem_client_max_message_size(SSL *s)
{
- STATEM *st = &s->statem;
+ OSSL_STATEM *st = &s->statem;
switch(st->hand_state) {
case TLS_ST_CR_SRVR_HELLO:
/*
* Process a message that the client has been received from the server.
*/
-enum MSG_PROCESS_RETURN client_process_message(SSL *s, PACKET *pkt)
+MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt)
{
- STATEM *st = &s->statem;
+ OSSL_STATEM *st = &s->statem;
switch(st->hand_state) {
case TLS_ST_CR_SRVR_HELLO:
* Perform any further processing required following the receipt of a message
* from the server
*/
-enum WORK_STATE client_post_process_message(SSL *s, enum WORK_STATE wst)
+WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst)
{
- STATEM *st = &s->statem;
+ OSSL_STATEM *st = &s->statem;
switch(st->hand_state) {
#ifndef OPENSSL_NO_SCTP
s->rwstate = SSL_READING;
BIO_clear_retry_flags(SSL_get_rbio(s));
BIO_set_retry_read(SSL_get_rbio(s));
- statem_set_sctp_read_sock(s, 1);
+ ossl_statem_set_sctp_read_sock(s, 1);
return WORK_MORE_A;
}
- statem_set_sctp_read_sock(s, 0);
+ ossl_statem_set_sctp_read_sock(s, 0);
return WORK_FINISHED_STOP;
#endif
return 1;
err:
- statem_set_error(s);
+ ossl_statem_set_error(s);
return 0;
}
-enum MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt)
+MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt)
{
int al;
unsigned int cookie_len;
return MSG_PROCESS_FINISHED_READING;
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
- statem_set_error(s);
+ ossl_statem_set_error(s);
return MSG_PROCESS_ERROR;
}
-enum MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
+MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
{
STACK_OF(SSL_CIPHER) *sk;
const SSL_CIPHER *c;
/* Get the session-id. */
if (!PACKET_get_length_prefixed_1(pkt, &session_id)) {
al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);
+ SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);
goto f_err;
}
session_id_len = PACKET_remaining(&session_id);
}
if (!PACKET_get_bytes(pkt, &cipherchars, TLS_CIPHER_LEN)) {
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);
+ SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);
al = SSL_AD_DECODE_ERROR;
goto f_err;
}
/* lets get the compression algorithm */
/* COMPRESSION */
if (!PACKET_get_1(pkt, &compression)) {
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);
+ SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);
al = SSL_AD_DECODE_ERROR;
goto f_err;
}
* Add new shared key for SCTP-Auth, will be ignored if
* no SCTP used.
*/
- snprintf((char *)labelbuffer,
- sizeof(DTLS1_SCTP_AUTH_LABEL),
- DTLS1_SCTP_AUTH_LABEL);
+ memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL,
+ sizeof(DTLS1_SCTP_AUTH_LABEL));
if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey),
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
- statem_set_error(s);
+ ossl_statem_set_error(s);
return MSG_PROCESS_ERROR;
}
-enum MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
+MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
{
int al, i, ret = MSG_PROCESS_ERROR, exp_idx;
unsigned long cert_list_len, cert_len;
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
- statem_set_error(s);
+ ossl_statem_set_error(s);
done:
EVP_PKEY_free(pkey);
X509_free(x);
return ret;
}
-enum MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
+MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
{
#ifndef OPENSSL_NO_RSA
unsigned char *q, md_buf[EVP_MAX_MD_SIZE * 2];
if (alg_k & SSL_PSK) {
PACKET psk_identity_hint;
if (!PACKET_get_length_prefixed_2(pkt, &psk_identity_hint)) {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
goto f_err;
}
|| !PACKET_get_length_prefixed_2(pkt, &generator)
|| !PACKET_get_length_prefixed_1(pkt, &salt)
|| !PACKET_get_length_prefixed_2(pkt, &server_pub)) {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
goto f_err;
}
|| (s->srp_ctx.B =
BN_bin2bn(PACKET_data(&server_pub),
PACKET_remaining(&server_pub), NULL)) == NULL) {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB);
goto err;
}
if (!PACKET_get_length_prefixed_2(pkt, &mod)
|| !PACKET_get_length_prefixed_2(pkt, &exp)) {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
goto f_err;
}
if ((rsa = RSA_new()) == NULL) {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
goto err;
}
rsa->n)) == NULL
|| (rsa->e = BN_bin2bn(PACKET_data(&exp), PACKET_remaining(&exp),
rsa->e)) == NULL) {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB);
goto err;
}
if (!PACKET_get_length_prefixed_2(pkt, &prime)
|| !PACKET_get_length_prefixed_2(pkt, &generator)
|| !PACKET_get_length_prefixed_2(pkt, &pub_key)) {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
goto f_err;
}
if ((dh = DH_new()) == NULL) {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_DH_LIB);
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_DH_LIB);
goto err;
}
|| (dh->pub_key =
BN_bin2bn(PACKET_data(&pub_key),
PACKET_remaining(&pub_key), NULL)) == NULL) {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB);
goto err;
}
if (BN_is_zero(dh->p) || BN_is_zero(dh->g) || BN_is_zero(dh->pub_key)) {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_VALUE);
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_BAD_DH_VALUE);
goto f_err;
}
* ECParameters in this case is just three bytes.
*/
if (!PACKET_get_bytes(pkt, &ecparams, 3)) {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
}
/*
* invalid curve. ECParameters is 3 bytes.
*/
if (!tls1_check_curve(s, ecparams, 3)) {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_CURVE);
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_WRONG_CURVE);
goto f_err;
}
}
if (!PACKET_get_length_prefixed_1(pkt, &encoded_pt)) {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
goto f_err;
}
if (EC_POINT_oct2point(group, srvr_ecpoint, PACKET_data(&encoded_pt),
PACKET_remaining(&encoded_pt), bn_ctx) == 0) {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_ECPOINT);
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_BAD_ECPOINT);
goto f_err;
}
PACKET_remaining(&save_param_start) -
PACKET_remaining(pkt))) {
al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto f_err;
}
unsigned char *sigalgs;
int rv;
if (!PACKET_get_bytes(pkt, &sigalgs, 2)) {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
}
rv = tls12_check_peer_sigalg(&md, s, sigalgs, pkey);
if (!PACKET_get_length_prefixed_2(pkt, &signature)
|| PACKET_remaining(pkt) != 0) {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
goto f_err;
}
j = EVP_PKEY_size(pkey);
EC_KEY_free(ecdh);
#endif
EVP_MD_CTX_cleanup(&md_ctx);
- statem_set_error(s);
+ ossl_statem_set_error(s);
return MSG_PROCESS_ERROR;
}
-enum MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
+MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
{
int ret = MSG_PROCESS_ERROR;
unsigned int list_len, ctype_num, i, name_len;
ret = MSG_PROCESS_CONTINUE_READING;
goto done;
err:
- statem_set_error(s);
+ ossl_statem_set_error(s);
done:
sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
return ret;
return (X509_NAME_cmp(*a, *b));
}
-enum MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
+MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
{
int al;
unsigned int ticklen;
|| !PACKET_get_net_2(pkt, &ticklen)
|| PACKET_remaining(pkt) != ticklen) {
al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
+ SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
goto f_err;
}
/* Server is allowed to change its mind and send an empty ticket. */
if (ticklen == 0)
- return 1;
+ return MSG_PROCESS_CONTINUE_READING;
if (s->session->session_id_length > 0) {
int i = s->session_ctx->session_cache_mode;
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
- statem_set_error(s);
+ ossl_statem_set_error(s);
return MSG_PROCESS_ERROR;
}
-enum MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt)
+MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt)
{
int al;
unsigned long resplen;
return MSG_PROCESS_CONTINUE_READING;
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
- statem_set_error(s);
+ ossl_statem_set_error(s);
return MSG_PROCESS_ERROR;
}
-enum MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt)
+MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt)
{
if (PACKET_remaining(pkt) > 0) {
/* should contain no data */
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
SSLerr(SSL_F_TLS_PROCESS_SERVER_DONE, SSL_R_LENGTH_MISMATCH);
- statem_set_error(s);
+ ossl_statem_set_error(s);
return MSG_PROCESS_ERROR;
}
if (SRP_Calc_A_param(s) <= 0) {
SSLerr(SSL_F_TLS_PROCESS_SERVER_DONE, SSL_R_SRP_A_CALC);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
- statem_set_error(s);
+ ossl_statem_set_error(s);
return MSG_PROCESS_ERROR;
}
}
*/
if (!ssl3_check_cert_and_algorithm(s)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
- statem_set_error(s);
+ ossl_statem_set_error(s);
return MSG_PROCESS_ERROR;
}
OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
s->s3->tmp.psk = NULL;
#endif
- statem_set_error(s);
+ ossl_statem_set_error(s);
return 0;
}
* Add new shared key for SCTP-Auth, will be ignored if no SCTP
* used.
*/
- snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
- DTLS1_SCTP_AUTH_LABEL);
+ memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL,
+ sizeof(DTLS1_SCTP_AUTH_LABEL));
if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey), labelbuffer,
return 1;
}
-enum WORK_STATE tls_prepare_client_certificate(SSL *s, enum WORK_STATE wst)
+WORK_STATE tls_prepare_client_certificate(SSL *s, WORK_STATE wst)
{
X509 *x509 = NULL;
EVP_PKEY *pkey = NULL;
}
if (i == 0) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
- statem_set_error(s);
+ ossl_statem_set_error(s);
return 0;
}
s->rwstate = SSL_NOTHING;
s->s3->tmp.cert_req = 2;
if (!ssl3_digest_cached_records(s, 0)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
- statem_set_error(s);
+ ossl_statem_set_error(s);
return 0;
}
}
2) ? NULL : s->cert->key)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
- statem_set_error(s);
+ ossl_statem_set_error(s);
return 0;
}