Redefine old state values

ssl.h and ssl3.h have a number of defines for the various states in the old
state machine code. Since this is public API it is not desirable to just
remove them. Instead redefine them to the closest equivalent state in the
new state machine code. If an application calls SSL_state then the return
value can still be compared against these old values if necessary. However
not all values have an equivalent state in the new code, so these are just
redefined to a dummy value.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 99f0de65f7067a396593a18704977df96b3660fd..ed1b59af5ec51a7e6e43e67ab1a306d1555a686f 100644 (file)
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -974,21 +974,22 @@ enum HANDSHAKE_STATE {
 };
 
 /*
- * The following are the possible values for ssl->state are are used to
- * indicate where we are up to in the SSL connection establishment. The
- * macros that follow are about the only things you should need to use and
- * even then, only when using non-blocking IO. It can also be useful to work
- * out where you were when the connection failed
+ * Most of the following state values are no longer used and are defined to be
+ * the closest equivalent value in the current state machine code. Not all
+ * defines have an equivalent and are set to a dummy value (-1). SSL_ST_CONNECT
+ * and SSL_ST_ACCEPT are still in use in the definition of SSL_CB_ACCEPT_LOOP,
+ * SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP and SSL_CB_CONNECT_EXIT.
  */
 
 # define SSL_ST_CONNECT                  0x1000
 # define SSL_ST_ACCEPT                   0x2000
+
 # define SSL_ST_MASK                     0x0FFF
-# define SSL_ST_INIT                     (SSL_ST_CONNECT|SSL_ST_ACCEPT)
-# define SSL_ST_BEFORE                   0x4000
-# define SSL_ST_OK                       0x03
-# define SSL_ST_RENEGOTIATE              (0x04|SSL_ST_INIT)
-# define SSL_ST_ERR                      0x05
+# define SSL_ST_INIT                     (-1)
+# define SSL_ST_BEFORE                   TLS_ST_BEFORE
+# define SSL_ST_OK                       TLS_ST_OK
+# define SSL_ST_RENEGOTIATE              (-1)
+# define SSL_ST_ERR                      (-1)
 
 # define SSL_CB_LOOP                     0x01
 # define SSL_CB_EXIT                     0x02

diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index ec339de3518fde1120a0039bb5d58ce263facf3b..bfb2c2dbd6cd143da0881b6a9fd0c9ca497a291d 100644 (file)
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -371,111 +371,116 @@ extern "C" {
 
 
 /* SSLv3 */
+/*
+ * The following states are no longer used and are defined to be the closest
+ * equivalent value in the current state machine code. Not all defines have an
+ * equivalent and are set to a dummy value (-1).
+ */
 /*
  * client
  */
 /* extra state */
-# define SSL3_ST_CW_FLUSH                (0x100|SSL_ST_CONNECT)
+# define SSL3_ST_CW_FLUSH                   (-1)
 # ifndef OPENSSL_NO_SCTP
-#  define DTLS1_SCTP_ST_CW_WRITE_SOCK                     (0x310|SSL_ST_CONNECT)
-#  define DTLS1_SCTP_ST_CR_READ_SOCK                      (0x320|SSL_ST_CONNECT)
+#  define DTLS1_SCTP_ST_CW_WRITE_SOCK       (-1)
+#  define DTLS1_SCTP_ST_CR_READ_SOCK        (-1)
 # endif
 /* write to server */
-# define SSL3_ST_CW_CLNT_HELLO_A         (0x110|SSL_ST_CONNECT)
-# define SSL3_ST_CW_CLNT_HELLO_B         (0x111|SSL_ST_CONNECT)
+# define SSL3_ST_CW_CLNT_HELLO_A            TLS_ST_CW_CLNT_HELLO
+# define SSL3_ST_CW_CLNT_HELLO_B            TLS_ST_CW_CLNT_HELLO
 /* read from server */
-# define SSL3_ST_CR_SRVR_HELLO_A         (0x120|SSL_ST_CONNECT)
-# define SSL3_ST_CR_SRVR_HELLO_B         (0x121|SSL_ST_CONNECT)
-# define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT)
-# define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT)
-# define SSL3_ST_CR_CERT_A               (0x130|SSL_ST_CONNECT)
-# define SSL3_ST_CR_CERT_B               (0x131|SSL_ST_CONNECT)
-# define SSL3_ST_CR_KEY_EXCH_A           (0x140|SSL_ST_CONNECT)
-# define SSL3_ST_CR_KEY_EXCH_B           (0x141|SSL_ST_CONNECT)
-# define SSL3_ST_CR_CERT_REQ_A           (0x150|SSL_ST_CONNECT)
-# define SSL3_ST_CR_CERT_REQ_B           (0x151|SSL_ST_CONNECT)
-# define SSL3_ST_CR_SRVR_DONE_A          (0x160|SSL_ST_CONNECT)
-# define SSL3_ST_CR_SRVR_DONE_B          (0x161|SSL_ST_CONNECT)
+# define SSL3_ST_CR_SRVR_HELLO_A            TLS_ST_CR_SRVR_HELLO
+# define SSL3_ST_CR_SRVR_HELLO_B            TLS_ST_CR_SRVR_HELLO
+# define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A DTLS_ST_CR_HELLO_VERIFY_REQUEST
+# define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B DTLS_ST_CR_HELLO_VERIFY_REQUEST
+# define SSL3_ST_CR_CERT_A                  TLS_ST_CR_CERT
+# define SSL3_ST_CR_CERT_B                  TLS_ST_CR_CERT
+# define SSL3_ST_CR_KEY_EXCH_A              TLS_ST_CR_KEY_EXCH
+# define SSL3_ST_CR_KEY_EXCH_B              TLS_ST_CR_KEY_EXCH
+# define SSL3_ST_CR_CERT_REQ_A              TLS_ST_CR_CERT_REQ
+# define SSL3_ST_CR_CERT_REQ_B              TLS_ST_CR_CERT_REQ
+# define SSL3_ST_CR_SRVR_DONE_A             TLS_ST_CR_SRVR_DONE
+# define SSL3_ST_CR_SRVR_DONE_B             TLS_ST_CR_SRVR_DONE
 /* write to server */
-# define SSL3_ST_CW_CERT_A               (0x170|SSL_ST_CONNECT)
-# define SSL3_ST_CW_CERT_B               (0x171|SSL_ST_CONNECT)
-# define SSL3_ST_CW_CERT_C               (0x172|SSL_ST_CONNECT)
-# define SSL3_ST_CW_CERT_D               (0x173|SSL_ST_CONNECT)
-# define SSL3_ST_CW_KEY_EXCH_A           (0x180|SSL_ST_CONNECT)
-# define SSL3_ST_CW_KEY_EXCH_B           (0x181|SSL_ST_CONNECT)
-# define SSL3_ST_CW_CERT_VRFY_A          (0x190|SSL_ST_CONNECT)
-# define SSL3_ST_CW_CERT_VRFY_B          (0x191|SSL_ST_CONNECT)
-# define SSL3_ST_CW_CHANGE_A             (0x1A0|SSL_ST_CONNECT)
-# define SSL3_ST_CW_CHANGE_B             (0x1A1|SSL_ST_CONNECT)
+# define SSL3_ST_CW_CERT_A                  TLS_ST_CW_CERT
+# define SSL3_ST_CW_CERT_B                  TLS_ST_CW_CERT
+# define SSL3_ST_CW_CERT_C                  TLS_ST_CW_CERT
+# define SSL3_ST_CW_CERT_D                  TLS_ST_CW_CERT
+# define SSL3_ST_CW_KEY_EXCH_A              TLS_ST_CW_KEY_EXCH
+# define SSL3_ST_CW_KEY_EXCH_B              TLS_ST_CW_KEY_EXCH
+# define SSL3_ST_CW_CERT_VRFY_A             TLS_ST_CW_CERT_VRFY
+# define SSL3_ST_CW_CERT_VRFY_B             TLS_ST_CW_CERT_VRFY
+# define SSL3_ST_CW_CHANGE_A                TLS_ST_CW_CHANGE
+# define SSL3_ST_CW_CHANGE_B                TLS_ST_CW_CHANGE
 # ifndef OPENSSL_NO_NEXTPROTONEG
-#  define SSL3_ST_CW_NEXT_PROTO_A         (0x200|SSL_ST_CONNECT)
-#  define SSL3_ST_CW_NEXT_PROTO_B         (0x201|SSL_ST_CONNECT)
+#  define SSL3_ST_CW_NEXT_PROTO_A           TLS_ST_CW_NEXT_PROTO
+#  define SSL3_ST_CW_NEXT_PROTO_B           TLS_ST_CW_NEXT_PROTO
 # endif
-# define SSL3_ST_CW_FINISHED_A           (0x1B0|SSL_ST_CONNECT)
-# define SSL3_ST_CW_FINISHED_B           (0x1B1|SSL_ST_CONNECT)
+# define SSL3_ST_CW_FINISHED_A              TLS_ST_CW_FINISHED
+# define SSL3_ST_CW_FINISHED_B              TLS_ST_CW_FINISHED
 /* read from server */
-# define SSL3_ST_CR_CHANGE_A             (0x1C0|SSL_ST_CONNECT)
-# define SSL3_ST_CR_CHANGE_B             (0x1C1|SSL_ST_CONNECT)
-# define SSL3_ST_CR_FINISHED_A           (0x1D0|SSL_ST_CONNECT)
-# define SSL3_ST_CR_FINISHED_B           (0x1D1|SSL_ST_CONNECT)
-# define SSL3_ST_CR_SESSION_TICKET_A     (0x1E0|SSL_ST_CONNECT)
-# define SSL3_ST_CR_SESSION_TICKET_B     (0x1E1|SSL_ST_CONNECT)
-# define SSL3_ST_CR_CERT_STATUS_A        (0x1F0|SSL_ST_CONNECT)
-# define SSL3_ST_CR_CERT_STATUS_B        (0x1F1|SSL_ST_CONNECT)
+# define SSL3_ST_CR_CHANGE_A                TLS_ST_CR_CHANGE
+# define SSL3_ST_CR_CHANGE_B                TLS_ST_CR_CHANGE
+# define SSL3_ST_CR_FINISHED_A              TLS_ST_CR_FINISHED
+# define SSL3_ST_CR_FINISHED_B              TLS_ST_CR_FINISHED
+# define SSL3_ST_CR_SESSION_TICKET_A        TLS_ST_CR_SESSION_TICKET
+# define SSL3_ST_CR_SESSION_TICKET_B        TLS_ST_CR_SESSION_TICKET
+# define SSL3_ST_CR_CERT_STATUS_A           TLS_ST_CR_CERT_STATUS
+# define SSL3_ST_CR_CERT_STATUS_B           TLS_ST_CR_CERT_STATUS
 
 /* server */
 /* extra state */
-# define SSL3_ST_SW_FLUSH                (0x100|SSL_ST_ACCEPT)
+# define SSL3_ST_SW_FLUSH                   (-1)
 # ifndef OPENSSL_NO_SCTP
-#  define DTLS1_SCTP_ST_SW_WRITE_SOCK                     (0x310|SSL_ST_ACCEPT)
-#  define DTLS1_SCTP_ST_SR_READ_SOCK                      (0x320|SSL_ST_ACCEPT)
+#  define DTLS1_SCTP_ST_SW_WRITE_SOCK       (-1)
+#  define DTLS1_SCTP_ST_SR_READ_SOCK        (-1)
 # endif
 /* read from client */
 /* Do not change the number values, they do matter */
-# define SSL3_ST_SR_CLNT_HELLO_A         (0x110|SSL_ST_ACCEPT)
-# define SSL3_ST_SR_CLNT_HELLO_B         (0x111|SSL_ST_ACCEPT)
-# define SSL3_ST_SR_CLNT_HELLO_C         (0x112|SSL_ST_ACCEPT)
-# define SSL3_ST_SR_CLNT_HELLO_D         (0x115|SSL_ST_ACCEPT)
+# define SSL3_ST_SR_CLNT_HELLO_A            TLS_ST_SR_CLNT_HELLO
+# define SSL3_ST_SR_CLNT_HELLO_B            TLS_ST_SR_CLNT_HELLO
+# define SSL3_ST_SR_CLNT_HELLO_C            TLS_ST_SR_CLNT_HELLO
+# define SSL3_ST_SR_CLNT_HELLO_D            TLS_ST_SR_CLNT_HELLO
 /* write to client */
-# define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)
-# define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_HELLO_REQ_A          (0x120|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_HELLO_REQ_B          (0x121|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_HELLO_REQ_C          (0x122|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_SRVR_HELLO_A         (0x130|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_SRVR_HELLO_B         (0x131|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_CERT_A               (0x140|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_CERT_B               (0x141|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_KEY_EXCH_A           (0x150|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_KEY_EXCH_B           (0x151|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_CERT_REQ_A           (0x160|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_CERT_REQ_B           (0x161|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_SRVR_DONE_A          (0x170|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_SRVR_DONE_B          (0x171|SSL_ST_ACCEPT)
+# define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A DTLS_ST_SW_HELLO_VERIFY_REQUEST
+# define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B DTLS_ST_SW_HELLO_VERIFY_REQUEST
+# define SSL3_ST_SW_HELLO_REQ_A             TLS_ST_SW_HELLO_REQ
+# define SSL3_ST_SW_HELLO_REQ_B             TLS_ST_SW_HELLO_REQ
+# define SSL3_ST_SW_HELLO_REQ_C             TLS_ST_SW_HELLO_REQ
+# define SSL3_ST_SW_SRVR_HELLO_A            TLS_ST_SW_SRVR_HELLO
+# define SSL3_ST_SW_SRVR_HELLO_B            TLS_ST_SW_SRVR_HELLO
+# define SSL3_ST_SW_CERT_A                  TLS_ST_SW_CERT
+# define SSL3_ST_SW_CERT_B                  TLS_ST_SW_CERT
+# define SSL3_ST_SW_KEY_EXCH_A              TLS_ST_SW_KEY_EXCH
+# define SSL3_ST_SW_KEY_EXCH_B              TLS_ST_SW_KEY_EXCH
+# define SSL3_ST_SW_CERT_REQ_A              TLS_ST_SW_CERT_REQ
+# define SSL3_ST_SW_CERT_REQ_B              TLS_ST_SW_CERT_REQ
+# define SSL3_ST_SW_SRVR_DONE_A             TLS_ST_SW_SRVR_DONE
+# define SSL3_ST_SW_SRVR_DONE_B             TLS_ST_SW_SRVR_DONE
 /* read from client */
-# define SSL3_ST_SR_CERT_A               (0x180|SSL_ST_ACCEPT)
-# define SSL3_ST_SR_CERT_B               (0x181|SSL_ST_ACCEPT)
-# define SSL3_ST_SR_KEY_EXCH_A           (0x190|SSL_ST_ACCEPT)
-# define SSL3_ST_SR_KEY_EXCH_B           (0x191|SSL_ST_ACCEPT)
-# define SSL3_ST_SR_CERT_VRFY_A          (0x1A0|SSL_ST_ACCEPT)
-# define SSL3_ST_SR_CERT_VRFY_B          (0x1A1|SSL_ST_ACCEPT)
-# define SSL3_ST_SR_CHANGE_A             (0x1B0|SSL_ST_ACCEPT)
-# define SSL3_ST_SR_CHANGE_B             (0x1B1|SSL_ST_ACCEPT)
+# define SSL3_ST_SR_CERT_A                  TLS_ST_SR_CERT
+# define SSL3_ST_SR_CERT_B                  TLS_ST_SR_CERT
+# define SSL3_ST_SR_KEY_EXCH_A              TLS_ST_SR_KEY_EXCH
+# define SSL3_ST_SR_KEY_EXCH_B              TLS_ST_SR_KEY_EXCH
+# define SSL3_ST_SR_CERT_VRFY_A             TLS_ST_SR_CERT_VRFY
+# define SSL3_ST_SR_CERT_VRFY_B             TLS_ST_SR_CERT_VRFY
+# define SSL3_ST_SR_CHANGE_A                TLS_ST_SR_CHANGE
+# define SSL3_ST_SR_CHANGE_B                TLS_ST_SR_CHANGE
 # ifndef OPENSSL_NO_NEXTPROTONEG
-#  define SSL3_ST_SR_NEXT_PROTO_A         (0x210|SSL_ST_ACCEPT)
-#  define SSL3_ST_SR_NEXT_PROTO_B         (0x211|SSL_ST_ACCEPT)
+#  define SSL3_ST_SR_NEXT_PROTO_A           TLS_ST_SR_NEXT_PROTO
+#  define SSL3_ST_SR_NEXT_PROTO_B           TLS_ST_SR_NEXT_PROTO
 # endif
-# define SSL3_ST_SR_FINISHED_A           (0x1C0|SSL_ST_ACCEPT)
-# define SSL3_ST_SR_FINISHED_B           (0x1C1|SSL_ST_ACCEPT)
+# define SSL3_ST_SR_FINISHED_A              TLS_ST_SR_FINISHED
+# define SSL3_ST_SR_FINISHED_B              TLS_ST_SR_FINISHED
 /* write to client */
-# define SSL3_ST_SW_CHANGE_A             (0x1D0|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_CHANGE_B             (0x1D1|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_FINISHED_A           (0x1E0|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_FINISHED_B           (0x1E1|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_SESSION_TICKET_A     (0x1F0|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_SESSION_TICKET_B     (0x1F1|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_CERT_STATUS_A        (0x200|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_CERT_STATUS_B        (0x201|SSL_ST_ACCEPT)
+# define SSL3_ST_SW_CHANGE_A                TLS_ST_SW_CHANGE
+# define SSL3_ST_SW_CHANGE_B                TLS_ST_SW_CHANGE
+# define SSL3_ST_SW_FINISHED_A              TLS_ST_SW_FINISHED
+# define SSL3_ST_SW_FINISHED_B              TLS_ST_SW_FINISHED
+# define SSL3_ST_SW_SESSION_TICKET_A        TLS_ST_SW_SESSION_TICKET
+# define SSL3_ST_SW_SESSION_TICKET_B        TLS_ST_SW_SESSION_TICKET
+# define SSL3_ST_SW_CERT_STATUS_A           TLS_ST_SW_CERT_STATUS
+# define SSL3_ST_SW_CERT_STATUS_B           TLS_ST_SW_CERT_STATUS
 
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1

diff --git a/ssl/statem.c b/ssl/statem.c
index e30eda98443081072ad796ef259b460bdadd6736..34d55cb11b651fe7f722be1018d774d04ca083c0 100644 (file)
--- a/ssl/statem.c
+++ b/ssl/statem.c
@@ -184,6 +184,7 @@ void statem_clear(SSL *s)
 void statem_set_renegotiate(SSL *s)
 {
     s->statem.state = MSG_FLOW_RENEGOTIATE;
+    s->statem.in_init = 1;
 }
 
 /*