Make SSL_write_early_finish() an internal only function
authorMatt Caswell <matt@openssl.org>
Mon, 27 Feb 2017 20:54:39 +0000 (20:54 +0000)
committerMatt Caswell <matt@openssl.org>
Thu, 2 Mar 2017 17:44:16 +0000 (17:44 +0000)
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)

include/openssl/ssl.h
ssl/ssl_lib.c
ssl/statem/statem.c
util/libssl.num

index 3818597..8445ccd 100644 (file)
@@ -1626,7 +1626,6 @@ __owur int SSL_write(SSL *ssl, const void *buf, int num);
 __owur int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written);
 __owur int SSL_write_early(SSL *s, const void *buf, size_t num,
                            size_t *written);
-__owur int SSL_write_early_finish(SSL *s);
 long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
 long SSL_callback_ctrl(SSL *, int, void (*)(void));
 long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
index baeb3bb..5ec116e 100644 (file)
@@ -105,6 +105,8 @@ static const struct {
     },
 };
 
+static int ssl_write_early_finish(SSL *s);
+
 static int dane_ctx_enable(struct dane_ctx_st *dctx)
 {
     const EVP_MD **mdevp;
@@ -1753,7 +1755,7 @@ int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written)
          * We're still writing early data. We need to stop that so we can write
          * normal data
          */
-        if (!SSL_write_early_finish(s))
+        if (!ssl_write_early_finish(s))
             return 0;
     } else if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
                 || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) {
@@ -1853,7 +1855,7 @@ int SSL_write_early(SSL *s, const void *buf, size_t num, size_t *written)
     }
 }
 
-int SSL_write_early_finish(SSL *s)
+static int ssl_write_early_finish(SSL *s)
 {
     int ret;
 
@@ -3242,21 +3244,14 @@ int SSL_do_handshake(SSL *s)
         return -1;
     }
 
-    if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY
-            || s->early_data_state == SSL_EARLY_DATA_READ_RETRY) {
-        /*
-         * We skip this if we were called via SSL_read_early() or
-         * SSL_write_early()
-         */
-        if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) {
-            int edfin;
+    if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) {
+        int edfin;
 
-            edfin = SSL_write_early_finish(s);
-            if (edfin <= 0)
-                return edfin;
-        }
-        ossl_statem_set_in_init(s, 1);
+        edfin = ssl_write_early_finish(s);
+        if (edfin <= 0)
+            return edfin;
     }
+    ossl_statem_check_finish_init(s, -1);
 
     s->method->ssl_renegotiate_check(s, 0);
 
index 8a251ea..11cbe55 100644 (file)
@@ -168,9 +168,21 @@ int ossl_statem_skip_early_data(SSL *s)
     return 1;
 }
 
+/*
+ * Called when we are in SSL_read*(), SSL_write*(), or SSL_accept()
+ * /SSL_connect()/SSL_do_handshake(). Used to test whether we are in an early
+ * data state and whether we should attempt to move the handshake on if so.
+ * |send| is 1 if we are attempting to send data (SSL_write*()), 0 if we are
+ * attempting to read data (SSL_read*()), or -1 if we are in SSL_do_handshake()
+ * or similar.
+ */
 void ossl_statem_check_finish_init(SSL *s, int send)
 {
-    if (!s->server) {
+    if (send == -1) {
+        if (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END
+                || s->statem.hand_state == TLS_ST_EARLY_DATA)
+            ossl_statem_set_in_init(s, 1);
+    } else if (!s->server) {
         if ((send && s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END
                   && s->early_data_state != SSL_EARLY_DATA_WRITING)
                 || (!send && s->statem.hand_state == TLS_ST_EARLY_DATA))
index 4711801..fdc66d7 100644 (file)
@@ -429,7 +429,6 @@ SSL_CTX_set_max_early_data              429 1_1_1   EXIST::FUNCTION:
 SSL_get_max_early_data                  430    1_1_1   EXIST::FUNCTION:
 SSL_CTX_get_max_early_data              431    1_1_1   EXIST::FUNCTION:
 SSL_write_early                         432    1_1_1   EXIST::FUNCTION:
-SSL_write_early_finish                  433    1_1_1   EXIST::FUNCTION:
-SSL_read_early                          434    1_1_1   EXIST::FUNCTION:
-SSL_get_early_data_status               435    1_1_1   EXIST::FUNCTION:
-SSL_SESSION_get_max_early_data          436    1_1_1   EXIST::FUNCTION:
+SSL_read_early                          433    1_1_1   EXIST::FUNCTION:
+SSL_get_early_data_status               434    1_1_1   EXIST::FUNCTION:
+SSL_SESSION_get_max_early_data          435    1_1_1   EXIST::FUNCTION: