Make SSL library a little more fool-proof by not requiring any longer
authorBodo Möller <bodo@openssl.org>
Tue, 11 May 1999 07:43:16 +0000 (07:43 +0000)
committerBodo Möller <bodo@openssl.org>
Tue, 11 May 1999 07:43:16 +0000 (07:43 +0000)
that SSL_set_{accept,connect}_state be called before
SSL_{accept,connect} may be used.
Submitted by:
Reviewed by:
PR:

CHANGES
ssl/ssl.h
ssl/ssl_err.c
ssl/ssl_lib.c

diff --git a/CHANGES b/CHANGES
index acac07a..66db4d6 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,13 @@
 
  Changes between 0.9.2b and 0.9.3
 
+  *) Make SSL library a little more fool-proof by not requiring any longer
+     that SSL_set_{accept,connect}_state be called before
+     SSL_{accept,connect} may be used (SSL_set_..._state is omitted
+     in many applications because usually everything *appeared* to work as
+     intended anyway -- now it really works as intended).
+     [Bodo Moeller]
+
   *) Move openssl.cnf out of lib/.
      [Ulf Möller]
 
index 48792b3..347d087 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -514,6 +514,12 @@ struct ssl_st
        int in_handshake;
        int (*handshake_func)();
 
+       /* Imagine that here's a boolean member "init"
+        * that is switched as soon as handshake_func becomes
+        * != 0 for the first time (which is why we don't actually
+        * need it).
+        */
+
        int server;     /* are we the server side? - mostly used by SSL_clear*/
 
        int new_session;/* 1 if we are to use a new session */
@@ -1191,6 +1197,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_F_SSL_INIT_WBIO_BUFFER                      184
 #define SSL_F_SSL_LOAD_CLIENT_CA_FILE                   185
 #define SSL_F_SSL_NEW                                   186
+#define SSL_F_SSL_READ                                  223
 #define SSL_F_SSL_RSA_PRIVATE_DECRYPT                   187
 #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT                    188
 #define SSL_F_SSL_SESSION_NEW                           189
@@ -1202,6 +1209,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_F_SSL_SET_SESSION                           195
 #define SSL_F_SSL_SET_SESSION_ID_CONTEXT                218
 #define SSL_F_SSL_SET_WFD                               196
+#define SSL_F_SSL_SHUTDOWN                              224
 #define SSL_F_SSL_UNDEFINED_FUNCTION                    197
 #define SSL_F_SSL_USE_CERTIFICATE                       198
 #define SSL_F_SSL_USE_CERTIFICATE_ASN1                  199
@@ -1394,6 +1402,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES                 243
 #define SSL_R_UNEXPECTED_MESSAGE                        244
 #define SSL_R_UNEXPECTED_RECORD                                 245
+#define SSL_R_UNITIALIZED                               275
 #define SSL_R_UNKNOWN_ALERT_TYPE                        246
 #define SSL_R_UNKNOWN_CERTIFICATE_TYPE                  247
 #define SSL_R_UNKNOWN_CIPHER_RETURNED                   248
index c96fb6c..6f99f4c 100644 (file)
@@ -160,6 +160,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_SSL_INIT_WBIO_BUFFER,0),     "SSL_INIT_WBIO_BUFFER"},
 {ERR_PACK(0,SSL_F_SSL_LOAD_CLIENT_CA_FILE,0),  "SSL_load_client_CA_file"},
 {ERR_PACK(0,SSL_F_SSL_NEW,0),  "SSL_new"},
+{ERR_PACK(0,SSL_F_SSL_READ,0), "SSL_read"},
 {ERR_PACK(0,SSL_F_SSL_RSA_PRIVATE_DECRYPT,0),  "SSL_RSA_PRIVATE_DECRYPT"},
 {ERR_PACK(0,SSL_F_SSL_RSA_PUBLIC_ENCRYPT,0),   "SSL_RSA_PUBLIC_ENCRYPT"},
 {ERR_PACK(0,SSL_F_SSL_SESSION_NEW,0),  "SSL_SESSION_new"},
@@ -171,6 +172,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_SSL_SET_SESSION,0),  "SSL_set_session"},
 {ERR_PACK(0,SSL_F_SSL_SET_SESSION_ID_CONTEXT,0),       "SSL_set_session_id_context"},
 {ERR_PACK(0,SSL_F_SSL_SET_WFD,0),      "SSL_set_wfd"},
+{ERR_PACK(0,SSL_F_SSL_SHUTDOWN,0),     "SSL_shutdown"},
 {ERR_PACK(0,SSL_F_SSL_UNDEFINED_FUNCTION,0),   "SSL_UNDEFINED_FUNCTION"},
 {ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE,0),      "SSL_use_certificate"},
 {ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_ASN1,0), "SSL_use_certificate_ASN1"},
@@ -366,6 +368,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES ,"unable to load ssl3 sha1 routines"},
 {SSL_R_UNEXPECTED_MESSAGE                ,"unexpected message"},
 {SSL_R_UNEXPECTED_RECORD                 ,"unexpected record"},
+{SSL_R_UNITIALIZED                       ,"unitialized"},
 {SSL_R_UNKNOWN_ALERT_TYPE                ,"unknown alert type"},
 {SSL_R_UNKNOWN_CERTIFICATE_TYPE          ,"unknown certificate type"},
 {SSL_R_UNKNOWN_CIPHER_RETURNED           ,"unknown cipher returned"},
index dda7882..8aba874 100644 (file)
@@ -592,11 +592,19 @@ int SSL_check_private_key(SSL *ssl)
 
 int SSL_accept(SSL *s)
        {
+       if (s->handshake_func == 0)
+               /* Not properly initialized yet */
+               SSL_set_accept_state(s);
+
        return(s->method->ssl_accept(s));
        }
 
 int SSL_connect(SSL *s)
        {
+       if (s->handshake_func == 0)
+               /* Not properly initialized yet */
+               SSL_set_connect_state(s);
+
        return(s->method->ssl_connect(s));
        }
 
@@ -607,6 +615,12 @@ long SSL_get_default_timeout(SSL *s)
 
 int SSL_read(SSL *s,char *buf,int num)
        {
+       if (s->handshake_func == 0)
+               {
+               SSLerr(SSL_F_SSL_READ, SSL_R_UNITIALIZED);
+               return -1;
+               }
+
        if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
                {
                s->rwstate=SSL_NOTHING;
@@ -626,6 +640,12 @@ int SSL_peek(SSL *s,char *buf,int num)
 
 int SSL_write(SSL *s,const char *buf,int num)
        {
+       if (s->handshake_func == 0)
+               {
+               SSLerr(SSL_F_SSL_WRITE, SSL_R_UNITIALIZED);
+               return -1;
+               }
+
        if (s->shutdown & SSL_SENT_SHUTDOWN)
                {
                s->rwstate=SSL_NOTHING;
@@ -637,6 +657,12 @@ int SSL_write(SSL *s,const char *buf,int num)
 
 int SSL_shutdown(SSL *s)
        {
+       if (s->handshake_func == 0)
+               {
+               SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNITIALIZED);
+               return -1;
+               }
+
        if ((s != NULL) && !SSL_in_init(s))
                return(s->method->ssl_shutdown(s));
        else