From c64359db8af1bf759f4496a01c93bac658decc7e Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 10 Sep 2015 09:11:41 +0100 Subject: [PATCH] Redefine old state values ssl.h and ssl3.h have a number of defines for the various states in the old state machine code. Since this is public API it is not desirable to just remove them. Instead redefine them to the closest equivalent state in the new state machine code. If an application calls SSL_state then the return value can still be compared against these old values if necessary. However not all values have an equivalent state in the new code, so these are just redefined to a dummy value. Reviewed-by: Tim Hudson Reviewed-by: Richard Levitte --- include/openssl/ssl.h | 21 +++--- include/openssl/ssl3.h | 167 +++++++++++++++++++++-------------------- ssl/statem.c | 1 + 3 files changed, 98 insertions(+), 91 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 99f0de65f7..ed1b59af5e 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -974,21 +974,22 @@ enum HANDSHAKE_STATE { }; /* - * The following are the possible values for ssl->state are are used to - * indicate where we are up to in the SSL connection establishment. The - * macros that follow are about the only things you should need to use and - * even then, only when using non-blocking IO. It can also be useful to work - * out where you were when the connection failed + * Most of the following state values are no longer used and are defined to be + * the closest equivalent value in the current state machine code. Not all + * defines have an equivalent and are set to a dummy value (-1). SSL_ST_CONNECT + * and SSL_ST_ACCEPT are still in use in the definition of SSL_CB_ACCEPT_LOOP, + * SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP and SSL_CB_CONNECT_EXIT. */ # define SSL_ST_CONNECT 0x1000 # define SSL_ST_ACCEPT 0x2000 + # define SSL_ST_MASK 0x0FFF -# define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT) -# define SSL_ST_BEFORE 0x4000 -# define SSL_ST_OK 0x03 -# define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) -# define SSL_ST_ERR 0x05 +# define SSL_ST_INIT (-1) +# define SSL_ST_BEFORE TLS_ST_BEFORE +# define SSL_ST_OK TLS_ST_OK +# define SSL_ST_RENEGOTIATE (-1) +# define SSL_ST_ERR (-1) # define SSL_CB_LOOP 0x01 # define SSL_CB_EXIT 0x02 diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h index ec339de351..bfb2c2dbd6 100644 --- a/include/openssl/ssl3.h +++ b/include/openssl/ssl3.h @@ -371,111 +371,116 @@ extern "C" { /* SSLv3 */ +/* + * The following states are no longer used and are defined to be the closest + * equivalent value in the current state machine code. Not all defines have an + * equivalent and are set to a dummy value (-1). + */ /* * client */ /* extra state */ -# define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT) +# define SSL3_ST_CW_FLUSH (-1) # ifndef OPENSSL_NO_SCTP -# define DTLS1_SCTP_ST_CW_WRITE_SOCK (0x310|SSL_ST_CONNECT) -# define DTLS1_SCTP_ST_CR_READ_SOCK (0x320|SSL_ST_CONNECT) +# define DTLS1_SCTP_ST_CW_WRITE_SOCK (-1) +# define DTLS1_SCTP_ST_CR_READ_SOCK (-1) # endif /* write to server */ -# define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT) -# define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT) +# define SSL3_ST_CW_CLNT_HELLO_A TLS_ST_CW_CLNT_HELLO +# define SSL3_ST_CW_CLNT_HELLO_B TLS_ST_CW_CLNT_HELLO /* read from server */ -# define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT) -# define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT) -# define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT) -# define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT) -# define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT) -# define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT) -# define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT) -# define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT) -# define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT) -# define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT) -# define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT) -# define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT) +# define SSL3_ST_CR_SRVR_HELLO_A TLS_ST_CR_SRVR_HELLO +# define SSL3_ST_CR_SRVR_HELLO_B TLS_ST_CR_SRVR_HELLO +# define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A DTLS_ST_CR_HELLO_VERIFY_REQUEST +# define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B DTLS_ST_CR_HELLO_VERIFY_REQUEST +# define SSL3_ST_CR_CERT_A TLS_ST_CR_CERT +# define SSL3_ST_CR_CERT_B TLS_ST_CR_CERT +# define SSL3_ST_CR_KEY_EXCH_A TLS_ST_CR_KEY_EXCH +# define SSL3_ST_CR_KEY_EXCH_B TLS_ST_CR_KEY_EXCH +# define SSL3_ST_CR_CERT_REQ_A TLS_ST_CR_CERT_REQ +# define SSL3_ST_CR_CERT_REQ_B TLS_ST_CR_CERT_REQ +# define SSL3_ST_CR_SRVR_DONE_A TLS_ST_CR_SRVR_DONE +# define SSL3_ST_CR_SRVR_DONE_B TLS_ST_CR_SRVR_DONE /* write to server */ -# define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT) -# define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT) -# define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT) -# define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT) -# define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT) -# define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT) -# define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT) -# define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) -# define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) -# define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) +# define SSL3_ST_CW_CERT_A TLS_ST_CW_CERT +# define SSL3_ST_CW_CERT_B TLS_ST_CW_CERT +# define SSL3_ST_CW_CERT_C TLS_ST_CW_CERT +# define SSL3_ST_CW_CERT_D TLS_ST_CW_CERT +# define SSL3_ST_CW_KEY_EXCH_A TLS_ST_CW_KEY_EXCH +# define SSL3_ST_CW_KEY_EXCH_B TLS_ST_CW_KEY_EXCH +# define SSL3_ST_CW_CERT_VRFY_A TLS_ST_CW_CERT_VRFY +# define SSL3_ST_CW_CERT_VRFY_B TLS_ST_CW_CERT_VRFY +# define SSL3_ST_CW_CHANGE_A TLS_ST_CW_CHANGE +# define SSL3_ST_CW_CHANGE_B TLS_ST_CW_CHANGE # ifndef OPENSSL_NO_NEXTPROTONEG -# define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) -# define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) +# define SSL3_ST_CW_NEXT_PROTO_A TLS_ST_CW_NEXT_PROTO +# define SSL3_ST_CW_NEXT_PROTO_B TLS_ST_CW_NEXT_PROTO # endif -# define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) -# define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) +# define SSL3_ST_CW_FINISHED_A TLS_ST_CW_FINISHED +# define SSL3_ST_CW_FINISHED_B TLS_ST_CW_FINISHED /* read from server */ -# define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT) -# define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT) -# define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT) -# define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) -# define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT) -# define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT) -# define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT) -# define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT) +# define SSL3_ST_CR_CHANGE_A TLS_ST_CR_CHANGE +# define SSL3_ST_CR_CHANGE_B TLS_ST_CR_CHANGE +# define SSL3_ST_CR_FINISHED_A TLS_ST_CR_FINISHED +# define SSL3_ST_CR_FINISHED_B TLS_ST_CR_FINISHED +# define SSL3_ST_CR_SESSION_TICKET_A TLS_ST_CR_SESSION_TICKET +# define SSL3_ST_CR_SESSION_TICKET_B TLS_ST_CR_SESSION_TICKET +# define SSL3_ST_CR_CERT_STATUS_A TLS_ST_CR_CERT_STATUS +# define SSL3_ST_CR_CERT_STATUS_B TLS_ST_CR_CERT_STATUS /* server */ /* extra state */ -# define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT) +# define SSL3_ST_SW_FLUSH (-1) # ifndef OPENSSL_NO_SCTP -# define DTLS1_SCTP_ST_SW_WRITE_SOCK (0x310|SSL_ST_ACCEPT) -# define DTLS1_SCTP_ST_SR_READ_SOCK (0x320|SSL_ST_ACCEPT) +# define DTLS1_SCTP_ST_SW_WRITE_SOCK (-1) +# define DTLS1_SCTP_ST_SR_READ_SOCK (-1) # endif /* read from client */ /* Do not change the number values, they do matter */ -# define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) -# define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) -# define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) -# define SSL3_ST_SR_CLNT_HELLO_D (0x115|SSL_ST_ACCEPT) +# define SSL3_ST_SR_CLNT_HELLO_A TLS_ST_SR_CLNT_HELLO +# define SSL3_ST_SR_CLNT_HELLO_B TLS_ST_SR_CLNT_HELLO +# define SSL3_ST_SR_CLNT_HELLO_C TLS_ST_SR_CLNT_HELLO +# define SSL3_ST_SR_CLNT_HELLO_D TLS_ST_SR_CLNT_HELLO /* write to client */ -# define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) -# define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) -# define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT) -# define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT) -# define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT) -# define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT) -# define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT) -# define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT) -# define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT) -# define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT) -# define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT) -# define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT) -# define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT) -# define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT) -# define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT) +# define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A DTLS_ST_SW_HELLO_VERIFY_REQUEST +# define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B DTLS_ST_SW_HELLO_VERIFY_REQUEST +# define SSL3_ST_SW_HELLO_REQ_A TLS_ST_SW_HELLO_REQ +# define SSL3_ST_SW_HELLO_REQ_B TLS_ST_SW_HELLO_REQ +# define SSL3_ST_SW_HELLO_REQ_C TLS_ST_SW_HELLO_REQ +# define SSL3_ST_SW_SRVR_HELLO_A TLS_ST_SW_SRVR_HELLO +# define SSL3_ST_SW_SRVR_HELLO_B TLS_ST_SW_SRVR_HELLO +# define SSL3_ST_SW_CERT_A TLS_ST_SW_CERT +# define SSL3_ST_SW_CERT_B TLS_ST_SW_CERT +# define SSL3_ST_SW_KEY_EXCH_A TLS_ST_SW_KEY_EXCH +# define SSL3_ST_SW_KEY_EXCH_B TLS_ST_SW_KEY_EXCH +# define SSL3_ST_SW_CERT_REQ_A TLS_ST_SW_CERT_REQ +# define SSL3_ST_SW_CERT_REQ_B TLS_ST_SW_CERT_REQ +# define SSL3_ST_SW_SRVR_DONE_A TLS_ST_SW_SRVR_DONE +# define SSL3_ST_SW_SRVR_DONE_B TLS_ST_SW_SRVR_DONE /* read from client */ -# define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT) -# define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT) -# define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT) -# define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT) -# define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT) -# define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) -# define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) -# define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) +# define SSL3_ST_SR_CERT_A TLS_ST_SR_CERT +# define SSL3_ST_SR_CERT_B TLS_ST_SR_CERT +# define SSL3_ST_SR_KEY_EXCH_A TLS_ST_SR_KEY_EXCH +# define SSL3_ST_SR_KEY_EXCH_B TLS_ST_SR_KEY_EXCH +# define SSL3_ST_SR_CERT_VRFY_A TLS_ST_SR_CERT_VRFY +# define SSL3_ST_SR_CERT_VRFY_B TLS_ST_SR_CERT_VRFY +# define SSL3_ST_SR_CHANGE_A TLS_ST_SR_CHANGE +# define SSL3_ST_SR_CHANGE_B TLS_ST_SR_CHANGE # ifndef OPENSSL_NO_NEXTPROTONEG -# define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT) -# define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT) +# define SSL3_ST_SR_NEXT_PROTO_A TLS_ST_SR_NEXT_PROTO +# define SSL3_ST_SR_NEXT_PROTO_B TLS_ST_SR_NEXT_PROTO # endif -# define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) -# define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) +# define SSL3_ST_SR_FINISHED_A TLS_ST_SR_FINISHED +# define SSL3_ST_SR_FINISHED_B TLS_ST_SR_FINISHED /* write to client */ -# define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT) -# define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) -# define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) -# define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) -# define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT) -# define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) -# define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) -# define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) +# define SSL3_ST_SW_CHANGE_A TLS_ST_SW_CHANGE +# define SSL3_ST_SW_CHANGE_B TLS_ST_SW_CHANGE +# define SSL3_ST_SW_FINISHED_A TLS_ST_SW_FINISHED +# define SSL3_ST_SW_FINISHED_B TLS_ST_SW_FINISHED +# define SSL3_ST_SW_SESSION_TICKET_A TLS_ST_SW_SESSION_TICKET +# define SSL3_ST_SW_SESSION_TICKET_B TLS_ST_SW_SESSION_TICKET +# define SSL3_ST_SW_CERT_STATUS_A TLS_ST_SW_CERT_STATUS +# define SSL3_ST_SW_CERT_STATUS_B TLS_ST_SW_CERT_STATUS # define SSL3_MT_HELLO_REQUEST 0 # define SSL3_MT_CLIENT_HELLO 1 diff --git a/ssl/statem.c b/ssl/statem.c index e30eda9844..34d55cb11b 100644 --- a/ssl/statem.c +++ b/ssl/statem.c @@ -184,6 +184,7 @@ void statem_clear(SSL *s) void statem_set_renegotiate(SSL *s) { s->statem.state = MSG_FLOW_RENEGOTIATE; + s->statem.in_init = 1; } /* -- 2.34.1