From: Matt Caswell Date: Thu, 30 Jul 2015 12:45:50 +0000 (+0100) Subject: Client TLS state machine rewrite cleanup X-Git-Tag: OpenSSL_1_1_0-pre1~375 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=f6a2f2da58d6ba0042a9e94cf7281e5db23e9333;p=oweals%2Fopenssl.git Client TLS state machine rewrite cleanup Remove redundant code following moving client side TLS handling to the new state machine implementation. Reviewed-by: Tim Hudson Reviewed-by: Richard Levitte --- diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 5cf47d21ff..9a7382525b 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -165,484 +165,9 @@ static int ssl_set_version(SSL *s); static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b); -#if 0 -/* - * Temporarily disabled during development of new state machine code. - * TODO: Clean me up - */ -static int ssl3_check_change(SSL *s); -#endif static int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p); - -#if 0 -/* - * Temporarily disabled during development of new state machine code. - * TODO: Clean me up - */ -int ssl3_connect(SSL *s) -{ - BUF_MEM *buf = NULL; - unsigned long Time = (unsigned long)time(NULL); - void (*cb) (const SSL *ssl, int type, int val) = NULL; - int ret = -1; - int new_state, state, skip = 0; - - RAND_add(&Time, sizeof(Time), 0); - ERR_clear_error(); - clear_sys_error(); - - if (s->info_callback != NULL) - cb = s->info_callback; - else if (s->ctx->info_callback != NULL) - cb = s->ctx->info_callback; - - s->in_handshake++; - if (!SSL_in_init(s) || SSL_in_before(s)) { - if (!SSL_clear(s)) - return -1; - } - -#ifndef OPENSSL_NO_HEARTBEATS - /* - * If we're awaiting a HeartbeatResponse, pretend we already got and - * don't await it anymore, because Heartbeats don't make sense during - * handshakes anyway. - */ - if (s->tlsext_hb_pending) { - s->tlsext_hb_pending = 0; - s->tlsext_hb_seq++; - } -#endif - - for (;;) { - state = s->state; - - switch (s->state) { - case SSL_ST_RENEGOTIATE: - s->renegotiate = 1; - s->state = SSL_ST_CONNECT; - s->ctx->stats.sess_connect_renegotiate++; - /* break */ - case SSL_ST_BEFORE: - case SSL_ST_CONNECT: - case SSL_ST_BEFORE | SSL_ST_CONNECT: - case SSL_ST_OK | SSL_ST_CONNECT: - - s->server = 0; - if (cb != NULL) - cb(s, SSL_CB_HANDSHAKE_START, 1); - - if ((s->version >> 8) != SSL3_VERSION_MAJOR - && s->version != TLS_ANY_VERSION) { - SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR); - s->state = SSL_ST_ERR; - ret = -1; - goto end; - } - - if (s->version != TLS_ANY_VERSION && - !ssl_security(s, SSL_SECOP_VERSION, 0, s->version, NULL)) { - SSLerr(SSL_F_SSL3_CONNECT, SSL_R_VERSION_TOO_LOW); - return -1; - } - - /* s->version=SSL3_VERSION; */ - s->type = SSL_ST_CONNECT; - - if (s->init_buf == NULL) { - if ((buf = BUF_MEM_new()) == NULL) { - ret = -1; - s->state = SSL_ST_ERR; - goto end; - } - if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { - ret = -1; - s->state = SSL_ST_ERR; - goto end; - } - s->init_buf = buf; - buf = NULL; - } - - if (!ssl3_setup_buffers(s)) { - ret = -1; - goto end; - } - - /* setup buffing BIO */ - if (!ssl_init_wbio_buffer(s, 0)) { - ret = -1; - s->state = SSL_ST_ERR; - goto end; - } - - /* don't push the buffering BIO quite yet */ - - ssl3_init_finished_mac(s); - - s->state = SSL3_ST_CW_CLNT_HELLO_A; - s->ctx->stats.sess_connect++; - s->init_num = 0; - /* - * Should have been reset by ssl3_get_finished, too. - */ - s->s3->change_cipher_spec = 0; - break; - - case SSL3_ST_CW_CLNT_HELLO_A: - case SSL3_ST_CW_CLNT_HELLO_B: - - s->shutdown = 0; - ret = ssl3_client_hello(s); - if (ret <= 0) - goto end; - s->state = SSL3_ST_CR_SRVR_HELLO_A; - s->init_num = 0; - - /* turn on buffering for the next lot of output */ - if (s->bbio != s->wbio) - s->wbio = BIO_push(s->bbio, s->wbio); - - break; - - case SSL3_ST_CR_SRVR_HELLO_A: - case SSL3_ST_CR_SRVR_HELLO_B: - ret = ssl3_get_server_hello(s); - if (ret <= 0) - goto end; - - if (s->hit) { - s->state = SSL3_ST_CR_CHANGE_A; - if (s->tlsext_ticket_expected) { - /* receive renewed session ticket */ - s->state = SSL3_ST_CR_SESSION_TICKET_A; - } - } else { - s->state = SSL3_ST_CR_CERT_A; - } - s->init_num = 0; - break; - case SSL3_ST_CR_CERT_A: - case SSL3_ST_CR_CERT_B: - /* Noop (ret = 0) for everything but EAP-FAST. */ - ret = ssl3_check_change(s); - if (ret < 0) - goto end; - if (ret == 1) { - s->hit = 1; - s->state = SSL3_ST_CR_CHANGE_A; - s->init_num = 0; - break; - } - - /* Check if it is anon DH/ECDH, SRP auth */ - /* or PSK */ - if (!(s->s3->tmp.new_cipher->algorithm_auth & - (SSL_aNULL | SSL_aSRP | SSL_aPSK))) { - ret = ssl3_get_server_certificate(s); - if (ret <= 0) - goto end; - - if (s->tlsext_status_expected) - s->state = SSL3_ST_CR_CERT_STATUS_A; - else - s->state = SSL3_ST_CR_KEY_EXCH_A; - } else { - skip = 1; - s->state = SSL3_ST_CR_KEY_EXCH_A; - } - - s->init_num = 0; - break; - - case SSL3_ST_CR_KEY_EXCH_A: - case SSL3_ST_CR_KEY_EXCH_B: - ret = ssl3_get_key_exchange(s); - if (ret <= 0) - goto end; - s->state = SSL3_ST_CR_CERT_REQ_A; - s->init_num = 0; - - /* - * at this point we check that we have the required stuff from - * the server - */ - if (!ssl3_check_cert_and_algorithm(s)) { - ret = -1; - s->state = SSL_ST_ERR; - goto end; - } - break; - - case SSL3_ST_CR_CERT_REQ_A: - case SSL3_ST_CR_CERT_REQ_B: - ret = ssl3_get_certificate_request(s); - if (ret <= 0) - goto end; - s->state = SSL3_ST_CR_SRVR_DONE_A; - s->init_num = 0; - break; - - case SSL3_ST_CR_SRVR_DONE_A: - case SSL3_ST_CR_SRVR_DONE_B: - ret = ssl3_get_server_done(s); - if (ret <= 0) - goto end; - - if (s->s3->tmp.cert_req) - s->state = SSL3_ST_CW_CERT_A; - else - s->state = SSL3_ST_CW_KEY_EXCH_A; - s->init_num = 0; - - break; - - case SSL3_ST_CW_CERT_A: - case SSL3_ST_CW_CERT_B: - case SSL3_ST_CW_CERT_C: - case SSL3_ST_CW_CERT_D: - ret = ssl3_send_client_certificate(s); - if (ret <= 0) - goto end; - s->state = SSL3_ST_CW_KEY_EXCH_A; - s->init_num = 0; - break; - - case SSL3_ST_CW_KEY_EXCH_A: - case SSL3_ST_CW_KEY_EXCH_B: - ret = ssl3_send_client_key_exchange(s); - if (ret <= 0) - goto end; - /* - * EAY EAY EAY need to check for DH fix cert sent back - */ - /* - * For TLS, cert_req is set to 2, so a cert chain of nothing is - * sent, but no verify packet is sent - */ - /* - * XXX: For now, we do not support client authentication in ECDH - * cipher suites with ECDH (rather than ECDSA) certificates. We - * need to skip the certificate verify message when client's - * ECDH public key is sent inside the client certificate. - */ - if (s->s3->tmp.cert_req == 1) { - s->state = SSL3_ST_CW_CERT_VRFY_A; - } else { - s->state = SSL3_ST_CW_CHANGE_A; - } - if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) { - s->state = SSL3_ST_CW_CHANGE_A; - } - - s->init_num = 0; - break; - - case SSL3_ST_CW_CERT_VRFY_A: - case SSL3_ST_CW_CERT_VRFY_B: - ret = ssl3_send_client_verify(s); - if (ret <= 0) - goto end; - s->state = SSL3_ST_CW_CHANGE_A; - s->init_num = 0; - break; - - case SSL3_ST_CW_CHANGE_A: - case SSL3_ST_CW_CHANGE_B: - ret = ssl3_send_change_cipher_spec(s, - SSL3_ST_CW_CHANGE_A, - SSL3_ST_CW_CHANGE_B); - if (ret <= 0) - goto end; - -#if defined(OPENSSL_NO_NEXTPROTONEG) - s->state = SSL3_ST_CW_FINISHED_A; -#else - if (s->s3->next_proto_neg_seen) - s->state = SSL3_ST_CW_NEXT_PROTO_A; - else - s->state = SSL3_ST_CW_FINISHED_A; -#endif - s->init_num = 0; - - s->session->cipher = s->s3->tmp.new_cipher; -#ifdef OPENSSL_NO_COMP - s->session->compress_meth = 0; -#else - if (s->s3->tmp.new_compression == NULL) - s->session->compress_meth = 0; - else - s->session->compress_meth = s->s3->tmp.new_compression->id; -#endif - if (!s->method->ssl3_enc->setup_key_block(s)) { - ret = -1; - s->state = SSL_ST_ERR; - goto end; - } - - if (!s->method->ssl3_enc->change_cipher_state(s, - SSL3_CHANGE_CIPHER_CLIENT_WRITE)) - { - ret = -1; - s->state = SSL_ST_ERR; - goto end; - } - - break; - -#if !defined(OPENSSL_NO_NEXTPROTONEG) - case SSL3_ST_CW_NEXT_PROTO_A: - case SSL3_ST_CW_NEXT_PROTO_B: - ret = ssl3_send_next_proto(s); - if (ret <= 0) - goto end; - s->state = SSL3_ST_CW_FINISHED_A; - break; -#endif - - case SSL3_ST_CW_FINISHED_A: - case SSL3_ST_CW_FINISHED_B: - ret = ssl3_send_finished(s, - SSL3_ST_CW_FINISHED_A, - SSL3_ST_CW_FINISHED_B, - s->method-> - ssl3_enc->client_finished_label, - s->method-> - ssl3_enc->client_finished_label_len); - if (ret <= 0) - goto end; - s->state = SSL3_ST_CW_FLUSH; - - if (s->hit) { - s->s3->tmp.next_state = SSL_ST_OK; - } else { - /* - * Allow NewSessionTicket if ticket expected - */ - if (s->tlsext_ticket_expected) - s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A; - else - s->s3->tmp.next_state = SSL3_ST_CR_CHANGE_A; - } - s->init_num = 0; - break; - - case SSL3_ST_CR_SESSION_TICKET_A: - case SSL3_ST_CR_SESSION_TICKET_B: - ret = ssl3_get_new_session_ticket(s); - if (ret <= 0) - goto end; - s->state = SSL3_ST_CR_CHANGE_A; - s->init_num = 0; - break; - - case SSL3_ST_CR_CERT_STATUS_A: - case SSL3_ST_CR_CERT_STATUS_B: - ret = ssl3_get_cert_status(s); - if (ret <= 0) - goto end; - s->state = SSL3_ST_CR_KEY_EXCH_A; - s->init_num = 0; - break; - - case SSL3_ST_CR_CHANGE_A: - case SSL3_ST_CR_CHANGE_B: - ret = ssl3_get_change_cipher_spec(s, SSL3_ST_CR_CHANGE_A, - SSL3_ST_CR_CHANGE_B); - if (ret <= 0) - goto end; - - s->state = SSL3_ST_CR_FINISHED_A; - s->init_num = 0; - break; - - case SSL3_ST_CR_FINISHED_A: - case SSL3_ST_CR_FINISHED_B: - ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A, - SSL3_ST_CR_FINISHED_B); - if (ret <= 0) - goto end; - - if (s->hit) - s->state = SSL3_ST_CW_CHANGE_A; - else - s->state = SSL_ST_OK; - s->init_num = 0; - break; - - case SSL3_ST_CW_FLUSH: - s->rwstate = SSL_WRITING; - if (BIO_flush(s->wbio) <= 0) { - ret = -1; - goto end; - } - s->rwstate = SSL_NOTHING; - s->state = s->s3->tmp.next_state; - break; - - case SSL_ST_OK: - /* clean a few things up */ - ssl3_cleanup_key_block(s); - BUF_MEM_free(s->init_buf); - s->init_buf = NULL; - - /* remove the buffering */ - ssl_free_wbio_buffer(s); - - s->init_num = 0; - s->renegotiate = 0; - s->new_session = 0; - - ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); - if (s->hit) - s->ctx->stats.sess_hit++; - - ret = 1; - /* s->server=0; */ - s->handshake_func = ssl3_connect; - s->ctx->stats.sess_connect_good++; - - if (cb != NULL) - cb(s, SSL_CB_HANDSHAKE_DONE, 1); - - goto end; - /* break; */ - - case SSL_ST_ERR: - default: - SSLerr(SSL_F_SSL3_CONNECT, SSL_R_UNKNOWN_STATE); - ret = -1; - goto end; - /* break; */ - } - - /* did we do anything */ - if (!s->s3->tmp.reuse_message && !skip) { - if (s->debug) { - if ((ret = BIO_flush(s->wbio)) <= 0) - goto end; - } - - if ((cb != NULL) && (s->state != state)) { - new_state = s->state; - s->state = state; - cb(s, SSL_CB_CONNECT_LOOP, 1); - s->state = new_state; - } - } - skip = 0; - } - end: - s->in_handshake--; - BUF_MEM_free(buf); - if (cb != NULL) - cb(s, SSL_CB_CONNECT_EXIT, ret); - return (ret); -} - -#endif /* End temp disabled ssl3_connect */ /* * Work out what version we should be using for the initial ClientHello if * the version is currently set to (D)TLS_ANY_VERSION. @@ -3518,51 +3043,6 @@ int ssl3_check_cert_and_algorithm(SSL *s) return (0); } -/* - * Normally, we can tell if the server is resuming the session from - * the session ID. EAP-FAST (RFC 4851), however, relies on the next server - * message after the ServerHello to determine if the server is resuming. - * Therefore, we allow EAP-FAST to peek ahead. - * ssl3_check_change returns 1 if we are resuming from an external - * pre-shared secret, we have a "ticket" and the next server message - * is CCS; and 0 otherwise. It returns -1 upon an error. - */ - #if 0 - /* - * TODO: No longer required. Temporarily kept during state machine development - * To be deleted by later commits - */ -static int ssl3_check_change(SSL *s) -{ - int ok = 0; - - if (s->version < TLS1_VERSION || !s->tls_session_secret_cb || - !s->session->tlsext_tick) - return 0; - - /* - * This function is called when we might get a Certificate message instead, - * so permit appropriate message length. - * We ignore the return value as we're only interested in the message type - * and not its length. - */ - s->method->ssl_get_message(s, - SSL3_ST_CR_CERT_A, - SSL3_ST_CR_CERT_B, - -1, s->max_cert_list, &ok); - - if (!ok) - return -1; - - s->s3->tmp.reuse_message = 1; - - if (s->s3->tmp.message_type == SSL3_MT_CHANGE_CIPHER_SPEC) - return 1; - - return 0; -} -#endif - #ifndef OPENSSL_NO_NEXTPROTONEG int ssl3_send_next_proto(SSL *s) {