mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-18 13:44:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Move |no_cert_verify| into state machine

Browse Source 
The |no_cert_verify| should be in the state machine structure not in SSL

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Matt Caswell 2015-10-05 10:44:41 +01:00
parent c874def60a
commit a71a4966a3
5 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ssl/ssl_lib.c
View File

@ -225,7 +225,6 @@ int SSL_clear(SSL *s)
s->init_buf = NULL;
clear_ciphers(s);
s->first_packet = 0;
s->no_cert_verify = 0;
/*
* Check to see if we were changed into a different method, if so, revert

3
ssl/ssl_locl.h
View File

@ -1021,9 +1021,6 @@ struct ssl_st {
struct ssl3_state_st *s3; /* SSLv3 variables */
struct dtls1_state_st *d1; /* DTLSv1 variables */
/* Should we skip the CertificateVerify message? */
unsigned int no_cert_verify;
/* callback that allows applications to peek at protocol messages */
void (*msg_callback) (int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg);

1
ssl/statem/statem.c
View File

@ -155,6 +155,7 @@ void ossl_statem_clear(SSL *s)
s->statem.state = MSG_FLOW_UNINITED;
s->statem.hand_state = TLS_ST_BEFORE;
s->statem.in_init = 1;
s->statem.no_cert_verify = 0;
}
/*

4
ssl/statem/statem.h
View File

@ -135,6 +135,10 @@ struct statem_st {
OSSL_HANDSHAKE_STATE hand_state;
int in_init;
int read_state_first_init;
/* Should we skip the CertificateVerify message? */
unsigned int no_cert_verify;
int use_timer;
#ifndef OPENSSL_NO_SCTP
int in_sctp_read_sock;

14
ssl/statem/statem_srvr.c
View File

@ -232,10 +232,10 @@ int server_read_transition(SSL *s, int mt)
* received a Certificate from the client. If so then |s->session->peer|
* will be non NULL. In some instances a CertificateVerify message is
* not required even if the peer has sent a Certificate (e.g. such as in
* the case of static DH). In that case |s->no_cert_verify| should be
* the case of static DH). In that case |st->no_cert_verify| should be
* set.
*/
if (s->session->peer == NULL || s->no_cert_verify) {
if (s->session->peer == NULL || st->no_cert_verify) {
if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
/*
* For the ECDH ciphersuites when the client sends its ECDH
@ -2619,7 +2619,7 @@ enum MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
goto f_err;
}
if (dh_clnt) {
s->no_cert_verify = 1;
s->statem.no_cert_verify = 1;
return MSG_PROCESS_CONTINUE_PROCESSING;
}
} else
@ -2697,7 +2697,7 @@ enum MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
goto err;
}
s->no_cert_verify = 1;
s->statem.no_cert_verify = 1;
} else {
/*
* Get client's public key from encoded point in the
@ -2854,7 +2854,7 @@ enum MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
/* Check if pubkey from client certificate was used */
if (EVP_PKEY_CTX_ctrl
(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
s->no_cert_verify = 1;
s->statem.no_cert_verify = 1;
EVP_PKEY_free(client_pub_pkey);
EVP_PKEY_CTX_free(pkey_ctx);
@ -2924,7 +2924,7 @@ enum WORK_STATE tls_post_process_client_key_exchange(SSL *s,
/* Are we renegotiating? */
&& s->renegotiate
/* Are we going to skip the CertificateVerify? */
&& (s->session->peer == NULL || s->no_cert_verify)
&& (s->session->peer == NULL || s->statem.no_cert_verify)
&& BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
s->s3->in_read_app_data = 2;
s->rwstate = SSL_READING;
@ -2937,7 +2937,7 @@ enum WORK_STATE tls_post_process_client_key_exchange(SSL *s,
}
#endif
if (s->no_cert_verify) {
if (s->statem.no_cert_verify) {
/* No certificate verify so we no longer need the handshake_buffer */
BIO_free(s->s3->handshake_buffer);
return WORK_FINISHED_CONTINUE;