lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-01 10:06:53 +03:00
Code Activity

Always call mbedtls_ssl_handshake_set_state

Browse Source 
Call a single function for all handshake state changes, for easier tracing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2025-03-07 15:09:32 +01:00
committed by Manuel Pégourié-Gonnard
parent 3623414113
commit 49f179d9c8
5 changed files with 61 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
library/ssl_misc.h
View File

@ -1333,12 +1333,18 @@ int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl); int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl);
void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl); void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl);
static inline void mbedtls_ssl_handshake_set_state(mbedtls_ssl_context *ssl, static inline void mbedtls_ssl_handshake_set_state(mbedtls_ssl_context *ssl,
mbedtls_ssl_states state) mbedtls_ssl_states state)
{ {
ssl->state = (int) state; ssl->state = (int) state;
} }
static inline void mbedtls_ssl_handshake_increment_state(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_handshake_set_state(ssl, ssl->state + 1);
}
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl); int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl);

4
library/ssl_msg.c
View File

@ -5318,7 +5318,7 @@ int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl)
ssl->out_msglen = 1; ssl->out_msglen = 1;
ssl->out_msg[0] = 1; ssl->out_msg[0] = 1;
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
@ -5380,7 +5380,7 @@ int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl)
mbedtls_ssl_update_in_pointers(ssl); mbedtls_ssl_update_in_pointers(ssl);
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse change cipher spec")); MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse change cipher spec"));

34
library/ssl_tls.c
View File

@ -1554,7 +1554,7 @@ int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial)
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ssl->state = MBEDTLS_SSL_HELLO_REQUEST; mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HELLO_REQUEST);
ssl->tls_version = ssl->conf->max_tls_version; ssl->tls_version = ssl->conf->max_tls_version;
mbedtls_ssl_session_reset_msg_layer(ssl, partial); mbedtls_ssl_session_reset_msg_layer(ssl, partial);
@ -4587,7 +4587,7 @@ int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl)
switch (ssl->state) { switch (ssl->state) {
case MBEDTLS_SSL_HELLO_REQUEST: case MBEDTLS_SSL_HELLO_REQUEST:
ssl->state = MBEDTLS_SSL_CLIENT_HELLO; mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO);
ret = 0; ret = 0;
break; break;
@ -4738,7 +4738,7 @@ int mbedtls_ssl_start_renegotiation(mbedtls_ssl_context *ssl)
} }
#endif #endif
ssl->state = MBEDTLS_SSL_HELLO_REQUEST; mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HELLO_REQUEST);
ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS; ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS;
if ((ret = mbedtls_ssl_handshake(ssl)) != 0) { if ((ret = mbedtls_ssl_handshake(ssl)) != 0) {
@ -5521,7 +5521,7 @@ static int ssl_context_load(mbedtls_ssl_context *ssl,
* Most of them already set to the correct value by mbedtls_ssl_init() and * Most of them already set to the correct value by mbedtls_ssl_init() and
* mbedtls_ssl_reset(), so we only need to set the remaining ones. * mbedtls_ssl_reset(), so we only need to set the remaining ones.
*/ */
ssl->state = MBEDTLS_SSL_HANDSHAKE_OVER; mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER);
ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
/* Adjust pointers for header fields of outgoing records to /* Adjust pointers for header fields of outgoing records to
@ -7576,7 +7576,7 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl)
if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) {
MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate")); MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate"));
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
return 0; return 0;
} }
@ -7593,7 +7593,7 @@ int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl)
if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) {
MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate")); MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate"));
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
return 0; return 0;
} }
@ -7616,7 +7616,7 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl)
if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) {
MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate")); MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate"));
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
return 0; return 0;
} }
@ -7624,7 +7624,7 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl)
if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
if (ssl->handshake->client_auth == 0) { if (ssl->handshake->client_auth == 0) {
MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate")); MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate"));
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
return 0; return 0;
} }
} }
@ -7678,7 +7678,7 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl)
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE; ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE;
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
@ -8136,7 +8136,7 @@ crt_verify:
exit: exit:
if (ret == 0) { if (ret == 0) {
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
} }
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
@ -8352,7 +8352,7 @@ void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl)
#endif #endif
mbedtls_ssl_handshake_wrapup_free_hs_transform(ssl); mbedtls_ssl_handshake_wrapup_free_hs_transform(ssl);
ssl->state = MBEDTLS_SSL_HANDSHAKE_OVER; mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER);
MBEDTLS_SSL_DEBUG_MSG(3, ("<= handshake wrapup")); MBEDTLS_SSL_DEBUG_MSG(3, ("<= handshake wrapup"));
} }
@ -8396,16 +8396,16 @@ int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl)
if (ssl->handshake->resume != 0) { if (ssl->handshake->resume != 0) {
#if defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_SSL_CLI_C)
if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP);
} }
#endif #endif
#if defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_SRV_C)
if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC);
} }
#endif #endif
} else { } else {
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
} }
/* /*
@ -8531,16 +8531,16 @@ int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl)
if (ssl->handshake->resume != 0) { if (ssl->handshake->resume != 0) {
#if defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_SSL_CLI_C)
if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC);
} }
#endif #endif
#if defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_SRV_C)
if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP);
} }
#endif #endif
} else { } else {
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
} }
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)

38
library/ssl_tls12_client.c
View File

@ -1163,7 +1163,7 @@ static int ssl_parse_hello_verify_request(mbedtls_ssl_context *ssl)
ssl->handshake->cookie_len = cookie_len; ssl->handshake->cookie_len = cookie_len;
/* Start over at ClientHello */ /* Start over at ClientHello */
ssl->state = MBEDTLS_SSL_CLIENT_HELLO; mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO);
ret = mbedtls_ssl_reset_checksum(ssl); ret = mbedtls_ssl_reset_checksum(ssl);
if (0 != ret) { if (0 != ret) {
MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_reset_checksum"), ret); MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_reset_checksum"), ret);
@ -1372,7 +1372,7 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl)
ssl->session_negotiate->ciphersuite != i || ssl->session_negotiate->ciphersuite != i ||
ssl->session_negotiate->id_len != n || ssl->session_negotiate->id_len != n ||
memcmp(ssl->session_negotiate->id, buf + 35, n) != 0) { memcmp(ssl->session_negotiate->id, buf + 35, n) != 0) {
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
ssl->handshake->resume = 0; ssl->handshake->resume = 0;
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
ssl->session_negotiate->start = mbedtls_time(NULL); ssl->session_negotiate->start = mbedtls_time(NULL);
@ -1381,7 +1381,7 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl)
ssl->session_negotiate->id_len = n; ssl->session_negotiate->id_len = n;
memcpy(ssl->session_negotiate->id, buf + 35, n); memcpy(ssl->session_negotiate->id, buf + 35, n);
} else { } else {
ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC);
} }
MBEDTLS_SSL_DEBUG_MSG(3, ("%s session has been resumed", MBEDTLS_SSL_DEBUG_MSG(3, ("%s session has been resumed",
@ -2091,7 +2091,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl)
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) { if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) {
MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange")); MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange"));
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
return 0; return 0;
} }
((void) p); ((void) p);
@ -2112,7 +2112,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl)
} }
MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange")); MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange"));
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
return 0; return 0;
} }
((void) p); ((void) p);
@ -2454,7 +2454,7 @@ start_processing:
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
exit: exit:
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server key exchange")); MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server key exchange"));
@ -2472,7 +2472,7 @@ static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl)
if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate request")); MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate request"));
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
return 0; return 0;
} }
@ -2499,7 +2499,7 @@ static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl)
if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate request")); MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate request"));
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
return 0; return 0;
} }
@ -2517,7 +2517,7 @@ static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl)
return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
} }
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
ssl->handshake->client_auth = ssl->handshake->client_auth =
(ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST); (ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST);
@ -2688,7 +2688,7 @@ static int ssl_parse_server_hello_done(mbedtls_ssl_context *ssl)
return MBEDTLS_ERR_SSL_DECODE_ERROR; return MBEDTLS_ERR_SSL_DECODE_ERROR;
} }
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
@ -3199,7 +3199,7 @@ ecdh_calc_secret:
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE; ssl->out_msg[0] = MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE;
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
@ -3228,7 +3228,7 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl)
if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify")); MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify"));
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
return 0; return 0;
} }
@ -3270,14 +3270,14 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl)
if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify")); MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify"));
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
return 0; return 0;
} }
if (ssl->handshake->client_auth == 0 || if (ssl->handshake->client_auth == 0 ||
mbedtls_ssl_own_cert(ssl) == NULL) { mbedtls_ssl_own_cert(ssl) == NULL) {
MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify")); MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify"));
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
return 0; return 0;
} }
@ -3359,7 +3359,7 @@ sign:
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_VERIFY; ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_VERIFY;
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
@ -3433,7 +3433,7 @@ static int ssl_parse_new_session_ticket(mbedtls_ssl_context *ssl)
/* We're not waiting for a NewSessionTicket message any more */ /* We're not waiting for a NewSessionTicket message any more */
ssl->handshake->new_session_ticket = 0; ssl->handshake->new_session_ticket = 0;
ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC);
/* /*
* Zero-length ticket means the server changed his mind and doesn't want * Zero-length ticket means the server changed his mind and doesn't want
@ -3494,13 +3494,13 @@ int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl)
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_SESSION_TICKETS)
if (ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC && if (ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC &&
ssl->handshake->new_session_ticket != 0) { ssl->handshake->new_session_ticket != 0) {
ssl->state = MBEDTLS_SSL_NEW_SESSION_TICKET; mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_NEW_SESSION_TICKET);
} }
#endif #endif
switch (ssl->state) { switch (ssl->state) {
case MBEDTLS_SSL_HELLO_REQUEST: case MBEDTLS_SSL_HELLO_REQUEST:
ssl->state = MBEDTLS_SSL_CLIENT_HELLO; mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO);
break; break;
/* /*
@ -3585,7 +3585,7 @@ int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl)
case MBEDTLS_SSL_FLUSH_BUFFERS: case MBEDTLS_SSL_FLUSH_BUFFERS:
MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done")); MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done"));
ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP);
break; break;
case MBEDTLS_SSL_HANDSHAKE_WRAPUP: case MBEDTLS_SSL_HANDSHAKE_WRAPUP:

34
library/ssl_tls12_server.c
View File

@ -1636,7 +1636,7 @@ have_ciphersuite:
ssl->session_negotiate->ciphersuite = ciphersuites[i]; ssl->session_negotiate->ciphersuite = ciphersuites[i];
ssl->handshake->ciphersuite_info = ciphersuite_info; ssl->handshake->ciphersuite_info = ciphersuite_info;
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
@ -2064,7 +2064,7 @@ static int ssl_write_hello_verify_request(mbedtls_ssl_context *ssl)
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST; ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST;
ssl->state = MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT; mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT);
if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
@ -2232,7 +2232,7 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl)
* New session, create a new session id, * New session, create a new session id,
* unless we're about to issue a session ticket * unless we're about to issue a session ticket
*/ */
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
ssl->session_negotiate->start = mbedtls_time(NULL); ssl->session_negotiate->start = mbedtls_time(NULL);
@ -2256,7 +2256,7 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl)
* Resuming a session * Resuming a session
*/ */
n = ssl->session_negotiate->id_len; n = ssl->session_negotiate->id_len;
ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC);
if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret); MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret);
@ -2382,7 +2382,7 @@ static int ssl_write_certificate_request(mbedtls_ssl_context *ssl)
if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate request")); MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate request"));
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
return 0; return 0;
} }
@ -2405,7 +2405,7 @@ static int ssl_write_certificate_request(mbedtls_ssl_context *ssl)
MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate request")); MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate request"));
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) { if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) {
@ -3252,7 +3252,7 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl)
/* Key exchanges not involving ephemeral keys don't use /* Key exchanges not involving ephemeral keys don't use
* ServerKeyExchange, so end here. */ * ServerKeyExchange, so end here. */
MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write server key exchange")); MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write server key exchange"));
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
return 0; return 0;
} }
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
@ -3306,7 +3306,7 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl)
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE; ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE;
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
@ -3328,7 +3328,7 @@ static int ssl_write_server_hello_done(mbedtls_ssl_context *ssl)
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO_DONE; ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO_DONE;
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
@ -4052,7 +4052,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl)
return ret; return ret;
} }
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse client key exchange")); MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse client key exchange"));
@ -4070,7 +4070,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl)
if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify"));
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
return 0; return 0;
} }
@ -4096,20 +4096,20 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl)
if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify"));
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
return 0; return 0;
} }
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
if (ssl->session_negotiate->peer_cert == NULL) { if (ssl->session_negotiate->peer_cert == NULL) {
MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify"));
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
return 0; return 0;
} }
#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
if (ssl->session_negotiate->peer_cert_digest == NULL) { if (ssl->session_negotiate->peer_cert_digest == NULL) {
MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify"));
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
return 0; return 0;
} }
#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
@ -4121,7 +4121,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl)
return ret; return ret;
} }
ssl->state++; mbedtls_ssl_handshake_increment_state(ssl);
/* Process the message contents */ /* Process the message contents */
if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE || if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ||
@ -4305,7 +4305,7 @@ int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl)
switch (ssl->state) { switch (ssl->state) {
case MBEDTLS_SSL_HELLO_REQUEST: case MBEDTLS_SSL_HELLO_REQUEST:
ssl->state = MBEDTLS_SSL_CLIENT_HELLO; mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO);
break; break;
/* /*
@ -4394,7 +4394,7 @@ int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl)
case MBEDTLS_SSL_FLUSH_BUFFERS: case MBEDTLS_SSL_FLUSH_BUFFERS:
MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done")); MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done"));
ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP);
break; break;
case MBEDTLS_SSL_HANDSHAKE_WRAPUP: case MBEDTLS_SSL_HANDSHAKE_WRAPUP: