lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-12-24 17:41:01 +03:00
Code Activity

Always call mbedtls_ssl_handshake_set_state

Browse Source 
Call a single function for all handshake state changes, for easier tracing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2025-03-07 15:09:32 +01:00
committed by Manuel Pégourié-Gonnard
parent 3b819cf22f
commit f670ba5e52
5 changed files with 60 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
library/ssl_tls12_client.c
View File

@@ -1118,7 +1118,7 @@ static int ssl_parse_hello_verify_request(mbedtls_ssl_context *ssl)
ssl->handshake->cookie_len = cookie_len;
/* Start over at ClientHello */
ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO);
ret = mbedtls_ssl_reset_checksum(ssl);
if (0 != ret) {
MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_reset_checksum"), ret);
@@ -1327,7 +1327,7 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl)
ssl->session_negotiate->ciphersuite != i ||
ssl->session_negotiate->id_len != n ||
memcmp(ssl->session_negotiate->id, buf + 35, n) != 0) {
ssl->state++;
mbedtls_ssl_handshake_increment_state(ssl);
ssl->handshake->resume = 0;
#if defined(MBEDTLS_HAVE_TIME)
ssl->session_negotiate->start = mbedtls_time(NULL);
@@ -1336,7 +1336,7 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl)
ssl->session_negotiate->id_len = n;
memcpy(ssl->session_negotiate->id, buf + 35, n);
} else {
ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC);
}
MBEDTLS_SSL_DEBUG_MSG(3, ("%s session has been resumed",
@@ -1839,7 +1839,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl)
}
MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange"));
ssl->state++;
mbedtls_ssl_handshake_increment_state(ssl);
return 0;
}
((void) p);
@@ -2147,7 +2147,7 @@ start_processing:
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
exit:
ssl->state++;
mbedtls_ssl_handshake_increment_state(ssl);
MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server key exchange"));
@@ -2165,7 +2165,7 @@ static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl)
if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate request"));
ssl->state++;
mbedtls_ssl_handshake_increment_state(ssl);
return 0;
}
@@ -2192,7 +2192,7 @@ static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl)
if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate request"));
ssl->state++;
mbedtls_ssl_handshake_increment_state(ssl);
return 0;
}
@@ -2210,7 +2210,7 @@ static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl)
return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
}
ssl->state++;
mbedtls_ssl_handshake_increment_state(ssl);
ssl->handshake->client_auth =
(ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST);
@@ -2381,7 +2381,7 @@ static int ssl_parse_server_hello_done(mbedtls_ssl_context *ssl)
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
ssl->state++;
mbedtls_ssl_handshake_increment_state(ssl);
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
@@ -2683,7 +2683,7 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl)
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE;
ssl->state++;
mbedtls_ssl_handshake_increment_state(ssl);
if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
@@ -2712,7 +2712,7 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl)
if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify"));
ssl->state++;
mbedtls_ssl_handshake_increment_state(ssl);
return 0;
}
@@ -2754,14 +2754,14 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl)
if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify"));
ssl->state++;
mbedtls_ssl_handshake_increment_state(ssl);
return 0;
}
if (ssl->handshake->client_auth == 0 ||
mbedtls_ssl_own_cert(ssl) == NULL) {
MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify"));
ssl->state++;
mbedtls_ssl_handshake_increment_state(ssl);
return 0;
}
@@ -2843,7 +2843,7 @@ sign:
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_VERIFY;
ssl->state++;
mbedtls_ssl_handshake_increment_state(ssl);
if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
@@ -2917,7 +2917,7 @@ static int ssl_parse_new_session_ticket(mbedtls_ssl_context *ssl)
/* We're not waiting for a NewSessionTicket message any more */
ssl->handshake->new_session_ticket = 0;
ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC);
/*
* Zero-length ticket means the server changed his mind and doesn't want
@@ -2978,13 +2978,13 @@ int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl)
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
if (ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC &&
ssl->handshake->new_session_ticket != 0) {
ssl->state = MBEDTLS_SSL_NEW_SESSION_TICKET;
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_NEW_SESSION_TICKET);
}
#endif
switch (ssl->state) {
case MBEDTLS_SSL_HELLO_REQUEST:
ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO);
break;
/*
@@ -3069,7 +3069,7 @@ int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl)
case MBEDTLS_SSL_FLUSH_BUFFERS:
MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done"));
ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP);
break;
case MBEDTLS_SSL_HANDSHAKE_WRAPUP: