Remove SSL_state and SSL_set_state

SSL_state has been replaced by SSL_get_state and SSL_set_state is no longer supported. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-05 10:49:15 +01:00 · 2015-10-05 10:49:15 +01:00 · 5998e29035
commit 5998e29035
parent a71a4966a3
7 changed files with 16 additions and 25 deletions
--- a/14
+++ b/14
@ -7,12 +7,14 @@
  *) State machine rewrite. The state machine code has been significantly
     refactored in order to remove much duplication of code and solve issues
     with the old code (see ssl/statem/README for further details). This change
-     does have some associated API changes. Notably SSL_get_state/SSL_state now
-     returns an "OSSL_HANDSHAKE_STATE" instead of an int. The previous handshake
-     states defined in ssl.h and ssl3.h have been redefined to be the nearest
-     equivalent OSS_HANDSHAKE_STATE value. Not all states have an equivalent
-     value, (e.g. SSL_ST_CW_FLUSH). New application code should not use the old
-     handshake state values, but should instead use OSSL_HANDSHAKE_STATE.
+     does have some associated API changes. Notably the SSL_state() function
+     has been removed and replaced by SSL_get_state which now returns an
+     "OSSL_HANDSHAKE_STATE" instead of an int. SSL_set_state() has been removed
+     altogether. The previous handshake states defined in ssl.h and ssl3.h have
+     been redefined to be the nearest equivalent OSS_HANDSHAKE_STATE value. Not
+     all states have an equivalent value, (e.g. SSL_ST_CW_FLUSH). New
+     application code should not use the old handshake state values, but should
+     instead use OSSL_HANDSHAKE_STATE.
     [Matt Caswell]

  *) The demo files in crypto/threads were moved to demo/threads.
--- a/apps/s_server.c
+++ b/apps/s_server.c
@ -2428,7 +2428,7 @@ static int init_ssl_connection(SSL *con)
 #ifdef CERT_CB_TEST_RETRY
    {
        while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP
-               && SSL_state(con) == TLS_ST_SR_CLNT_HELLO) {
+               && SSL_get_state(con) == TLS_ST_SR_CLNT_HELLO) {
            BIO_printf(bio_err,
                       "LOOKUP from certificate callback during accept\n");
            i = SSL_accept(con);
--- a/doc/ssl/ssl.pod
+++ b/doc/ssl/ssl.pod
@ -624,7 +624,7 @@ success or 0 on failure.

 =item int B<SSL_shutdown>(SSL *ssl);

-=item OSSL_HANDSHAKE_STATE B<SSL_state>(const SSL *ssl);
+=item OSSL_HANDSHAKE_STATE B<SSL_get_state>(const SSL *ssl);

 Returns the current handshake state.

--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@ -1006,7 +1006,6 @@ typedef enum {
 # define SSL_CB_HANDSHAKE_DONE           0x20

 /* Is the SSL_connection established? */
-# define SSL_get_state(a)                SSL_state(a)
 # define SSL_in_connect_init(a)          (SSL_in_init(a) && !SSL_is_server(a))
 # define SSL_in_accept_init(a)           (SSL_in_init(a) && SSL_is_server(a))
 int SSL_in_init(SSL *s);
@ -1700,8 +1699,7 @@ void SSL_set_info_callback(SSL *ssl,
                           void (*cb) (const SSL *ssl, int type, int val));
 void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type,
                                               int val);
-__owur OSSL_HANDSHAKE_STATE SSL_state(const SSL *ssl);
-void SSL_set_state(SSL *ssl, OSSL_HANDSHAKE_STATE state);
+__owur OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl);

 void SSL_set_verify_result(SSL *ssl, long v);
 __owur long SSL_get_verify_result(const SSL *ssl);
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@ -283,8 +283,8 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
 #ifndef OPENSSL_NO_SCTP
    /* Store bio_dgram_sctp_rcvinfo struct */
    if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
-        (SSL_state(s) == TLS_ST_SR_FINISHED
-         || SSL_state(s) == TLS_ST_CR_FINISHED)) {
+        (SSL_get_state(s) == TLS_ST_SR_FINISHED
+         || SSL_get_state(s) == TLS_ST_CR_FINISHED)) {
        BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO,
                 sizeof(rdata->recordinfo), &rdata->recordinfo);
    }
--- a/ssl/ssl_stat.c
+++ b/ssl/ssl_stat.c
@ -93,7 +93,7 @@ const char *SSL_state_string_long(const SSL *s)
        return "error";
    }

-    switch (SSL_state(s)) {
+    switch (SSL_get_state(s)) {
    case TLS_ST_BEFORE:
        str = "before SSL initialization";
        break;
@ -208,7 +208,7 @@ const char *SSL_state_string(const SSL *s)
        return "SSLERR";
    }

-    switch (SSL_state(s)) {
+    switch (SSL_get_state(s)) {
    case TLS_ST_BEFORE:
        str = "PINIT ";
        break;
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@ -110,20 +110,11 @@ static enum SUB_STATE_RETURN read_state_machine(SSL *s);
 static void init_write_state_machine(SSL *s);
 static enum SUB_STATE_RETURN write_state_machine(SSL *s);

-OSSL_HANDSHAKE_STATE SSL_state(const SSL *ssl)
+OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl)
 {
    return ssl->statem.hand_state;
 }

-void SSL_set_state(SSL *ssl, OSSL_HANDSHAKE_STATE state)
-{
-    /*
-     * This function seems like a really bad idea. Should we remove it
-     * completely?
-     */
-    ssl->statem.hand_state = state;
-}
-
 int SSL_in_init(SSL *s)
 {
    return s->statem.in_init;