Move send_cert_error_alert from hs mod to conn mod

send_cert_error_alert could be shared between tls server and tls client.
2023-02-23 15:34:49 +08:00 · 2023-02-23 15:34:49 +08:00 · 843e6fc02a
parent 383c96afa4
commit 843e6fc02a
4 changed files with 24 additions and 24 deletions
--- a/rustls/src/client/hs.rs
+++ b/rustls/src/client/hs.rs
@ -3,7 +3,7 @@ use crate::bs_debug;
 use crate::check::inappropriate_handshake_message;
 use crate::conn::{CommonState, ConnectionRandoms, State};
 use crate::enums::{CipherSuite, ProtocolVersion};
-use crate::error::{CertificateError, Error, PeerIncompatible, PeerMisbehaved};
+use crate::error::{Error, PeerIncompatible, PeerMisbehaved};
 use crate::hash_hs::HandshakeHashBuffer;
 use crate::kx;
 #[cfg(feature = "logging")]
@ -811,19 +811,3 @@ impl State<ClientConnectionData> for ExpectServerHelloOrHelloRetryRequest {
        }
    }
 }
-
-pub(super) fn send_cert_error_alert(common: &mut CommonState, err: Error) -> Error {
-    match err {
-        Error::InvalidCertificate(CertificateError::BadEncoding) => {
-            common.send_fatal_alert(AlertDescription::DecodeError);
-        }
-        Error::PeerMisbehaved(_) => {
-            common.send_fatal_alert(AlertDescription::IllegalParameter);
-        }
-        _ => {
-            common.send_fatal_alert(AlertDescription::BadCertificate);
-        }
-    };
-
-    err
-}
--- a/rustls/src/client/tls12.rs
+++ b/rustls/src/client/tls12.rs
@ -1,5 +1,5 @@
 use crate::check::{inappropriate_handshake_message, inappropriate_message};
-use crate::conn::{CommonState, ConnectionRandoms, Side, State};
+use crate::conn::{self, CommonState, ConnectionRandoms, Side, State};
 use crate::enums::ProtocolVersion;
 use crate::error::{Error, InvalidMessage, PeerMisbehaved};
 use crate::hash_hs::HandshakeHash;
@ -740,7 +740,7 @@ impl State<ClientConnectionData> for ExpectServerDone {
                &st.server_cert.ocsp_response,
                now,
            )
-            .map_err(|err| hs::send_cert_error_alert(cx.common, err))?;
+            .map_err(|err| conn::send_cert_error_alert(cx.common, err))?;

        // 3.
        // Build up the contents of the signed message.
@ -766,7 +766,7 @@ impl State<ClientConnectionData> for ExpectServerDone {
            st.config
                .verifier
                .verify_tls12_signature(&message, &st.server_cert.cert_chain[0], sig)
-                .map_err(|err| hs::send_cert_error_alert(cx.common, err))?
+                .map_err(|err| conn::send_cert_error_alert(cx.common, err))?
        };
        cx.common.peer_certificates = Some(st.server_cert.cert_chain);

--- a/rustls/src/client/tls13.rs
+++ b/rustls/src/client/tls13.rs
@ -3,7 +3,7 @@ use crate::check::inappropriate_handshake_message;
 use crate::conn::Protocol;
 #[cfg(feature = "secret_extraction")]
 use crate::conn::Side;
-use crate::conn::{CommonState, ConnectionRandoms, State};
+use crate::conn::{self, CommonState, ConnectionRandoms, State};
 use crate::enums::{ProtocolVersion, SignatureScheme};
 use crate::error::{Error, InvalidMessage, PeerIncompatible, PeerMisbehaved};
 use crate::hash_hs::{HandshakeHash, HandshakeHashBuffer};
@ -669,7 +669,7 @@ impl State<ClientConnectionData> for ExpectCertificateVerify {
                &self.server_cert.ocsp_response,
                now,
            )
-            .map_err(|err| hs::send_cert_error_alert(cx.common, err))?;
+            .map_err(|err| conn::send_cert_error_alert(cx.common, err))?;

        // 2. Verify their signature on the handshake.
        let handshake_hash = self.transcript.get_current_hash();
@ -681,7 +681,7 @@ impl State<ClientConnectionData> for ExpectCertificateVerify {
                &self.server_cert.cert_chain[0],
                cert_verify,
            )
-            .map_err(|err| hs::send_cert_error_alert(cx.common, err))?;
+            .map_err(|err| conn::send_cert_error_alert(cx.common, err))?;

        cx.common.peer_certificates = Some(self.server_cert.cert_chain);
        self.transcript.add_message(&m);
--- a/rustls/src/conn.rs
+++ b/rustls/src/conn.rs
@ -1,6 +1,6 @@
 use crate::enums::ProtocolVersion;
 use crate::error::{Error, InvalidMessage, PeerMisbehaved};
-use crate::key;
+use crate::{key, CertificateError};
 #[cfg(feature = "logging")]
 use crate::log::{debug, error, trace, warn};
 use crate::msgs::alert::AlertMessagePayload;
@ -1432,3 +1432,19 @@ pub trait SideData {}

 const DEFAULT_RECEIVED_PLAINTEXT_LIMIT: usize = 16 * 1024;
 const DEFAULT_BUFFER_LIMIT: usize = 64 * 1024;
+
+pub(crate) fn send_cert_error_alert(common: &mut CommonState, err: Error) -> Error {
+    match err {
+        Error::InvalidCertificate(CertificateError::BadEncoding) => {
+            common.send_fatal_alert(AlertDescription::DecodeError);
+        }
+        Error::PeerMisbehaved(_) => {
+            common.send_fatal_alert(AlertDescription::IllegalParameter);
+        }
+        _ => {
+            common.send_fatal_alert(AlertDescription::BadCertificate);
+        }
+    };
+
+    err
+}