diff options
| author | David Benjamin <davidben@google.com> | 2016-07-27 21:20:08 +0300 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2016-07-29 01:52:47 +0300 |
| commit | 9fd9580137eec23ecb76d91cc58317308bfc8eb2 (patch) | |
| tree | bac8cff4d5b0c8c78744ab46e3b17eed34b5b53a | |
| parent | a9509489622fb532ad74efa5672cf03212a3fb5c (diff) | |
Remove ssl->s3->message_complete in favor of ssl->init_msg.
This was only used so we knew when we had a current message to discard
and when we didn't. With init_msg being tracked better, we can use that
instead.
As part of this, switch the V2ClientHello hack to not using
reuse_message. Otherwise we have to fill in init_msg and friends in two
places.
The next change will require that we have a better handle on the "is
there a current message" boolean.
BUG=83
Change-Id: I917efacbad10806d492bbe51eda74c0779084d60
Reviewed-on: https://boringssl-review.googlesource.com/8987
Reviewed-by: Adam Langley <agl@google.com>
| -rw-r--r-- | include/openssl/ssl.h | 4 | ||||
| -rw-r--r-- | ssl/s3_both.c | 28 | ||||
| -rw-r--r-- | ssl/tls_method.c | 1 |
3 files changed, 18 insertions, 15 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 22042f93..7875fe19 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -4297,10 +4297,6 @@ typedef struct ssl3_state_st { int message_type; - /* message_complete is one if the current message is complete and zero - * otherwise. */ - unsigned message_complete:1; - /* used to hold the new cipher we are going to use */ const SSL_CIPHER *new_cipher; diff --git a/ssl/s3_both.c b/ssl/s3_both.c index b0641e54..11555dd9 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -361,7 +361,7 @@ static int extend_handshake_buffer(SSL *ssl, size_t length) { return 1; } -static int read_v2_client_hello(SSL *ssl) { +static int read_v2_client_hello(SSL *ssl, int *out_is_v2_client_hello) { /* Read the first 5 bytes, the size of the TLS record header. This is * sufficient to detect a V2ClientHello and ensures that we never read beyond * the first record. */ @@ -389,6 +389,7 @@ static int read_v2_client_hello(SSL *ssl) { if ((p[0] & 0x80) == 0 || p[2] != SSL2_MT_CLIENT_HELLO || p[3] != SSL3_VERSION_MAJOR) { /* Not a V2ClientHello. */ + *out_is_v2_client_hello = 0; return 1; } @@ -506,13 +507,11 @@ static int read_v2_client_hello(SSL *ssl) { return -1; } - /* Mark the message for "re"-use. */ - ssl->s3->tmp.reuse_message = 1; - ssl->s3->tmp.message_complete = 1; - /* Consume and discard the V2ClientHello. */ ssl_read_buffer_consume(ssl, 2 + msg_length); ssl_read_buffer_discard(ssl); + + *out_is_v2_client_hello = 1; return 1; } @@ -530,10 +529,15 @@ again: if (ssl->server && !ssl->s3->v2_hello_done) { /* Bypass the record layer for the first message to handle V2ClientHello. */ assert(hash_message == ssl_hash_message); - int ret = read_v2_client_hello(ssl); + int is_v2_client_hello = 0; + int ret = read_v2_client_hello(ssl, &is_v2_client_hello); if (ret <= 0) { return ret; } + if (is_v2_client_hello) { + /* V2ClientHello is hashed separately. */ + hash_message = ssl_dont_hash_message; + } ssl->s3->v2_hello_done = 1; } @@ -542,12 +546,17 @@ again: * ssl_dont_hash_message would have to have been applied to the previous * call. */ assert(hash_message == ssl_hash_message); - assert(ssl->s3->tmp.message_complete); + assert(ssl->init_msg != NULL); ssl->s3->tmp.reuse_message = 0; hash_message = ssl_dont_hash_message; - } else if (ssl->s3->tmp.message_complete) { - ssl->s3->tmp.message_complete = 0; + } else if (ssl->init_msg != NULL) { + /* |init_buf| never contains data beyond the current message. */ + assert(SSL3_HM_HEADER_LENGTH + ssl->init_num == ssl->init_buf->length); + + /* Clear the current message. */ + ssl->init_msg = NULL; + ssl->init_num = 0; ssl->init_buf->length = 0; } @@ -574,7 +583,6 @@ again: } /* We have now received a complete message. */ - ssl->s3->tmp.message_complete = 1; ssl_do_msg_callback(ssl, 0 /* read */, ssl->version, SSL3_RT_HANDSHAKE, ssl->init_buf->data, ssl->init_buf->length); diff --git a/ssl/tls_method.c b/ssl/tls_method.c index cd6b4533..c11c452b 100644 --- a/ssl/tls_method.c +++ b/ssl/tls_method.c @@ -72,7 +72,6 @@ static uint16_t ssl3_version_to_wire(uint16_t version) { return version; } static void ssl3_finish_handshake(SSL *ssl) { BUF_MEM_free(ssl->init_buf); ssl->init_buf = NULL; - ssl->s3->tmp.message_complete = 0; ssl->init_msg = NULL; ssl->init_num = 0; |