diff options
| author | David Benjamin <davidben@google.com> | 2016-09-20 03:15:07 +0300 |
|---|---|---|
| committer | CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> | 2016-09-21 21:55:27 +0300 |
| commit | c027999c28db2f448ea5795798080f6a5aaa01d6 (patch) | |
| tree | d1fcf0e0da7e40bac904f29919d32f8be68b932d | |
| parent | d2ba8891e07522396efc7bca00a12e3cc37e6ba0 (diff) | |
Take the version parameter out of ssl_do_msg_callback.
This will make it a little easier to store the normalized version rather
than the wire version. Also document the V2ClientHello behavior.
Change-Id: I5ce9ccce44ca48be2e60ddf293c0fab6bba1356e
Reviewed-on: https://boringssl-review.googlesource.com/11121
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
| -rw-r--r-- | include/openssl/ssl.h | 5 | ||||
| -rw-r--r-- | ssl/d1_both.c | 12 | ||||
| -rw-r--r-- | ssl/d1_pkt.c | 8 | ||||
| -rw-r--r-- | ssl/dtls_record.c | 4 | ||||
| -rw-r--r-- | ssl/internal.h | 2 | ||||
| -rw-r--r-- | ssl/s3_both.c | 8 | ||||
| -rw-r--r-- | ssl/s3_pkt.c | 8 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 25 | ||||
| -rw-r--r-- | ssl/tls_record.c | 6 |
9 files changed, 48 insertions, 30 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 256e3a03..c68dc12c 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2801,7 +2801,10 @@ OPENSSL_EXPORT void SSL_get_structure_sizes(size_t *ssl_size, * For each handshake message, ChangeCipherSpec, and alert, |version| is the * protocol version and |content_type| is the corresponding record type. The * |len| bytes from |buf| contain the handshake message, one-byte - * ChangeCipherSpec body, and two-byte alert, respectively. */ + * ChangeCipherSpec body, and two-byte alert, respectively. + * + * For a V2ClientHello, |version| is |SSL2_VERSION|, |content_type| is zero, and + * the |len| bytes from |buf| contain the V2ClientHello structure. */ OPENSSL_EXPORT void SSL_CTX_set_msg_callback( SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 5ea29da4..7bb2de28 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -437,8 +437,8 @@ int dtls1_get_message(SSL *ssl, int msg_type, return -1; } - ssl_do_msg_callback(ssl, 0 /* read */, ssl->version, SSL3_RT_HANDSHAKE, - frag->data, ssl->init_num + DTLS1_HM_HEADER_LENGTH); + ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_HANDSHAKE, frag->data, + ssl->init_num + DTLS1_HM_HEADER_LENGTH); return 1; } @@ -567,9 +567,8 @@ static int dtls1_write_change_cipher_spec(SSL *ssl, return ret; } - ssl_do_msg_callback(ssl, 1 /* write */, ssl->version, - SSL3_RT_CHANGE_CIPHER_SPEC, kChangeCipherSpec, - sizeof(kChangeCipherSpec)); + ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_CHANGE_CIPHER_SPEC, + kChangeCipherSpec, sizeof(kChangeCipherSpec)); return 1; } @@ -667,8 +666,7 @@ static int dtls1_do_handshake_write(SSL *ssl, size_t *out_offset, offset += todo; } while (CBS_len(&body) != 0); - ssl_do_msg_callback(ssl, 1 /* write */, ssl->version, SSL3_RT_HANDSHAKE, in, - len); + ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_HANDSHAKE, in, len); ret = 1; diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 574fd4cd..099de5db 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -312,8 +312,8 @@ again: return -1; } - ssl_do_msg_callback(ssl, 0 /* read */, ssl->version, - SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, rr->length); + ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, + rr->length); rr->length = 0; ssl_read_buffer_discard(ssl); @@ -409,8 +409,8 @@ int dtls1_dispatch_alert(SSL *ssl) { BIO_flush(ssl->wbio); } - ssl_do_msg_callback(ssl, 1 /* write */, ssl->version, SSL3_RT_ALERT, - ssl->s3->send_alert, 2); + ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_ALERT, ssl->s3->send_alert, + 2); int alert = (ssl->s3->send_alert[0] << 8) | ssl->s3->send_alert[1]; ssl_do_info_callback(ssl, SSL_CB_WRITE_ALERT, alert); diff --git a/ssl/dtls_record.c b/ssl/dtls_record.c index e784e556..ffe4053e 100644 --- a/ssl/dtls_record.c +++ b/ssl/dtls_record.c @@ -198,7 +198,7 @@ enum ssl_open_record_t dtls_open_record(SSL *ssl, uint8_t *out_type, CBS *out, return ssl_open_record_discard; } - ssl_do_msg_callback(ssl, 0 /* read */, 0, SSL3_RT_HEADER, in, + ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_HEADER, in, DTLS1_RT_HEADER_LENGTH); uint16_t epoch = (((uint16_t)sequence[0]) << 8) | sequence[1]; @@ -302,7 +302,7 @@ int dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out, *out_len = DTLS1_RT_HEADER_LENGTH + ciphertext_len; - ssl_do_msg_callback(ssl, 1 /* write */, 0, SSL3_RT_HEADER, out, + ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_HEADER, out, DTLS1_RT_HEADER_LENGTH); return 1; diff --git a/ssl/internal.h b/ssl/internal.h index 0bc0b8ed..bdb392c9 100644 --- a/ssl/internal.h +++ b/ssl/internal.h @@ -683,7 +683,7 @@ void dtls_clear_outgoing_messages(SSL *ssl); void ssl_do_info_callback(const SSL *ssl, int type, int value); /* ssl_do_msg_callback calls |ssl|'s message callback, if set. */ -void ssl_do_msg_callback(SSL *ssl, int is_write, int version, int content_type, +void ssl_do_msg_callback(SSL *ssl, int is_write, int content_type, const void *buf, size_t len); diff --git a/ssl/s3_both.c b/ssl/s3_both.c index 23cda928..e77e8ca6 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -181,7 +181,7 @@ static int ssl3_do_write(SSL *ssl, int type, const uint8_t *data, size_t len) { /* ssl3_write_bytes writes the data in its entirety. */ assert((size_t)ret == len); - ssl_do_msg_callback(ssl, 1 /* write */, ssl->version, type, data, len); + ssl_do_msg_callback(ssl, 1 /* write */, type, data, len); return 1; } @@ -477,7 +477,7 @@ static int read_v2_client_hello(SSL *ssl, int *out_is_v2_client_hello) { return -1; } - ssl_do_msg_callback(ssl, 0 /* read */, SSL2_VERSION, 0, + ssl_do_msg_callback(ssl, 0 /* read */, 0 /* V2ClientHello */, CBS_data(&v2_client_hello), CBS_len(&v2_client_hello)); uint8_t msg_type; @@ -631,8 +631,8 @@ again: } /* We have now received a complete message. */ - ssl_do_msg_callback(ssl, 0 /* read */, ssl->version, SSL3_RT_HANDSHAKE, - ssl->init_buf->data, ssl->init_buf->length); + ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_HANDSHAKE, ssl->init_buf->data, + ssl->init_buf->length); ssl->s3->tmp.message_type = ((const uint8_t *)ssl->init_buf->data)[0]; ssl->init_msg = (uint8_t*)ssl->init_buf->data + SSL3_HM_HEADER_LENGTH; diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index b1a6aa99..fda9a251 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -407,8 +407,8 @@ int ssl3_read_change_cipher_spec(SSL *ssl) { return -1; } - ssl_do_msg_callback(ssl, 0 /* read */, ssl->version, - SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, rr->length); + ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, + rr->length); rr->length = 0; ssl_read_buffer_discard(ssl); @@ -487,8 +487,8 @@ int ssl3_dispatch_alert(SSL *ssl) { BIO_flush(ssl->wbio); } - ssl_do_msg_callback(ssl, 1 /* write */, ssl->version, SSL3_RT_ALERT, - ssl->s3->send_alert, 2); + ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_ALERT, ssl->s3->send_alert, + 2); int alert = (ssl->s3->send_alert[0] << 8) | ssl->s3->send_alert[1]; ssl_do_info_callback(ssl, SSL_CB_WRITE_ALERT, alert); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index aa039992..3e27f37d 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2913,12 +2913,29 @@ void ssl_do_info_callback(const SSL *ssl, int type, int value) { } } -void ssl_do_msg_callback(SSL *ssl, int is_write, int version, int content_type, +void ssl_do_msg_callback(SSL *ssl, int is_write, int content_type, const void *buf, size_t len) { - if (ssl->msg_callback != NULL) { - ssl->msg_callback(is_write, version, content_type, buf, len, ssl, - ssl->msg_callback_arg); + if (ssl->msg_callback == NULL) { + return; } + + /* |version| is zero when calling for |SSL3_RT_HEADER| and |SSL2_VERSION| for + * a V2ClientHello. */ + int version; + switch (content_type) { + case 0: + /* V2ClientHello */ + version = SSL2_VERSION; + break; + case SSL3_RT_HEADER: + version = 0; + break; + default: + version = ssl->version; + } + + ssl->msg_callback(is_write, version, content_type, buf, len, ssl, + ssl->msg_callback_arg); } int SSL_CTX_sess_connect(const SSL_CTX *ctx) { return 0; } diff --git a/ssl/tls_record.c b/ssl/tls_record.c index 8915b391..7041ce34 100644 --- a/ssl/tls_record.c +++ b/ssl/tls_record.c @@ -232,7 +232,7 @@ enum ssl_open_record_t tls_open_record(SSL *ssl, uint8_t *out_type, CBS *out, return ssl_open_record_partial; } - ssl_do_msg_callback(ssl, 0 /* read */, 0, SSL3_RT_HEADER, in, + ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_HEADER, in, SSL3_RT_HEADER_LENGTH); /* Decrypt the body in-place. */ @@ -349,7 +349,7 @@ static int do_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, *out_len = SSL3_RT_HEADER_LENGTH + ciphertext_len; - ssl_do_msg_callback(ssl, 1 /* write */, 0, SSL3_RT_HEADER, out, + ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_HEADER, out, SSL3_RT_HEADER_LENGTH); return 1; } @@ -414,7 +414,7 @@ enum ssl_open_record_t ssl_process_alert(SSL *ssl, uint8_t *out_alert, return ssl_open_record_error; } - ssl_do_msg_callback(ssl, 0 /* read */, ssl->version, SSL3_RT_ALERT, in, in_len); + ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_ALERT, in, in_len); const uint8_t alert_level = in[0]; const uint8_t alert_descr = in[1]; |