Add outgoing messages to the handshake hash at set_handshake_header.

This avoids needing a should_add_to_finished_hash boolean on do_write. The
logic in do_write was a little awkward because do_write would be called
multiple times if the write took several iterations. This also gets complex if
DTLS retransmits are involved. (At a glance, it's not obvious the
BIO_CTRL_DGRAM_MTU_EXCEEDED case actually works.)

Doing it as the handshake message is being prepared avoids this concern. It
also gives a natural point for the extended master secret logic which needs to
do work after the finished hash has been sampled.

As a bonus, we can remove s->d1->retransmitting which was only used to deal
with this issue.

Change-Id: Ifedf23ee4a6c5e08f960d296a6eb1f337a16dc7a
Reviewed-on: https://boringssl-review.googlesource.com/2604
Reviewed-by: Adam Langley <agl@google.com>

1 files changed, 4 insertions, 7 deletions

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index ad63e636..1a97c400 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -943,7 +943,6 @@ const SSL3_ENC_METHOD SSLv3_enc_data = {
 	SSL3_HM_HEADER_LENGTH,
 	ssl3_set_handshake_header,
 	ssl3_handshake_write,
-	ssl3_add_to_finished_hash,
 	};
 
 int ssl3_num_ciphers(void)
@@ -974,16 +973,14 @@ void ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
 	l2n3(len, p);
 	s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
 	s->init_off = 0;
-	}
 
-int ssl3_handshake_write(SSL *s, enum should_add_to_finished_hash should_add_to_finished_hash)
-	{
-	return ssl3_do_write(s, SSL3_RT_HANDSHAKE, should_add_to_finished_hash);
+	/* Add the message to the handshake hash. */
+	ssl3_finish_mac(s, (uint8_t*) s->init_buf->data, s->init_num);
 	}
 
-void ssl3_add_to_finished_hash(SSL *s)
+int ssl3_handshake_write(SSL *s)
 	{
-	ssl3_finish_mac(s, (uint8_t*) s->init_buf->data, s->init_num);
+	return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
 	}
 
 int ssl3_new(SSL *s)