Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 09eb655e5cb202878b831eadb30c92ab24960d4a^! / . / ssl / s3_both.c
commit09eb655e5cb202878b831eadb30c92ab24960d4a[log] [tgz]
authorDavid Benjamin <davidben@google.com>Fri Jul 08 14:32:11 2016 -0700
committerDavid Benjamin <davidben@google.com>Mon Jul 11 23:01:32 2016 +0000
treebb3e1a010f1fd5326d1ab4cb1823694e99baefbf
parent528bd26dd9a7db0162ff797d19a8e64e21f9817f [diff] [blame]
Simplify ssl_get_message somewhat.

It still places the current message all over the place, but remove the
bizarre init_num/error/ok split. Now callers get the message length out
of init_num, which mirrors init_msg. Also fix some signedness.

Change-Id: Ic2e97b6b99e234926504ff217b8aedae85ba6596
Reviewed-on: https://boringssl-review.googlesource.com/8690
Reviewed-by: David Benjamin <davidben@google.com>

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 42ec70e..b5c2ed5 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c

@@ -261,15 +261,11 @@
 }
 
 int ssl3_get_finished(SSL *ssl) {
-  int al, finished_len, ok;
-  long message_len;
-  uint8_t *p;
-
-  message_len = ssl->method->ssl_get_message(ssl, SSL3_MT_FINISHED,
-                                             ssl_dont_hash_message, &ok);
-
-  if (!ok) {
-    return message_len;
+  int al;
+  int ret = ssl->method->ssl_get_message(ssl, SSL3_MT_FINISHED,
+                                         ssl_dont_hash_message);
+  if (ret <= 0) {
+    return ret;
   }
 
   /* Snapshot the finished hash before incorporating the new message. */
@@ -278,17 +274,15 @@
     goto err;
   }
 
-  p = ssl->init_msg;
-  finished_len = ssl->s3->tmp.peer_finish_md_len;
-
-  if (finished_len != message_len) {
+  size_t finished_len = ssl->s3->tmp.peer_finish_md_len;
+  if (finished_len != ssl->init_num) {
     al = SSL_AD_DECODE_ERROR;
     OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_DIGEST_LENGTH);
     goto f_err;
   }
 
   int finished_ret =
-      CRYPTO_memcmp(p, ssl->s3->tmp.peer_finish_md, finished_len);
+      CRYPTO_memcmp(ssl->init_msg, ssl->s3->tmp.peer_finish_md, finished_len);
 #if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
   finished_ret = 0;
 #endif
@@ -516,12 +510,8 @@
   return 1;
 }
 
-/* Obtain handshake message of message type |msg_type| (any if |msg_type| ==
- * -1). */
-long ssl3_get_message(SSL *ssl, int msg_type,
-                      enum ssl_hash_message_t hash_message, int *ok) {
-  *ok = 0;
-
+int ssl3_get_message(SSL *ssl, int msg_type,
+                     enum ssl_hash_message_t hash_message) {
 again:
   if (ssl->server && !ssl->s3->v2_hello_done) {
     /* Bypass the record layer for the first message to handle V2ClientHello. */
@@ -601,8 +591,7 @@
     return -1;
   }
 
-  *ok = 1;
-  return ssl->init_num;
+  return 1;
 }
 
 int ssl3_hash_current_message(SSL *ssl) {