commit 6505567172c132f1ffb12fa1bef0b11caa9c2c66
author David Benjamin <davidben@chromium.org> Sat Aug 22 12:49:30 2015 -0400
committer Adam Langley <agl@google.com> Fri Aug 28 22:05:53 2015 +0000
tree fdd3c7e947e499332640119405056cbfe9f41380
parent 621f95a3ead194342b1c33bfc636aec05f7b922f

Move peer_dh_tmp and peer_ecdh_tmp out of SESS_CERT.

Gets another field out of the SSL_SESSION.

Change-Id: I9a27255533f8e43e152808427466ec1306cfcc60
Reviewed-on: https://boringssl-review.googlesource.com/5756
Reviewed-by: Adam Langley <agl@google.com>

ssl/s3_clnt.c

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 1ed1507..b81b914 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1109,12 +1109,7 @@
   CBS_init(&server_key_exchange, s->init_msg, n);
   server_key_exchange_orig = server_key_exchange;
 
-  if (s->session->sess_cert != NULL) {
-    DH_free(s->session->sess_cert->peer_dh_tmp);
-    s->session->sess_cert->peer_dh_tmp = NULL;
-    EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
-    s->session->sess_cert->peer_ecdh_tmp = NULL;
-  } else {
+  if (s->session->sess_cert == NULL) {
     s->session->sess_cert = ssl_sess_cert_new();
     if (s->session->sess_cert == NULL) {
       return -1;
@@ -1191,7 +1186,8 @@
       OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_DH_P_LENGTH);
       goto err;
     }
-    s->session->sess_cert->peer_dh_tmp = dh;
+    DH_free(s->s3->tmp.peer_dh_tmp);
+    s->s3->tmp.peer_dh_tmp = dh;
     dh = NULL;
   } else if (alg_k & SSL_kECDHE) {
     uint16_t curve_id;
@@ -1244,7 +1240,8 @@
       goto f_err;
     }
     EC_KEY_set_public_key(ecdh, srvr_ecpoint);
-    s->session->sess_cert->peer_ecdh_tmp = ecdh;
+    EC_KEY_free(s->s3->tmp.peer_ecdh_tmp);
+    s->s3->tmp.peer_ecdh_tmp = ecdh;
     ecdh = NULL;
     BN_CTX_free(bn_ctx);
     bn_ctx = NULL;
@@ -1735,21 +1732,14 @@
       }
     } else if (alg_k & SSL_kDHE) {
       DH *dh_srvr, *dh_clnt;
-      SESS_CERT *scert = s->session->sess_cert;
       int dh_len;
       size_t pub_len;
 
-      if (scert == NULL) {
-        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
-        OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
-        goto err;
-      }
-
-      if (scert->peer_dh_tmp == NULL) {
+      if (s->s3->tmp.peer_dh_tmp == NULL) {
         OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
         goto err;
       }
-      dh_srvr = scert->peer_dh_tmp;
+      dh_srvr = s->s3->tmp.peer_dh_tmp;
 
       /* generate a new random key */
       dh_clnt = DHparams_dup(dh_srvr);
@@ -1791,18 +1781,12 @@
       EC_KEY *tkey;
       int field_size = 0, ecdh_len;
 
-      if (s->session->sess_cert == NULL) {
-        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
-        OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
-        goto err;
-      }
-
-      if (s->session->sess_cert->peer_ecdh_tmp == NULL) {
+      if (s->s3->tmp.peer_ecdh_tmp == NULL) {
         OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
         goto err;
       }
 
-      tkey = s->session->sess_cert->peer_ecdh_tmp;
+      tkey = s->s3->tmp.peer_ecdh_tmp;
 
       srvr_group = EC_KEY_get0_group(tkey);
       srvr_ecpoint = EC_KEY_get0_public_key(tkey);