Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 7934f08b263e31e68ba067e666268e42e8a4011d^! / . / ssl / ssl_lib.cc
commit7934f08b263e31e68ba067e666268e42e8a4011d[log] [tgz]
authorDavid Benjamin <davidben@google.com>Tue Aug 01 16:32:25 2017 -0400
committerCQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>Tue Aug 08 21:13:04 2017 +0000
tree77352381fe0b55eddb87700a672d01d3293b8a2e
parent8f94c31b19c688692d9afcffe3afb2f85391b125 [diff] [blame]
Replace init_msg/init_num with a get_message hook.

Rather than init_msg/init_num, there is a get_message function which
either returns success or try again. This function does not advance the
current message (see the previous preparatory change). It only completes
the current one if necessary.

Being idempotent means it may be freely placed at the top of states
which otherwise have other asychronous operations. It also eases
converting the TLS 1.2 state machine. See
https://docs.google.com/a/google.com/document/d/11n7LHsT3GwE34LAJIe3EFs4165TI4UR_3CqiM9LJVpI/edit?usp=sharing
for details.

The read_message hook (later to be replaced by something which doesn't
depend on BIO) intentionally does not finish the handshake, only "makes
progress". A follow-up change will align both TLS and DTLS on consuming
one handshake record and always consuming the entire record (so init_buf
may contain trailing data). In a few places I've gone ahead and
accounted for that case because it was more natural to do so.

This change also removes a couple pointers of redundant state from every
socket.

Bug: 128
Change-Id: I89d8f3622d3b53147d69ee3ac34bb654ed044a71
Reviewed-on: https://boringssl-review.googlesource.com/18806
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 1ca7a95..950bbf8 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc

@@ -833,7 +833,11 @@
   return SSL_do_handshake(ssl);
 }
 
-static int ssl_do_renegotiate(SSL *ssl) {
+static int ssl_do_post_handshake(SSL *ssl, const SSLMessage &msg) {
+  if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
+    return tls13_post_handshake(ssl, msg);
+  }
+
   /* We do not accept renegotiations as a server or SSL 3.0. SSL 3.0 will be
    * removed entirely in the future and requires retaining more data for
    * renegotiation_info. */
@@ -841,8 +845,7 @@
     goto no_renegotiation;
   }
 
-  if (ssl->s3->tmp.message_type != SSL3_MT_HELLO_REQUEST ||
-      ssl->init_num != 0) {
+  if (msg.type != SSL3_MT_HELLO_REQUEST || CBS_len(&msg.body) != 0) {
     ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
     OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_HELLO_REQUEST);
     return 0;
@@ -893,14 +896,6 @@
   return 0;
 }
 
-static int ssl_do_post_handshake(SSL *ssl) {
-  if (ssl3_protocol_version(ssl) < TLS1_3_VERSION) {
-    return ssl_do_renegotiate(ssl);
-  }
-
-  return tls13_post_handshake(ssl);
-}
-
 static int ssl_read_impl(SSL *ssl, void *buf, int num, int peek) {
   ssl_reset_error_state(ssl);
 
@@ -938,11 +933,14 @@
       continue;
     }
 
-    /* Handle the post-handshake message and try again. */
-    if (!ssl_do_post_handshake(ssl)) {
-      return -1;
+    SSLMessage msg;
+    while (ssl->method->get_message(ssl, &msg)) {
+      /* Handle the post-handshake message and try again. */
+      if (!ssl_do_post_handshake(ssl, msg)) {
+        return -1;
+      }
+      ssl->method->next_message(ssl);
     }
-    ssl->method->next_message(ssl);
   }
 }
 
@@ -2466,8 +2464,6 @@
 
   BUF_MEM_free(ssl->init_buf);
   ssl->init_buf = NULL;
-  ssl->init_msg = NULL;
-  ssl->init_num = 0;
 
   /* The ssl->d1->mtu is simultaneously configuration (preserved across
    * clear) and connection-specific state (gets reset).