Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 9550c3ac8bd549412dbddea18badb45b11fa14bd^! / . / ssl / t1_enc.c
commit9550c3ac8bd549412dbddea18badb45b11fa14bd[log] [tgz]
authorDavid Benjamin <davidben@chromium.org>Wed Aug 05 08:50:34 2015 -0400
committerAdam Langley <agl@google.com>Fri Aug 07 01:10:33 2015 +0000
tree69b641785839fb8f5c84cf34d8f009ce16368ed5
parent5055c7670907a84b8769c3ab2558260748e8893e [diff] [blame]
Decouple the handshake buffer and digest.

The handshake hash is initialized from the buffer as soon as the cipher
is known. When adding a message to the transcript, independently update
the buffer and rolling hash, whichever is active. This avoids the
complications around dont_free_handshake_buffer and EMS.

BUG=492371

Change-Id: I3b1065796a50fd1be5d42ead7210c2f253ef0aca
Reviewed-on: https://boringssl-review.googlesource.com/5615
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 0aa4d1a..febd54d 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c

@@ -473,11 +473,6 @@
   EVP_MD_CTX ctx, *d = NULL;
   int i;
 
-  if (s->s3->handshake_buffer &&
-      !ssl3_digest_cached_records(s, free_handshake_buffer)) {
-    return 0;
-  }
-
   for (i = 0; i < SSL_MAX_DIGEST; i++) {
     if (s->s3->handshake_dgst[i] &&
         EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) {
@@ -554,14 +549,8 @@
   int digests_len;
 
   /* At this point, the handshake should have released the handshake buffer on
-   * its own.
-   * TODO(davidben): Apart from initialization, the handshake buffer should be
-   * orthogonal to the handshake digest. https://crbug.com/492371 */
+   * its own. */
   assert(s->s3->handshake_buffer == NULL);
-  if (s->s3->handshake_buffer &&
-      !ssl3_digest_cached_records(s, free_handshake_buffer)) {
-    return 0;
-  }
 
   digests_len = tls1_handshake_digest(s, buf, sizeof(buf));
   if (digests_len < 0) {
@@ -586,21 +575,7 @@
                                 size_t premaster_len) {
   if (s->s3->tmp.extended_master_secret) {
     uint8_t digests[2 * EVP_MAX_MD_SIZE];
-    int digests_len;
-
-    /* The master secret is based on the handshake hash just after sending the
-     * ClientKeyExchange. However, we might have a client certificate to send,
-     * in which case we might need different hashes for the verification and
-     * thus still need the handshake buffer around. Keeping both a handshake
-     * buffer *and* running hashes isn't yet supported so, when it comes to
-     * calculating the Finished hash, we'll have to hash the handshake buffer
-     * again. */
-    if (s->s3->handshake_buffer &&
-        !ssl3_digest_cached_records(s, dont_free_handshake_buffer)) {
-      return 0;
-    }
-
-    digests_len = tls1_handshake_digest(s, digests, sizeof(digests));
+    int digests_len = tls1_handshake_digest(s, digests, sizeof(digests));
     if (digests_len == -1) {
       return 0;
     }