Remove ssl_hash_message_t from ssl_get_message.
Move to explicit hashing everywhere, matching TLS 1.2 with TLS 1.3. The
ssl_get_message calls between all the handshake states are now all
uniform so, when we're ready, we can rewire the TLS 1.2 state machine to
look like the TLS 1.3 one. (ssl_get_message calls become an
ssl_hs_read_message transition, reuse_message becomes an ssl_hs_ok
transition.)
This avoids some nuisance in processing the ServerHello at the 1.2 / 1.3
transition.
The downside of explicit hashing is we may forget to hash something, but
this will fail to interop with our tests and anyone else, so we should
be able to catch it.
BUG=128
Change-Id: I01393943b14dfaa98eec2a78f62c3a41c29b3a0e
Reviewed-on: https://boringssl-review.googlesource.com/13266
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 96bae41..48a5c54 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -395,16 +395,11 @@
return 1;
}
-int dtls1_get_message(SSL *ssl, enum ssl_hash_message_t hash_message) {
+int dtls1_get_message(SSL *ssl) {
if (ssl->s3->tmp.reuse_message) {
- /* A ssl_dont_hash_message call cannot be combined with reuse_message; the
- * ssl_dont_hash_message would have to have been applied to the previous
- * call. */
- assert(hash_message == ssl_hash_message);
+ /* There must be a current message. */
assert(ssl->init_msg != NULL);
-
ssl->s3->tmp.reuse_message = 0;
- hash_message = ssl_dont_hash_message;
} else {
dtls1_release_current_message(ssl, 0 /* don't free buffer */);
}
@@ -429,10 +424,6 @@
ssl->init_msg = frag->data + DTLS1_HM_HEADER_LENGTH;
ssl->init_num = frag->msg_len;
- if (hash_message == ssl_hash_message && !ssl_hash_current_message(ssl)) {
- return -1;
- }
-
ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_HANDSHAKE, frag->data,
ssl->init_num + DTLS1_HM_HEADER_LENGTH);
return 1;