external/boringssl: Sync to 348f0d8db9c2a0eca0503ba654020209c579d552.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/9bbdf5832de8a2d395303c669b594fc61c791f4d..348f0d8db9c2a0eca0503ba654020209c579d552
Test: BoringSSL CTS Presubmits.
Change-Id: I69a8590da0c89a0d66446775fd669e206a46308a
diff --git a/src/ssl/handshake_server.cc b/src/ssl/handshake_server.cc
index 47fdc61..2d5b85e 100644
--- a/src/ssl/handshake_server.cc
+++ b/src/ssl/handshake_server.cc
@@ -172,7 +172,7 @@
namespace bssl {
-static int ssl3_process_client_hello(SSL_HANDSHAKE *hs);
+static int ssl3_read_client_hello(SSL_HANDSHAKE *hs);
static int ssl3_select_certificate(SSL_HANDSHAKE *hs);
static int ssl3_select_parameters(SSL_HANDSHAKE *hs);
static int ssl3_send_server_hello(SSL_HANDSHAKE *hs);
@@ -203,7 +203,7 @@
break;
case SSL3_ST_SR_CLNT_HELLO_A:
- ret = ssl->method->ssl_get_message(ssl);
+ ret = ssl3_read_client_hello(hs);
if (ret <= 0) {
goto end;
}
@@ -211,24 +211,16 @@
break;
case SSL3_ST_SR_CLNT_HELLO_B:
- ret = ssl3_process_client_hello(hs);
- if (ret <= 0) {
- goto end;
- }
- hs->state = SSL3_ST_SR_CLNT_HELLO_C;
- break;
-
- case SSL3_ST_SR_CLNT_HELLO_C:
ret = ssl3_select_certificate(hs);
if (ret <= 0) {
goto end;
}
if (hs->state != SSL_ST_TLS13) {
- hs->state = SSL3_ST_SR_CLNT_HELLO_D;
+ hs->state = SSL3_ST_SR_CLNT_HELLO_C;
}
break;
- case SSL3_ST_SR_CLNT_HELLO_D:
+ case SSL3_ST_SR_CLNT_HELLO_C:
ret = ssl3_select_parameters(hs);
if (ret <= 0) {
goto end;
@@ -304,7 +296,6 @@
break;
case SSL3_ST_SR_KEY_EXCH_A:
- case SSL3_ST_SR_KEY_EXCH_B:
ret = ssl3_get_client_key_exchange(hs);
if (ret <= 0) {
goto end;
@@ -418,7 +409,6 @@
case SSL_ST_OK:
ssl->method->on_handshake_complete(ssl);
- ssl->method->release_current_message(ssl, 1 /* free_buffer */);
/* If we aren't retaining peer certificates then we can discard it
* now. */
@@ -687,15 +677,19 @@
return nullptr;
}
-static int ssl3_process_client_hello(SSL_HANDSHAKE *hs) {
+static int ssl3_read_client_hello(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
- if (!ssl_check_message_type(ssl, SSL3_MT_CLIENT_HELLO)) {
+ SSLMessage msg;
+ int ret = ssl_read_message(ssl, &msg);
+ if (ret <= 0) {
+ return ret;
+ }
+ if (!ssl_check_message_type(ssl, msg, SSL3_MT_CLIENT_HELLO)) {
return -1;
}
SSL_CLIENT_HELLO client_hello;
- if (!ssl_client_hello_init(ssl, &client_hello, ssl->init_msg,
- ssl->init_num)) {
+ if (!ssl_client_hello_init(ssl, &client_hello, msg)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return -1;
@@ -760,6 +754,12 @@
static int ssl3_select_certificate(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
+ SSLMessage msg;
+ int ret = ssl_read_message(ssl, &msg);
+ if (ret <= 0) {
+ return ret;
+ }
+
/* Call |cert_cb| to update server certificates if required. */
if (ssl->cert->cert_cb != NULL) {
int rv = ssl->cert->cert_cb(ssl, ssl->cert->cert_cb_arg);
@@ -786,8 +786,7 @@
}
SSL_CLIENT_HELLO client_hello;
- if (!ssl_client_hello_init(ssl, &client_hello, ssl->init_msg,
- ssl->init_num)) {
+ if (!ssl_client_hello_init(ssl, &client_hello, msg)) {
return -1;
}
@@ -806,9 +805,13 @@
static int ssl3_select_parameters(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
+ SSLMessage msg;
+ int ret = ssl_read_message(ssl, &msg);
+ if (ret <= 0) {
+ return ret;
+ }
SSL_CLIENT_HELLO client_hello;
- if (!ssl_client_hello_init(ssl, &client_hello, ssl->init_msg,
- ssl->init_num)) {
+ if (!ssl_client_hello_init(ssl, &client_hello, msg)) {
return -1;
}
@@ -914,9 +917,8 @@
/* Now that all parameters are known, initialize the handshake hash and hash
* the ClientHello. */
- if (!hs->transcript.InitHash(ssl3_protocol_version(ssl),
- hs->new_cipher->algorithm_prf) ||
- !ssl_hash_current_message(hs)) {
+ if (!hs->transcript.InitHash(ssl3_protocol_version(ssl), hs->new_cipher) ||
+ !ssl_hash_message(hs, msg)) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return -1;
}
@@ -926,6 +928,7 @@
hs->transcript.FreeBuffer();
}
+ ssl->method->next_message(ssl);
return 1;
}
@@ -1177,14 +1180,15 @@
SSL *const ssl = hs->ssl;
assert(hs->cert_request);
- int msg_ret = ssl->method->ssl_get_message(ssl);
- if (msg_ret <= 0) {
- return msg_ret;
+ SSLMessage msg;
+ int ret = ssl_read_message(ssl, &msg);
+ if (ret <= 0) {
+ return ret;
}
- if (ssl->s3->tmp.message_type != SSL3_MT_CERTIFICATE) {
+ if (msg.type != SSL3_MT_CERTIFICATE) {
if (ssl->version == SSL3_VERSION &&
- ssl->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
+ msg.type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
/* In SSL 3.0, the Certificate message is omitted to signal no
* certificate. */
if (ssl->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
@@ -1196,7 +1200,6 @@
/* OpenSSL returns X509_V_OK when no certificates are received. This is
* classed by them as a bug, but it's assumed by at least NGINX. */
hs->new_session->verify_result = X509_V_OK;
- ssl->s3->tmp.reuse_message = 1;
return 1;
}
@@ -1205,13 +1208,11 @@
return -1;
}
- if (!ssl_hash_current_message(hs)) {
+ if (!ssl_hash_message(hs, msg)) {
return -1;
}
- CBS certificate_msg;
- CBS_init(&certificate_msg, ssl->init_msg, ssl->init_num);
-
+ CBS certificate_msg = msg.body;
uint8_t alert = SSL_AD_DECODE_ERROR;
UniquePtr<STACK_OF(CRYPTO_BUFFER)> chain;
if (!ssl_parse_cert_chain(&alert, &chain, &hs->peer_pubkey,
@@ -1254,36 +1255,32 @@
/* OpenSSL returns X509_V_OK when no certificates are received. This is
* classed by them as a bug, but it's assumed by at least NGINX. */
hs->new_session->verify_result = X509_V_OK;
- return 1;
- }
-
- /* The hash will have been filled in. */
- if (ssl->retain_only_sha256_of_client_certs) {
+ } else if (ssl->retain_only_sha256_of_client_certs) {
+ /* The hash will have been filled in. */
hs->new_session->peer_sha256_valid = 1;
}
+ ssl->method->next_message(ssl);
return 1;
}
static int ssl3_get_client_key_exchange(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
- CBS client_key_exchange;
uint8_t *premaster_secret = NULL;
size_t premaster_secret_len = 0;
uint8_t *decrypt_buf = NULL;
- if (hs->state == SSL3_ST_SR_KEY_EXCH_A) {
- int ret = ssl->method->ssl_get_message(ssl);
- if (ret <= 0) {
- return ret;
- }
+ SSLMessage msg;
+ int ret = ssl_read_message(ssl, &msg);
+ if (ret <= 0) {
+ return ret;
}
- if (!ssl_check_message_type(ssl, SSL3_MT_CLIENT_KEY_EXCHANGE)) {
+ if (!ssl_check_message_type(ssl, msg, SSL3_MT_CLIENT_KEY_EXCHANGE)) {
return -1;
}
- CBS_init(&client_key_exchange, ssl->init_msg, ssl->init_num);
+ CBS client_key_exchange = msg.body;
uint32_t alg_k = hs->new_cipher->algorithm_mkey;
uint32_t alg_a = hs->new_cipher->algorithm_auth;
@@ -1350,7 +1347,6 @@
goto err;
case ssl_private_key_retry:
ssl->rwstate = SSL_PRIVATE_KEY_OPERATION;
- hs->state = SSL3_ST_SR_KEY_EXCH_B;
goto err;
}
@@ -1488,7 +1484,7 @@
premaster_secret_len = new_len;
}
- if (!ssl_hash_current_message(hs)) {
+ if (!ssl_hash_message(hs, msg)) {
goto err;
}
@@ -1502,6 +1498,7 @@
OPENSSL_cleanse(premaster_secret, premaster_secret_len);
OPENSSL_free(premaster_secret);
+ ssl->method->next_message(ssl);
return 1;
err:
@@ -1516,7 +1513,6 @@
static int ssl3_get_cert_verify(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
- CBS certificate_verify, signature;
/* Only RSA and ECDSA client certificates are supported, so a
* CertificateVerify is required if and only if there's a client certificate.
@@ -1526,18 +1522,19 @@
return 1;
}
- int msg_ret = ssl->method->ssl_get_message(ssl);
- if (msg_ret <= 0) {
- return msg_ret;
+ SSLMessage msg;
+ int ret = ssl_read_message(ssl, &msg);
+ if (ret <= 0) {
+ return ret;
}
- if (!ssl_check_message_type(ssl, SSL3_MT_CERTIFICATE_VERIFY)) {
+ if (!ssl_check_message_type(ssl, msg, SSL3_MT_CERTIFICATE_VERIFY)) {
return -1;
}
- CBS_init(&certificate_verify, ssl->init_msg, ssl->init_num);
+ CBS certificate_verify = msg.body, signature;
- /* Determine the digest type if needbe. */
+ /* Determine the signature algorithm. */
uint16_t signature_algorithm = 0;
if (ssl3_protocol_version(ssl) >= TLS1_2_VERSION) {
if (!CBS_get_u16(&certificate_verify, &signature_algorithm)) {
@@ -1603,10 +1600,11 @@
/* The handshake buffer is no longer necessary, and we may hash the current
* message.*/
hs->transcript.FreeBuffer();
- if (!ssl_hash_current_message(hs)) {
+ if (!ssl_hash_message(hs, msg)) {
return -1;
}
+ ssl->method->next_message(ssl);
return 1;
}
@@ -1614,47 +1612,50 @@
* sets the next_proto member in s if found */
static int ssl3_get_next_proto(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
- int ret = ssl->method->ssl_get_message(ssl);
+ SSLMessage msg;
+ int ret = ssl_read_message(ssl, &msg);
if (ret <= 0) {
return ret;
}
- if (!ssl_check_message_type(ssl, SSL3_MT_NEXT_PROTO) ||
- !ssl_hash_current_message(hs)) {
+ if (!ssl_check_message_type(ssl, msg, SSL3_MT_NEXT_PROTO) ||
+ !ssl_hash_message(hs, msg)) {
return -1;
}
- CBS next_protocol, selected_protocol, padding;
- CBS_init(&next_protocol, ssl->init_msg, ssl->init_num);
+ CBS next_protocol = msg.body, selected_protocol, padding;
if (!CBS_get_u8_length_prefixed(&next_protocol, &selected_protocol) ||
!CBS_get_u8_length_prefixed(&next_protocol, &padding) ||
CBS_len(&next_protocol) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
- return 0;
+ return -1;
}
if (!CBS_stow(&selected_protocol, &ssl->s3->next_proto_negotiated,
&ssl->s3->next_proto_negotiated_len)) {
- return 0;
+ return -1;
}
+ ssl->method->next_message(ssl);
return 1;
}
/* ssl3_get_channel_id reads and verifies a ClientID handshake message. */
static int ssl3_get_channel_id(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
- int msg_ret = ssl->method->ssl_get_message(ssl);
- if (msg_ret <= 0) {
- return msg_ret;
+ SSLMessage msg;
+ int ret = ssl_read_message(ssl, &msg);
+ if (ret <= 0) {
+ return ret;
}
- if (!ssl_check_message_type(ssl, SSL3_MT_CHANNEL_ID) ||
- !tls1_verify_channel_id(hs) ||
- !ssl_hash_current_message(hs)) {
+ if (!ssl_check_message_type(ssl, msg, SSL3_MT_CHANNEL_ID) ||
+ !tls1_verify_channel_id(hs, msg) ||
+ !ssl_hash_message(hs, msg)) {
return -1;
}
+ ssl->method->next_message(ssl);
return 1;
}