Stop reseting init_num everywhere in the handshake loop. This was needed because ssl3_get_message would get confused if init_num were not set back to zero when reading the next message. However, ssl3_get_message now treats init_num only as an output, not an input. (The message sending logic and the individual handshake states still use it, so we can't get rid of it altogether yet.) I've kept the init_num reset at the start and end of the handshake loop alone for now since that's more about initialization and cleanup. Though I believe they too do not do anything. Change-Id: I64bbdd82122498de32364e7edb3b00b166059ecd Reviewed-on: https://boringssl-review.googlesource.com/7950 Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 7d75ff8..e2a4cff 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c
@@ -168,6 +168,7 @@ ssl->init_buf = buf; buf = NULL; } + ssl->init_num = 0; if (!ssl_init_wbio_buffer(ssl)) { ret = -1; @@ -175,7 +176,6 @@ } ssl->state = SSL3_ST_CW_CLNT_HELLO_A; - ssl->init_num = 0; ssl->d1->send_cookie = 0; ssl->hit = 0; break; @@ -194,9 +194,6 @@ ssl->s3->tmp.next_state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A; } ssl->state = SSL3_ST_CW_FLUSH; - - ssl->init_num = 0; - break; case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: @@ -211,7 +208,6 @@ } else { ssl->state = SSL3_ST_CR_SRVR_HELLO_A; } - ssl->init_num = 0; break; case SSL3_ST_CR_SRVR_HELLO_A: @@ -229,7 +225,6 @@ } else { ssl->state = SSL3_ST_CR_CERT_A; } - ssl->init_num = 0; break; case SSL3_ST_CR_CERT_A: @@ -247,7 +242,6 @@ skip = 1; ssl->state = SSL3_ST_CR_KEY_EXCH_A; } - ssl->init_num = 0; break; case SSL3_ST_VERIFY_SERVER_CERT: @@ -257,7 +251,6 @@ } ssl->state = SSL3_ST_CR_KEY_EXCH_A; - ssl->init_num = 0; break; case SSL3_ST_CR_KEY_EXCH_A: @@ -270,7 +263,6 @@ } else { ssl->state = SSL3_ST_CR_SRVR_DONE_A; } - ssl->init_num = 0; break; case SSL3_ST_CR_CERT_REQ_A: @@ -279,7 +271,6 @@ goto end; } ssl->state = SSL3_ST_CR_SRVR_DONE_A; - ssl->init_num = 0; break; case SSL3_ST_CR_SRVR_DONE_A: @@ -293,7 +284,6 @@ } else { ssl->s3->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A; } - ssl->init_num = 0; ssl->state = ssl->s3->tmp.next_state; break; @@ -307,7 +297,6 @@ goto end; } ssl->state = SSL3_ST_CW_KEY_EXCH_A; - ssl->init_num = 0; break; case SSL3_ST_CW_KEY_EXCH_A: @@ -324,8 +313,6 @@ } else { ssl->state = SSL3_ST_CW_CHANGE_A; } - - ssl->init_num = 0; break; case SSL3_ST_CW_CERT_VRFY_A: @@ -337,7 +324,6 @@ goto end; } ssl->state = SSL3_ST_CW_CHANGE_A; - ssl->init_num = 0; break; case SSL3_ST_CW_CHANGE_A: @@ -352,7 +338,6 @@ } ssl->state = SSL3_ST_CW_FINISHED_A; - ssl->init_num = 0; if (!tls1_change_cipher_state(ssl, SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { ret = -1; @@ -383,7 +368,6 @@ ssl->s3->tmp.next_state = SSL3_ST_CR_CHANGE; } } - ssl->init_num = 0; break; case SSL3_ST_CR_SESSION_TICKET_A: @@ -392,7 +376,6 @@ goto end; } ssl->state = SSL3_ST_CR_CHANGE; - ssl->init_num = 0; break; case SSL3_ST_CR_CERT_STATUS_A: @@ -401,7 +384,6 @@ goto end; } ssl->state = SSL3_ST_VERIFY_SERVER_CERT; - ssl->init_num = 0; break; case SSL3_ST_CR_CHANGE: @@ -430,7 +412,6 @@ ssl->state = SSL_ST_OK; } - ssl->init_num = 0; break; case SSL3_ST_CW_FLUSH:
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index f7be396..bb339cb 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c
@@ -191,7 +191,6 @@ } dtls1_stop_timer(ssl); ssl->state = SSL3_ST_SW_SRVR_HELLO_A; - ssl->init_num = 0; break; case SSL3_ST_SW_SRVR_HELLO_A: @@ -211,7 +210,6 @@ } else { ssl->state = SSL3_ST_SW_CERT_A; } - ssl->init_num = 0; break; case SSL3_ST_SW_CERT_A: @@ -231,7 +229,6 @@ skip = 1; ssl->state = SSL3_ST_SW_KEY_EXCH_A; } - ssl->init_num = 0; break; case SSL3_ST_SW_CERT_STATUS_A: @@ -241,7 +238,6 @@ goto end; } ssl->state = SSL3_ST_SW_KEY_EXCH_A; - ssl->init_num = 0; break; case SSL3_ST_SW_KEY_EXCH_A: @@ -269,7 +265,6 @@ } ssl->state = SSL3_ST_SW_CERT_REQ_A; - ssl->init_num = 0; break; case SSL3_ST_SW_CERT_REQ_A: @@ -284,7 +279,6 @@ skip = 1; } ssl->state = SSL3_ST_SW_SRVR_DONE_A; - ssl->init_num = 0; break; case SSL3_ST_SW_SRVR_DONE_A: @@ -296,7 +290,6 @@ } ssl->s3->tmp.next_state = SSL3_ST_SR_CERT_A; ssl->state = SSL3_ST_SW_FLUSH; - ssl->init_num = 0; break; case SSL3_ST_SW_FLUSH: @@ -315,7 +308,6 @@ goto end; } } - ssl->init_num = 0; ssl->state = SSL3_ST_SR_KEY_EXCH_A; break; @@ -326,7 +318,6 @@ goto end; } ssl->state = SSL3_ST_SR_CERT_VRFY_A; - ssl->init_num = 0; break; case SSL3_ST_SR_CERT_VRFY_A: @@ -335,7 +326,6 @@ goto end; } ssl->state = SSL3_ST_SR_CHANGE; - ssl->init_num = 0; break; case SSL3_ST_SR_CHANGE: @@ -365,7 +355,6 @@ } else { ssl->state = SSL3_ST_SW_CHANGE_A; } - ssl->init_num = 0; break; case SSL3_ST_SW_SESSION_TICKET_A: @@ -375,7 +364,6 @@ goto end; } ssl->state = SSL3_ST_SW_CHANGE_A; - ssl->init_num = 0; break; case SSL3_ST_SW_CHANGE_A: @@ -388,7 +376,6 @@ } ssl->state = SSL3_ST_SW_FINISHED_A; - ssl->init_num = 0; if (!tls1_change_cipher_state(ssl, SSL3_CHANGE_CIPHER_SERVER_WRITE)) { ret = -1; @@ -409,7 +396,6 @@ } else { ssl->s3->tmp.next_state = SSL_ST_OK; } - ssl->init_num = 0; break; case SSL_ST_OK:
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 9f92849..88a30e3 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c
@@ -208,6 +208,7 @@ ssl->init_buf = buf; buf = NULL; } + ssl->init_num = 0; if (!ssl_init_wbio_buffer(ssl)) { ret = -1; @@ -221,7 +222,6 @@ } ssl->state = SSL3_ST_CW_CLNT_HELLO_A; - ssl->init_num = 0; break; case SSL3_ST_CW_CLNT_HELLO_A: @@ -232,7 +232,6 @@ } ssl->s3->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A; ssl->state = SSL3_ST_CW_FLUSH; - ssl->init_num = 0; break; case SSL3_ST_CR_SRVR_HELLO_A: @@ -250,7 +249,6 @@ } else { ssl->state = SSL3_ST_CR_CERT_A; } - ssl->init_num = 0; break; case SSL3_ST_CR_CERT_A: @@ -268,7 +266,6 @@ skip = 1; ssl->state = SSL3_ST_CR_KEY_EXCH_A; } - ssl->init_num = 0; break; case SSL3_ST_VERIFY_SERVER_CERT: @@ -278,7 +275,6 @@ } ssl->state = SSL3_ST_CR_KEY_EXCH_A; - ssl->init_num = 0; break; case SSL3_ST_CR_KEY_EXCH_A: @@ -291,7 +287,6 @@ } else { ssl->state = SSL3_ST_CR_SRVR_DONE_A; } - ssl->init_num = 0; break; case SSL3_ST_CR_CERT_REQ_A: @@ -300,7 +295,6 @@ goto end; } ssl->state = SSL3_ST_CR_SRVR_DONE_A; - ssl->init_num = 0; break; case SSL3_ST_CR_SRVR_DONE_A: @@ -313,7 +307,6 @@ } else { ssl->state = SSL3_ST_CW_KEY_EXCH_A; } - ssl->init_num = 0; break; @@ -326,7 +319,6 @@ goto end; } ssl->state = SSL3_ST_CW_KEY_EXCH_A; - ssl->init_num = 0; break; case SSL3_ST_CW_KEY_EXCH_A: @@ -342,8 +334,6 @@ } else { ssl->state = SSL3_ST_CW_CHANGE_A; } - - ssl->init_num = 0; break; case SSL3_ST_CW_CERT_VRFY_A: @@ -354,7 +344,6 @@ goto end; } ssl->state = SSL3_ST_CW_CHANGE_A; - ssl->init_num = 0; break; case SSL3_ST_CW_CHANGE_A: @@ -372,7 +361,6 @@ if (ssl->s3->next_proto_neg_seen) { ssl->state = SSL3_ST_CW_NEXT_PROTO_A; } - ssl->init_num = 0; if (!tls1_change_cipher_state(ssl, SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { ret = -1; @@ -439,7 +427,6 @@ } } } - ssl->init_num = 0; break; case SSL3_ST_CR_SESSION_TICKET_A: @@ -448,7 +435,6 @@ goto end; } ssl->state = SSL3_ST_CR_CHANGE; - ssl->init_num = 0; break; case SSL3_ST_CR_CERT_STATUS_A: @@ -457,7 +443,6 @@ goto end; } ssl->state = SSL3_ST_VERIFY_SERVER_CERT; - ssl->init_num = 0; break; case SSL3_ST_CR_CHANGE: @@ -484,7 +469,6 @@ } else { ssl->state = SSL_ST_OK; } - ssl->init_num = 0; break; case SSL3_ST_CW_FLUSH: @@ -515,13 +499,13 @@ BUF_MEM_free(ssl->init_buf); ssl->init_buf = NULL; + ssl->init_num = 0; /* Remove write buffering now. */ ssl_free_wbio_buffer(ssl); const int is_initial_handshake = !ssl->s3->initial_handshake_complete; - ssl->init_num = 0; ssl->s3->tmp.in_false_start = 0; ssl->s3->initial_handshake_complete = 1;
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 3303d00..01d0be3 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c
@@ -262,7 +262,6 @@ goto end; } ssl->state = SSL3_ST_SW_SRVR_HELLO_A; - ssl->init_num = 0; break; case SSL3_ST_SW_SRVR_HELLO_A: @@ -280,7 +279,6 @@ } else { ssl->state = SSL3_ST_SW_CERT_A; } - ssl->init_num = 0; break; case SSL3_ST_SW_CERT_A: @@ -299,7 +297,6 @@ skip = 1; ssl->state = SSL3_ST_SW_KEY_EXCH_A; } - ssl->init_num = 0; break; case SSL3_ST_SW_CERT_STATUS_A: @@ -309,7 +306,6 @@ goto end; } ssl->state = SSL3_ST_SW_KEY_EXCH_A; - ssl->init_num = 0; break; case SSL3_ST_SW_KEY_EXCH_A: @@ -335,7 +331,6 @@ } ssl->state = SSL3_ST_SW_CERT_REQ_A; - ssl->init_num = 0; break; case SSL3_ST_SW_CERT_REQ_A: @@ -349,7 +344,6 @@ skip = 1; } ssl->state = SSL3_ST_SW_SRVR_DONE_A; - ssl->init_num = 0; break; case SSL3_ST_SW_SRVR_DONE_A: @@ -360,7 +354,6 @@ } ssl->s3->tmp.next_state = SSL3_ST_SR_CERT_A; ssl->state = SSL3_ST_SW_FLUSH; - ssl->init_num = 0; break; case SSL3_ST_SW_FLUSH: @@ -385,7 +378,6 @@ goto end; } } - ssl->init_num = 0; ssl->state = SSL3_ST_SR_KEY_EXCH_A; break; @@ -396,7 +388,6 @@ goto end; } ssl->state = SSL3_ST_SR_CERT_VRFY_A; - ssl->init_num = 0; break; case SSL3_ST_SR_CERT_VRFY_A: @@ -406,7 +397,6 @@ } ssl->state = SSL3_ST_SR_CHANGE; - ssl->init_num = 0; break; case SSL3_ST_SR_CHANGE: @@ -434,7 +424,6 @@ if (ret <= 0) { goto end; } - ssl->init_num = 0; if (ssl->s3->tlsext_channel_id_valid) { ssl->state = SSL3_ST_SR_CHANNEL_ID_A; } else { @@ -447,7 +436,6 @@ if (ret <= 0) { goto end; } - ssl->init_num = 0; ssl->state = SSL3_ST_SR_FINISHED_A; break; @@ -473,7 +461,6 @@ goto end; } } - ssl->init_num = 0; break; case SSL3_ST_SW_SESSION_TICKET_A: @@ -483,7 +470,6 @@ goto end; } ssl->state = SSL3_ST_SW_CHANGE_A; - ssl->init_num = 0; break; case SSL3_ST_SW_CHANGE_A: @@ -494,7 +480,6 @@ goto end; } ssl->state = SSL3_ST_SW_FINISHED_A; - ssl->init_num = 0; if (!tls1_change_cipher_state(ssl, SSL3_CHANGE_CIPHER_SERVER_WRITE)) { ret = -1; @@ -515,7 +500,6 @@ } else { ssl->s3->tmp.next_state = SSL_ST_OK; } - ssl->init_num = 0; break; case SSL_ST_OK: @@ -524,11 +508,11 @@ BUF_MEM_free(ssl->init_buf); ssl->init_buf = NULL; + ssl->init_num = 0; /* remove buffering on output */ ssl_free_wbio_buffer(ssl); - ssl->init_num = 0; /* If we aren't retaining peer certificates then we can discard it * now. */