commit 2644a13d718148881cf51e71091a6092e4b96c4f
author David Benjamin <davidben@google.com> Sun Dec 11 13:41:17 2016 -0500
committer David Benjamin <davidben@google.com> Mon Dec 12 21:59:06 2016 +0000
tree ccf37c9bd87e8a9b1d810578fc9276699e2f74e1
parent 5edfc8cc170abd47a3da6184546db0b791a3e9e5

Set up the SSL_HANDSHAKE object earlier.

This is to free up moving ssl->state into SSL_HANDSHAKE. ssl->state
serves two purposes right now. First, it is the state tracking for
SSL_HANDSHAKE. Second, it lets the system know there is a handshake
waiting to complete.

Instead, arrange things so that, if there is a handshake waiting to
complete, hs is not NULL. That means we need to initialize it when
creating a new connection and when discovering a renego.

Note this means we cannot make initializing an SSL_HANDSHAKE depend on
client vs. server.

Change-Id: I585a8d7e700c4ffe4d372248d34c44106ad7e7a0
Reviewed-on: https://boringssl-review.googlesource.com/12696
Reviewed-by: David Benjamin <davidben@google.com>

ssl/s3_lib.c

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 1aad8e6..859cb9b 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -167,10 +167,16 @@
 
   s3 = OPENSSL_malloc(sizeof *s3);
   if (s3 == NULL) {
-    goto err;
+    return 0;
   }
   memset(s3, 0, sizeof *s3);
 
+  s3->hs = ssl_handshake_new(ssl);
+  if (s3->hs == NULL) {
+    OPENSSL_free(s3);
+    return 0;
+  }
+
   EVP_MD_CTX_init(&s3->handshake_hash);
   EVP_MD_CTX_init(&s3->handshake_md5);
 
@@ -183,8 +189,6 @@
    * at the API boundary rather than in internal state. */
   ssl->version = TLS1_2_VERSION;
   return 1;
-err:
-  return 0;
 }
 
 void ssl3_free(SSL *ssl) {