Google Git
Sign in
boringssl/boringssl.git/276b7e81273528e3936ce4e3fc3cea9324c68254^!/./ssl/s3_both.c
commit
276b7e81273528e3936ce4e3fc3cea9324c68254
[log]
author
David Benjamin <davidben@google.com>
Sat Jan 21 14:13:39 2017 -0500
committer
CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Fri Jan 27 23:15:52 2017 +0000
tree
61062af91c19f6455a81c74b77a0ec8f3dec77e0
parent
6f07d726c91d4df5c62e1ea985e780daa383f076 [diff] [blame]
Move optional message type checks out of ssl_get_message.

This aligns the TLS 1.2 state machine closer with the TLS 1.3 state
machine. This is more work for the handshake, but ultimately the
plan is to take the ssl_get_message call out of the handshake (so it is
just the state machine rather than calling into BIO), so the parameters
need to be folded out as in TLS 1.3.

The WrongMessageType-* family of tests should make sure we don't miss
one of these.

BUG=128

Change-Id: I17a1e6177c52a7540b2bc6b0b3f926ab386c4950
Reviewed-on: https://boringssl-review.googlesource.com/13264
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index a7dac7c..70ed435 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c

@@ -180,6 +180,18 @@
   OPENSSL_free(hs);
 }
 
+int ssl_check_message_type(SSL *ssl, int type) {
+  if (ssl->s3->tmp.message_type != type) {
+    ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+    OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
+    ERR_add_error_dataf("got type %d, wanted type %d",
+                        ssl->s3->tmp.message_type, type);
+    return 0;
+  }
+
+  return 1;
+}
+
 static int add_record_to_flight(SSL *ssl, uint8_t type, const uint8_t *in,
                                 size_t in_len) {
   /* We'll never add a flight while in the process of writing it out. */
@@ -386,12 +398,15 @@
 
 int ssl3_get_finished(SSL_HANDSHAKE *hs) {
   SSL *const ssl = hs->ssl;
-  int ret = ssl->method->ssl_get_message(ssl, SSL3_MT_FINISHED,
-                                         ssl_dont_hash_message);
+  int ret = ssl->method->ssl_get_message(ssl, ssl_dont_hash_message);
   if (ret <= 0) {
     return ret;
   }
 
+  if (!ssl_check_message_type(ssl, SSL3_MT_FINISHED)) {
+    return -1;
+  }
+
   /* Snapshot the finished hash before incorporating the new message. */
   uint8_t finished[EVP_MAX_MD_SIZE];
   size_t finished_len =
@@ -645,8 +660,7 @@
   return 1;
 }
 
-int ssl3_get_message(SSL *ssl, int msg_type,
-                     enum ssl_hash_message_t hash_message) {
+int ssl3_get_message(SSL *ssl, enum ssl_hash_message_t hash_message) {
 again:
   /* Re-create the handshake buffer if needed. */
   if (ssl->init_buf == NULL) {
@@ -725,12 +739,6 @@
     goto again;
   }
 
-  if (msg_type >= 0 && ssl->s3->tmp.message_type != msg_type) {
-    ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
-    OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
-    return -1;
-  }
-
   /* Feed this message into MAC computation. */
   if (hash_message == ssl_hash_message && !ssl_hash_current_message(ssl)) {
     return -1;