commit 676d1e780e96b201113958e8a6f2e787438f200b
author David Benjamin <davidben@chromium.org> Tue Jul 08 14:34:10 2014 -0400
committer Adam Langley <agl@google.com> Wed Jul 09 19:51:08 2014 +0000
tree 768af533e0fbcc2a5ef4ce8b6db88e8f5dda052d
parent 8f2c20eb7068429b5883d6e334d9cb0f0102f44d

Separate client and server certificate_types.

This is the first of reorganizing state between connection state and handshake
state. The existing set are retained in cert_st for the server; they are server
configuration. The client gets a copy in s->s3->tmp alongside other handshake
state.

With other handshake state moved there, hopefully we can reset that state in
one go and possibly not even maintain it when there is no handshake in
progress.  Rather than currently where we sometimes confused connection state
and handshake state and have to reset as appropriate on renegotiate.

While I'm here, document the fields and name them something more useful than
'ctypes'.

Change-Id: Ib927579f0004fc5c6854fce2127625df669b2b6d
Reviewed-on: https://boringssl-review.googlesource.com/1113
Reviewed-by: Adam Langley <agl@google.com>

ssl/s3_lib.c

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 2518bd3..978f552 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -148,6 +148,7 @@
 
 #include <stdio.h>
 
+#include <openssl/buf.h>
 #include <openssl/dh.h>
 #include <openssl/md5.h>
 #include <openssl/mem.h>
@@ -2711,6 +2712,8 @@
 
 	if (s->s3->tmp.ca_names != NULL)
 		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+	if (s->s3->tmp.certificate_types != NULL)
+		OPENSSL_free(s->s3->tmp.certificate_types);
 	if (s->s3->handshake_buffer) {
 		BIO_free(s->s3->handshake_buffer);
 	}
@@ -2732,6 +2735,9 @@
 	ssl3_cleanup_key_block(s);
 	if (s->s3->tmp.ca_names != NULL)
 		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+	if (s->s3->tmp.certificate_types != NULL)
+		OPENSSL_free(s->s3->tmp.certificate_types);
+	s->s3->tmp.num_certificate_types = 0;
 
 #ifndef OPENSSL_NO_DH
 	if (s->s3->tmp.dh != NULL)
@@ -3082,8 +3088,8 @@
 		if (s->server || !s->s3->tmp.cert_req)
 			return 0;
 		if (pctype)
-			*pctype = s->cert->ctypes;
-		return (int)s->cert->ctype_num;
+			*pctype = s->s3->tmp.certificate_types;
+		return (int)s->s3->tmp.num_certificate_types;
 		}
 
 	case SSL_CTRL_SET_CLIENT_CERT_TYPES:
@@ -3772,10 +3778,11 @@
 	unsigned long alg_k;
 
 	/* If we have custom certificate types set, use them */
-	if (s->cert->ctypes)
+	if (s->cert->client_certificate_types)
 		{
-		memcpy(p, s->cert->ctypes, s->cert->ctype_num);
-		return (int)s->cert->ctype_num;
+		memcpy(p, s->cert->client_certificate_types,
+			s->cert->num_client_certificate_types);
+		return (int)s->cert->num_client_certificate_types;
 		}
 	/* get configured sigalgs */
 	siglen = tls12_get_psigalgs(s, &sig);
@@ -3855,20 +3862,20 @@
 
 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
 	{
-	if (c->ctypes)
+	if (c->client_certificate_types)
 		{
-		OPENSSL_free(c->ctypes);
-		c->ctypes = NULL;
+		OPENSSL_free(c->client_certificate_types);
+		c->client_certificate_types = NULL;
 		}
+	c->num_client_certificate_types = 0;
 	if (!p || !len)
 		return 1;
 	if (len > 0xff)
 		return 0;
-	c->ctypes = OPENSSL_malloc(len);
-	if (!c->ctypes)
+	c->client_certificate_types = BUF_memdup(p, len);
+	if (!c->client_certificate_types)
 		return 0;
-	memcpy(c->ctypes, p, len);
-	c->ctype_num = len;
+	c->num_client_certificate_types = len;
 	return 1;
 	}