Pass explicit hs parameters into t1_enc.c.
Change-Id: I5ef0fe5cc3ae0d5029ae41db36e66d22d76f6158
Reviewed-on: https://boringssl-review.googlesource.com/12341
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c
index 76a08f5..2ee5408 100644
--- a/ssl/handshake_client.c
+++ b/ssl/handshake_client.c
@@ -369,7 +369,7 @@
ssl->state = SSL3_ST_CW_NEXT_PROTO_A;
- if (!tls1_change_cipher_state(ssl, SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
+ if (!tls1_change_cipher_state(hs, SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
ret = -1;
goto end;
}
@@ -460,7 +460,7 @@
goto end;
}
- if (!tls1_change_cipher_state(ssl, SSL3_CHANGE_CIPHER_CLIENT_READ)) {
+ if (!tls1_change_cipher_state(hs, SSL3_CHANGE_CIPHER_CLIENT_READ)) {
ret = -1;
goto end;
}
diff --git a/ssl/handshake_server.c b/ssl/handshake_server.c
index 1cf668a..0f0c862 100644
--- a/ssl/handshake_server.c
+++ b/ssl/handshake_server.c
@@ -353,7 +353,7 @@
goto end;
}
- if (!tls1_change_cipher_state(ssl, SSL3_CHANGE_CIPHER_SERVER_READ)) {
+ if (!tls1_change_cipher_state(hs, SSL3_CHANGE_CIPHER_SERVER_READ)) {
ret = -1;
goto end;
}
@@ -429,7 +429,7 @@
}
ssl->state = SSL3_ST_SW_FINISHED_A;
- if (!tls1_change_cipher_state(ssl, SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
+ if (!tls1_change_cipher_state(hs, SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
ret = -1;
goto end;
}
diff --git a/ssl/internal.h b/ssl/internal.h
index 534f276..e307cb9 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -1842,7 +1842,7 @@
int ssl_init_wbio_buffer(SSL *ssl);
void ssl_free_wbio_buffer(SSL *ssl);
-int tls1_change_cipher_state(SSL *ssl, int which);
+int tls1_change_cipher_state(SSL_HANDSHAKE *hs, int which);
int tls1_handshake_digest(SSL *ssl, uint8_t *out, size_t out_len);
int tls1_generate_master_secret(SSL *ssl, uint8_t *out, const uint8_t *premaster,
size_t premaster_len);
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 4c7d3ee..70907e1 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -258,8 +258,9 @@
return 1;
}
-static int tls1_setup_key_block(SSL *ssl) {
- if (ssl->s3->hs->key_block_len != 0) {
+static int tls1_setup_key_block(SSL_HANDSHAKE *hs) {
+ SSL *const ssl = hs->ssl;
+ if (hs->key_block_len != 0) {
return 1;
}
@@ -310,14 +311,15 @@
}
assert(key_block_len < 256);
- ssl->s3->hs->key_block_len = (uint8_t)key_block_len;
- ssl->s3->hs->key_block = keyblock;
+ hs->key_block_len = (uint8_t)key_block_len;
+ hs->key_block = keyblock;
return 1;
}
-int tls1_change_cipher_state(SSL *ssl, int which) {
+int tls1_change_cipher_state(SSL_HANDSHAKE *hs, int which) {
+ SSL *const ssl = hs->ssl;
/* Ensure the key block is set up. */
- if (!tls1_setup_key_block(ssl)) {
+ if (!tls1_setup_key_block(hs)) {
return 0;
}
@@ -333,9 +335,9 @@
size_t mac_secret_len = ssl->s3->tmp.new_mac_secret_len;
size_t key_len = ssl->s3->tmp.new_key_len;
size_t iv_len = ssl->s3->tmp.new_fixed_iv_len;
- assert((mac_secret_len + key_len + iv_len) * 2 == ssl->s3->hs->key_block_len);
+ assert((mac_secret_len + key_len + iv_len) * 2 == hs->key_block_len);
- const uint8_t *key_data = ssl->s3->hs->key_block;
+ const uint8_t *key_data = hs->key_block;
const uint8_t *client_write_mac_secret = key_data;
key_data += mac_secret_len;
const uint8_t *server_write_mac_secret = key_data;
