Google Git
Sign in
boringssl / boringssl.git / 859679518d3433cdd0dd6cf534bd7bdb2a32dd60^! / . / ssl / tls13_both.cc
commit859679518d3433cdd0dd6cf534bd7bdb2a32dd60[log] [tgz]
authorAdam Langley <alangley@gmail.com>Tue Jul 03 08:04:58 2018 -0700
committerAdam Langley <alangley@gmail.com>Wed Jul 04 16:39:14 2018 +0000
tree0d1b9c51ca7fc58e1f90204e845f6703e2440198
parentd2f87a777955dd53d7768b236ec3804fe50462a7 [diff] [blame]
Drop C++ from certificate compression API.

It's 2018, but passing STL objects across the API boundary turns out to
still be more bother than it's worth. Since we're dropping UniquePtr in
the API anyway, go the whole way and make it a plain-C API.

Change-Id: Ic0202012e5d81afe62d71b3fb57e6a27a8f63c65
Update-note: this will need corresponding changes to the internal use of SSL_CTX_add_cert_compression_alg.
Reviewed-on: https://boringssl-review.googlesource.com/29564
Reviewed-by: David Benjamin <davidben@google.com>

diff --git a/ssl/tls13_both.cc b/ssl/tls13_both.cc
index 9149e76..696909a 100644
--- a/ssl/tls13_both.cc
+++ b/ssl/tls13_both.cc

@@ -130,7 +130,7 @@
       return 0;
     }
 
-    bssl::CertDecompressFunc decompress = nullptr;
+    ssl_cert_decompression_func_t decompress = nullptr;
     for (const auto& alg : ssl->ctx->cert_compression_algs) {
       if (alg->alg_id == alg_id) {
         decompress = alg->decompress;
@@ -145,16 +145,28 @@
       return 0;
     }
 
-    if (!decompress(ssl, &decompressed, uncompressed_len, compressed) ||
-        CRYPTO_BUFFER_len(decompressed.get()) != uncompressed_len) {
+    CRYPTO_BUFFER *decompressed_ptr = nullptr;
+    if (!decompress(ssl, &decompressed_ptr, uncompressed_len,
+                    CBS_data(&compressed), CBS_len(&compressed))) {
       ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
       OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_DECOMPRESSION_FAILED);
       ERR_add_error_dataf("alg=%d", static_cast<int>(alg_id));
       return 0;
     }
+    decompressed.reset(decompressed_ptr);
 
-    CBS_init(&body, CRYPTO_BUFFER_data(decompressed.get()),
-             CRYPTO_BUFFER_len(decompressed.get()));
+    if (CRYPTO_BUFFER_len(decompressed_ptr) != uncompressed_len) {
+      ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+      OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_DECOMPRESSION_FAILED);
+      ERR_add_error_dataf(
+          "alg=%d got=%u expected=%u", static_cast<int>(alg_id),
+          static_cast<unsigned>(CRYPTO_BUFFER_len(decompressed_ptr)),
+          static_cast<unsigned>(uncompressed_len));
+      return 0;
+    }
+
+    CBS_init(&body, CRYPTO_BUFFER_data(decompressed_ptr),
+             CRYPTO_BUFFER_len(decompressed_ptr));
   } else {
     assert(msg.type == SSL3_MT_CERTIFICATE);
   }
@@ -512,7 +524,7 @@
       !CBB_add_u16(body, hs->cert_compression_alg_id) ||
       !CBB_add_u24(body, msg.size()) ||
       !CBB_add_u24_length_prefixed(body, &compressed) ||
-      !alg->compress(ssl, &compressed, msg) ||
+      !alg->compress(ssl, &compressed, msg.data(), msg.size()) ||
       !ssl_add_message_cbb(ssl, cbb.get())) {
     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
     return 0;