commit 8f94c31b19c688692d9afcffe3afb2f85391b125
author David Benjamin <davidben@google.com> Tue Aug 01 17:35:55 2017 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Tue Aug 08 21:08:59 2017 +0000
tree 9722c40a2682e8233d28c96be14357ab96170ba3
parent ba2d3df75981449c56e8cc276b2a56319483fc4a

Replace reuse_message with an explicit next_message call.

This means that ssl_get_message (soon to be replaced with a BIO-less
version) is idempotent which avoids the SSL3_ST_SR_KEY_EXCH_B
contortion. It also eases converting the TLS 1.2 state machine. See
https://docs.google.com/a/google.com/document/d/11n7LHsT3GwE34LAJIe3EFs4165TI4UR_3CqiM9LJVpI/edit?usp=sharing
for details.

Bug: 128
Change-Id: Iddd4f951389e8766da07a9de595b552e75f8acf0
Reviewed-on: https://boringssl-review.googlesource.com/18805
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/tls13_server.cc

diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc
index 03f8bdd..c2cd682 100644
--- a/ssl/tls13_server.cc
+++ b/ssl/tls13_server.cc
@@ -458,12 +458,14 @@
     if (need_retry) {
       ssl->early_data_accepted = 0;
       ssl->s3->skip_early_data = 1;
+      ssl->method->next_message(ssl);
       hs->tls13_state = state_send_hello_retry_request;
       return ssl_hs_ok;
     }
     return ssl_hs_error;
   }
 
+  ssl->method->next_message(ssl);
   hs->tls13_state = state_send_server_hello;
   return ssl_hs_ok;
 }
@@ -517,6 +519,7 @@
     return ssl_hs_error;
   }
 
+  ssl->method->next_message(ssl);
   hs->tls13_state = state_send_server_hello;
   return ssl_hs_ok;
 }
@@ -669,7 +672,8 @@
                          static_cast<uint8_t>(hs->hash_len)};
     if (!hs->transcript.Update(header, sizeof(header)) ||
         !hs->transcript.Update(hs->expected_client_finished, hs->hash_len) ||
-        !tls13_derive_resumption_secret(hs) || !add_new_session_tickets(hs)) {
+        !tls13_derive_resumption_secret(hs) ||
+        !add_new_session_tickets(hs)) {
       return ssl_hs_error;
     }
   }
@@ -739,6 +743,7 @@
     return ssl_hs_error;
   }
 
+  ssl->method->next_message(ssl);
   hs->tls13_state = state_process_client_certificate_verify;
   return ssl_hs_read_message;
 }
@@ -768,22 +773,25 @@
     return ssl_hs_error;
   }
 
+  ssl->method->next_message(ssl);
   hs->tls13_state = state_process_channel_id;
   return ssl_hs_read_message;
 }
 
 static enum ssl_hs_wait_t do_process_channel_id(SSL_HANDSHAKE *hs) {
-  if (!hs->ssl->s3->tlsext_channel_id_valid) {
+  SSL *const ssl = hs->ssl;
+  if (!ssl->s3->tlsext_channel_id_valid) {
     hs->tls13_state = state_process_client_finished;
     return ssl_hs_ok;
   }
 
-  if (!ssl_check_message_type(hs->ssl, SSL3_MT_CHANNEL_ID) ||
+  if (!ssl_check_message_type(ssl, SSL3_MT_CHANNEL_ID) ||
       !tls1_verify_channel_id(hs) ||
       !ssl_hash_current_message(hs)) {
     return ssl_hs_error;
   }
 
+  ssl->method->next_message(ssl);
   hs->tls13_state = state_process_client_finished;
   return ssl_hs_read_message;
 }
@@ -808,10 +816,12 @@
 
     /* We send post-handshake tickets as part of the handshake in 1-RTT. */
     hs->tls13_state = state_send_new_session_ticket;
-    return ssl_hs_ok;
+  } else {
+    /* We already sent half-RTT tickets. */
+    hs->tls13_state = state_done;
   }
 
-  hs->tls13_state = state_done;
+  ssl->method->next_message(ssl);
   return ssl_hs_ok;
 }