Move peer_psk_identity_hint to SSL_HANDSHAKE. One less field to reset on renego and save a pointer of post-handshake memory. Change-Id: Ifc0c3c73072af244ee3848d9a798988d2c8a7c38 Reviewed-on: https://boringssl-review.googlesource.com/11086 Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 8602ec6..ac1a63b 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h
@@ -4398,10 +4398,6 @@ * didn't use it to create the master secret initially. */ char extended_master_secret; - /* Client-only: peer_psk_identity_hint is the psk_identity_hint sent by the - * server when using a PSK key exchange. */ - char *peer_psk_identity_hint; - /* new_mac_secret_size is unused and exists only until wpa_supplicant can * be updated. It is only needed for EAP-FAST, which we don't support. */ uint8_t new_mac_secret_size;
diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c index d48b000..b8153f5 100644 --- a/ssl/handshake_client.c +++ b/ssl/handshake_client.c
@@ -1116,20 +1116,13 @@ } if (ssl->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { + /* Some ciphers (pure PSK) have an optional ServerKeyExchange message. */ if (ssl_cipher_requires_server_key_exchange(ssl->s3->tmp.new_cipher)) { OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE); ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); return -1; } - /* In plain PSK ciphersuite, ServerKeyExchange may be omitted to send no - * identity hint. */ - if (ssl->s3->tmp.new_cipher->algorithm_auth & SSL_aPSK) { - /* TODO(davidben): This should be reset in one place with the rest of the - * handshake state. */ - OPENSSL_free(ssl->s3->tmp.peer_psk_identity_hint); - ssl->s3->tmp.peer_psk_identity_hint = NULL; - } ssl->s3->tmp.reuse_message = 1; return 1; } @@ -1168,7 +1161,7 @@ } /* Save the identity hint as a C string. */ - if (!CBS_strdup(&psk_identity_hint, &ssl->s3->tmp.peer_psk_identity_hint)) { + if (!CBS_strdup(&psk_identity_hint, &ssl->s3->hs->peer_psk_identity_hint)) { al = SSL_AD_INTERNAL_ERROR; OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto f_err; @@ -1542,7 +1535,7 @@ char identity[PSK_MAX_IDENTITY_LEN + 1]; memset(identity, 0, sizeof(identity)); psk_len = ssl->psk_client_callback( - ssl, ssl->s3->tmp.peer_psk_identity_hint, identity, sizeof(identity), + ssl, ssl->s3->hs->peer_psk_identity_hint, identity, sizeof(identity), psk, sizeof(psk)); if (psk_len == 0) { OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_IDENTITY_NOT_FOUND);
diff --git a/ssl/internal.h b/ssl/internal.h index 13dec3a..c090094 100644 --- a/ssl/internal.h +++ b/ssl/internal.h
@@ -922,6 +922,10 @@ size_t num_peer_sigalgs; uint8_t session_tickets_sent; + + /* peer_psk_identity_hint, on the client, is the psk_identity_hint sent by the + * server when using a TLS 1.2 PSK key exchange. */ + char *peer_psk_identity_hint; } /* SSL_HANDSHAKE */; SSL_HANDSHAKE *ssl_handshake_new(enum ssl_hs_wait_t (*do_handshake)(SSL *ssl));
diff --git a/ssl/s3_both.c b/ssl/s3_both.c index 4baa839..23cda92 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c
@@ -166,6 +166,7 @@ OPENSSL_free(hs->key_share_bytes); OPENSSL_free(hs->public_key); OPENSSL_free(hs->peer_sigalgs); + OPENSSL_free(hs->peer_psk_identity_hint); OPENSSL_free(hs); }
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 3378526..2a7bbae 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c
@@ -210,7 +210,6 @@ sk_X509_NAME_pop_free(ssl->s3->tmp.ca_names, X509_NAME_free); OPENSSL_free(ssl->s3->tmp.certificate_types); OPENSSL_free(ssl->s3->tmp.peer_supported_group_list); - OPENSSL_free(ssl->s3->tmp.peer_psk_identity_hint); SSL_SESSION_free(ssl->s3->new_session); SSL_SESSION_free(ssl->s3->established_session); ssl3_free_handshake_buffer(ssl);