Move peer_psk_identity_hint to SSL_HANDSHAKE.
One less field to reset on renego and save a pointer of post-handshake
memory.
Change-Id: Ifc0c3c73072af244ee3848d9a798988d2c8a7c38
Reviewed-on: https://boringssl-review.googlesource.com/11086
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c
index d48b000..b8153f5 100644
--- a/ssl/handshake_client.c
+++ b/ssl/handshake_client.c
@@ -1116,20 +1116,13 @@
}
if (ssl->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
+ /* Some ciphers (pure PSK) have an optional ServerKeyExchange message. */
if (ssl_cipher_requires_server_key_exchange(ssl->s3->tmp.new_cipher)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
return -1;
}
- /* In plain PSK ciphersuite, ServerKeyExchange may be omitted to send no
- * identity hint. */
- if (ssl->s3->tmp.new_cipher->algorithm_auth & SSL_aPSK) {
- /* TODO(davidben): This should be reset in one place with the rest of the
- * handshake state. */
- OPENSSL_free(ssl->s3->tmp.peer_psk_identity_hint);
- ssl->s3->tmp.peer_psk_identity_hint = NULL;
- }
ssl->s3->tmp.reuse_message = 1;
return 1;
}
@@ -1168,7 +1161,7 @@
}
/* Save the identity hint as a C string. */
- if (!CBS_strdup(&psk_identity_hint, &ssl->s3->tmp.peer_psk_identity_hint)) {
+ if (!CBS_strdup(&psk_identity_hint, &ssl->s3->hs->peer_psk_identity_hint)) {
al = SSL_AD_INTERNAL_ERROR;
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
goto f_err;
@@ -1542,7 +1535,7 @@
char identity[PSK_MAX_IDENTITY_LEN + 1];
memset(identity, 0, sizeof(identity));
psk_len = ssl->psk_client_callback(
- ssl, ssl->s3->tmp.peer_psk_identity_hint, identity, sizeof(identity),
+ ssl, ssl->s3->hs->peer_psk_identity_hint, identity, sizeof(identity),
psk, sizeof(psk));
if (psk_len == 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_IDENTITY_NOT_FOUND);
