Take the version parameter out of ssl_do_msg_callback.
This will make it a little easier to store the normalized version rather
than the wire version. Also document the V2ClientHello behavior.
Change-Id: I5ce9ccce44ca48be2e60ddf293c0fab6bba1356e
Reviewed-on: https://boringssl-review.googlesource.com/11121
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 256e3a0..c68dc12 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2801,7 +2801,10 @@
* For each handshake message, ChangeCipherSpec, and alert, |version| is the
* protocol version and |content_type| is the corresponding record type. The
* |len| bytes from |buf| contain the handshake message, one-byte
- * ChangeCipherSpec body, and two-byte alert, respectively. */
+ * ChangeCipherSpec body, and two-byte alert, respectively.
+ *
+ * For a V2ClientHello, |version| is |SSL2_VERSION|, |content_type| is zero, and
+ * the |len| bytes from |buf| contain the V2ClientHello structure. */
OPENSSL_EXPORT void SSL_CTX_set_msg_callback(
SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg));
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 5ea29da..7bb2de2 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -437,8 +437,8 @@
return -1;
}
- ssl_do_msg_callback(ssl, 0 /* read */, ssl->version, SSL3_RT_HANDSHAKE,
- frag->data, ssl->init_num + DTLS1_HM_HEADER_LENGTH);
+ ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_HANDSHAKE, frag->data,
+ ssl->init_num + DTLS1_HM_HEADER_LENGTH);
return 1;
}
@@ -567,9 +567,8 @@
return ret;
}
- ssl_do_msg_callback(ssl, 1 /* write */, ssl->version,
- SSL3_RT_CHANGE_CIPHER_SPEC, kChangeCipherSpec,
- sizeof(kChangeCipherSpec));
+ ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_CHANGE_CIPHER_SPEC,
+ kChangeCipherSpec, sizeof(kChangeCipherSpec));
return 1;
}
@@ -667,8 +666,7 @@
offset += todo;
} while (CBS_len(&body) != 0);
- ssl_do_msg_callback(ssl, 1 /* write */, ssl->version, SSL3_RT_HANDSHAKE, in,
- len);
+ ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_HANDSHAKE, in, len);
ret = 1;
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 574fd4c..099de5d 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -312,8 +312,8 @@
return -1;
}
- ssl_do_msg_callback(ssl, 0 /* read */, ssl->version,
- SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, rr->length);
+ ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data,
+ rr->length);
rr->length = 0;
ssl_read_buffer_discard(ssl);
@@ -409,8 +409,8 @@
BIO_flush(ssl->wbio);
}
- ssl_do_msg_callback(ssl, 1 /* write */, ssl->version, SSL3_RT_ALERT,
- ssl->s3->send_alert, 2);
+ ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_ALERT, ssl->s3->send_alert,
+ 2);
int alert = (ssl->s3->send_alert[0] << 8) | ssl->s3->send_alert[1];
ssl_do_info_callback(ssl, SSL_CB_WRITE_ALERT, alert);
diff --git a/ssl/dtls_record.c b/ssl/dtls_record.c
index e784e55..ffe4053 100644
--- a/ssl/dtls_record.c
+++ b/ssl/dtls_record.c
@@ -198,7 +198,7 @@
return ssl_open_record_discard;
}
- ssl_do_msg_callback(ssl, 0 /* read */, 0, SSL3_RT_HEADER, in,
+ ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_HEADER, in,
DTLS1_RT_HEADER_LENGTH);
uint16_t epoch = (((uint16_t)sequence[0]) << 8) | sequence[1];
@@ -302,7 +302,7 @@
*out_len = DTLS1_RT_HEADER_LENGTH + ciphertext_len;
- ssl_do_msg_callback(ssl, 1 /* write */, 0, SSL3_RT_HEADER, out,
+ ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_HEADER, out,
DTLS1_RT_HEADER_LENGTH);
return 1;
diff --git a/ssl/internal.h b/ssl/internal.h
index 0bc0b8e..bdb392c 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -683,7 +683,7 @@
void ssl_do_info_callback(const SSL *ssl, int type, int value);
/* ssl_do_msg_callback calls |ssl|'s message callback, if set. */
-void ssl_do_msg_callback(SSL *ssl, int is_write, int version, int content_type,
+void ssl_do_msg_callback(SSL *ssl, int is_write, int content_type,
const void *buf, size_t len);
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 23cda92..e77e8ca 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -181,7 +181,7 @@
/* ssl3_write_bytes writes the data in its entirety. */
assert((size_t)ret == len);
- ssl_do_msg_callback(ssl, 1 /* write */, ssl->version, type, data, len);
+ ssl_do_msg_callback(ssl, 1 /* write */, type, data, len);
return 1;
}
@@ -477,7 +477,7 @@
return -1;
}
- ssl_do_msg_callback(ssl, 0 /* read */, SSL2_VERSION, 0,
+ ssl_do_msg_callback(ssl, 0 /* read */, 0 /* V2ClientHello */,
CBS_data(&v2_client_hello), CBS_len(&v2_client_hello));
uint8_t msg_type;
@@ -631,8 +631,8 @@
}
/* We have now received a complete message. */
- ssl_do_msg_callback(ssl, 0 /* read */, ssl->version, SSL3_RT_HANDSHAKE,
- ssl->init_buf->data, ssl->init_buf->length);
+ ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_HANDSHAKE, ssl->init_buf->data,
+ ssl->init_buf->length);
ssl->s3->tmp.message_type = ((const uint8_t *)ssl->init_buf->data)[0];
ssl->init_msg = (uint8_t*)ssl->init_buf->data + SSL3_HM_HEADER_LENGTH;
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index b1a6aa9..fda9a25 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -407,8 +407,8 @@
return -1;
}
- ssl_do_msg_callback(ssl, 0 /* read */, ssl->version,
- SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, rr->length);
+ ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data,
+ rr->length);
rr->length = 0;
ssl_read_buffer_discard(ssl);
@@ -487,8 +487,8 @@
BIO_flush(ssl->wbio);
}
- ssl_do_msg_callback(ssl, 1 /* write */, ssl->version, SSL3_RT_ALERT,
- ssl->s3->send_alert, 2);
+ ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_ALERT, ssl->s3->send_alert,
+ 2);
int alert = (ssl->s3->send_alert[0] << 8) | ssl->s3->send_alert[1];
ssl_do_info_callback(ssl, SSL_CB_WRITE_ALERT, alert);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index aa03999..3e27f37 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2913,12 +2913,29 @@
}
}
-void ssl_do_msg_callback(SSL *ssl, int is_write, int version, int content_type,
+void ssl_do_msg_callback(SSL *ssl, int is_write, int content_type,
const void *buf, size_t len) {
- if (ssl->msg_callback != NULL) {
- ssl->msg_callback(is_write, version, content_type, buf, len, ssl,
- ssl->msg_callback_arg);
+ if (ssl->msg_callback == NULL) {
+ return;
}
+
+ /* |version| is zero when calling for |SSL3_RT_HEADER| and |SSL2_VERSION| for
+ * a V2ClientHello. */
+ int version;
+ switch (content_type) {
+ case 0:
+ /* V2ClientHello */
+ version = SSL2_VERSION;
+ break;
+ case SSL3_RT_HEADER:
+ version = 0;
+ break;
+ default:
+ version = ssl->version;
+ }
+
+ ssl->msg_callback(is_write, version, content_type, buf, len, ssl,
+ ssl->msg_callback_arg);
}
int SSL_CTX_sess_connect(const SSL_CTX *ctx) { return 0; }
diff --git a/ssl/tls_record.c b/ssl/tls_record.c
index 8915b39..7041ce3 100644
--- a/ssl/tls_record.c
+++ b/ssl/tls_record.c
@@ -232,7 +232,7 @@
return ssl_open_record_partial;
}
- ssl_do_msg_callback(ssl, 0 /* read */, 0, SSL3_RT_HEADER, in,
+ ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_HEADER, in,
SSL3_RT_HEADER_LENGTH);
/* Decrypt the body in-place. */
@@ -349,7 +349,7 @@
*out_len = SSL3_RT_HEADER_LENGTH + ciphertext_len;
- ssl_do_msg_callback(ssl, 1 /* write */, 0, SSL3_RT_HEADER, out,
+ ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_HEADER, out,
SSL3_RT_HEADER_LENGTH);
return 1;
}
@@ -414,7 +414,7 @@
return ssl_open_record_error;
}
- ssl_do_msg_callback(ssl, 0 /* read */, ssl->version, SSL3_RT_ALERT, in, in_len);
+ ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_ALERT, in, in_len);
const uint8_t alert_level = in[0];
const uint8_t alert_descr = in[1];
