commit c89ce97a2d3795d6aff8d9da252220503fc3e60f
author David Benjamin <davidben@google.com> Wed Jun 02 11:42:56 2021 -0400
committer Adam Langley <agl@google.com> Thu Jun 10 16:29:47 2021 +0000
tree e64139d102a1f1dd11d77f48b98ca203169584e1
parent fb4d2571f3faa85ce14bbc086f3fcfbb7043f944

Move the TLS vs DTLS header length adjustment into ssl_add_clienthello_tlsext.

This makes calls to ssl_add_clienthello_tlsext a hair easier. Also we
only apply the [256, 511) compatibility hack to TLS, so we can just use
a constant.

Bug: 275
Change-Id: Ia2b5192aeef0cd8848ecfa1ea3b89a0a7382ff1a
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47996
Reviewed-by: Adam Langley <agl@google.com>

ssl/handshake_client.cc

diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc
index e2c3dd9..1d6bc0a 100644
--- a/ssl/handshake_client.cc
+++ b/ssl/handshake_client.cc
@@ -308,14 +308,12 @@
     }
   }
 
-  size_t header_len =
-      SSL_is_dtls(ssl) ? DTLS1_HM_HEADER_LENGTH : SSL3_HM_HEADER_LENGTH;
   bool needs_psk_binder;
   if (!ssl_write_client_cipher_list(hs, &body) ||
       !CBB_add_u8(&body, 1 /* one compression method */) ||
       !CBB_add_u8(&body, 0 /* null compression */) ||
       !ssl_add_clienthello_tlsext(hs, &body, &needs_psk_binder,
-                                  header_len + CBB_len(&body))) {
+                                  CBB_len(&body))) {
     return false;
   }
 

ssl/internal.h

diff --git a/ssl/internal.h b/ssl/internal.h
index 250beb1..72e1fba 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -3163,7 +3163,7 @@
 // ssl_add_clienthello_tlsext writes ClientHello extensions to |out|. It returns
 // true on success and false on failure. The |header_len| argument is the length
 // of the ClientHello written so far and is used to compute the padding length.
-// (It does not include the record header.) On success, if
+// (It does not include the record header or handshake headers.) On success, if
 // |*out_needs_psk_binder| is true, the last ClientHello extension was the
 // pre_shared_key extension and needs a PSK binder filled in.
 bool ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out,

ssl/t1_lib.cc

diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index e780677..da89afb 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc
@@ -3311,7 +3311,8 @@
 
   if (!SSL_is_dtls(ssl) && !ssl->quic_method) {
     size_t psk_extension_len = ext_pre_shared_key_clienthello_length(hs);
-    header_len += 2 + CBB_len(&extensions) + psk_extension_len;
+    header_len +=
+        SSL3_HM_HEADER_LENGTH + 2 + CBB_len(&extensions) + psk_extension_len;
     size_t padding_len = 0;
 
     // The final extension must be non-empty. WebSphere Application