Maintain SSL_HANDSHAKE lifetime outside of handshake_func.
We currently look up SSL_HANDSHAKE off of ssl->s3->hs everywhere, but
this is a little dangerous. Unlike ssl->s3->tmp, ssl->s3->hs may not be
present. Right now we just know not to call some functions outside the
handshake.
Instead, code which expects to only be called during a handshake should
take an explicit SSL_HANDSHAKE * parameter and can assume it non-NULL.
This replaces the SSL * parameter. Instead, that is looked up from
hs->ssl.
Code which is called in both cases, reads from ssl->s3->hs. Ultimately,
we should get to the point that all direct access of ssl->s3->hs needs
to be NULL-checked.
As a start, manage the lifetime of the ssl->s3->hs in SSL_do_handshake.
This allows the top-level handshake_func hooks to be passed in the
SSL_HANDSHAKE *. Later work will route it through the stack. False Start
is a little wonky, but I think this is cleaner overall.
Change-Id: I26dfeb95f1bc5a0a630b5c442c90c26a6b9e2efe
Reviewed-on: https://boringssl-review.googlesource.com/12236
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/handshake_server.c b/ssl/handshake_server.c
index 3b66ab7..ccf0e8b 100644
--- a/ssl/handshake_server.c
+++ b/ssl/handshake_server.c
@@ -185,7 +185,8 @@
static int ssl3_get_channel_id(SSL *ssl);
static int ssl3_send_new_session_ticket(SSL *ssl);
-int ssl3_accept(SSL *ssl) {
+int ssl3_accept(SSL_HANDSHAKE *hs) {
+ SSL *const ssl = hs->ssl;
uint32_t alg_a;
int ret = -1;
int state, skip = 0;
@@ -205,12 +206,6 @@
case SSL_ST_ACCEPT:
ssl_do_info_callback(ssl, SSL_CB_HANDSHAKE_START, 1);
- ssl->s3->hs = ssl_handshake_new(tls13_server_handshake);
- if (ssl->s3->hs == NULL) {
- ret = -1;
- goto end;
- }
-
/* Enable a write buffer. This groups handshake messages within a flight
* into a single write. */
if (!ssl_init_wbio_buffer(ssl)) {
@@ -271,7 +266,7 @@
case SSL3_ST_SW_CERT_STATUS_A:
case SSL3_ST_SW_CERT_STATUS_B:
- if (ssl->s3->hs->certificate_status_expected) {
+ if (hs->certificate_status_expected) {
ret = ssl3_send_certificate_status(ssl);
if (ret <= 0) {
goto end;
@@ -303,7 +298,7 @@
case SSL3_ST_SW_CERT_REQ_A:
case SSL3_ST_SW_CERT_REQ_B:
- if (ssl->s3->hs->cert_request) {
+ if (hs->cert_request) {
ret = ssl3_send_certificate_request(ssl);
if (ret <= 0) {
goto end;
@@ -325,7 +320,7 @@
break;
case SSL3_ST_SR_CERT_A:
- if (ssl->s3->hs->cert_request) {
+ if (hs->cert_request) {
ret = ssl3_get_client_certificate(ssl);
if (ret <= 0) {
goto end;
@@ -367,7 +362,7 @@
break;
case SSL3_ST_SR_NEXT_PROTO_A:
- if (ssl->s3->hs->next_proto_neg_seen) {
+ if (hs->next_proto_neg_seen) {
ret = ssl3_get_next_proto(ssl);
if (ret <= 0) {
goto end;
@@ -416,7 +411,7 @@
case SSL3_ST_SW_SESSION_TICKET_A:
case SSL3_ST_SW_SESSION_TICKET_B:
- if (ssl->s3->hs->ticket_expected) {
+ if (hs->ticket_expected) {
ret = ssl3_send_new_session_ticket(ssl);
if (ret <= 0) {
goto end;
@@ -505,9 +500,6 @@
ssl->s3->initial_handshake_complete = 1;
ssl_update_cache(ssl, SSL_SESS_CACHE_SERVER);
- ssl_handshake_free(ssl->s3->hs);
- ssl->s3->hs = NULL;
-
ssl_do_info_callback(ssl, SSL_CB_HANDSHAKE_DONE, 1);
ret = 1;
goto end;
@@ -717,6 +709,7 @@
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
ssl->state = SSL_ST_TLS13;
+ ssl->s3->hs->do_tls13_handshake = tls13_server_handshake;
return 1;
}
}
