Maintain SSL_HANDSHAKE lifetime outside of handshake_func. We currently look up SSL_HANDSHAKE off of ssl->s3->hs everywhere, but this is a little dangerous. Unlike ssl->s3->tmp, ssl->s3->hs may not be present. Right now we just know not to call some functions outside the handshake. Instead, code which expects to only be called during a handshake should take an explicit SSL_HANDSHAKE * parameter and can assume it non-NULL. This replaces the SSL * parameter. Instead, that is looked up from hs->ssl. Code which is called in both cases, reads from ssl->s3->hs. Ultimately, we should get to the point that all direct access of ssl->s3->hs needs to be NULL-checked. As a start, manage the lifetime of the ssl->s3->hs in SSL_do_handshake. This allows the top-level handshake_func hooks to be passed in the SSL_HANDSHAKE *. Later work will route it through the stack. False Start is a little wonky, but I think this is cleaner overall. Change-Id: I26dfeb95f1bc5a0a630b5c442c90c26a6b9e2efe Reviewed-on: https://boringssl-review.googlesource.com/12236 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/s3_both.c b/ssl/s3_both.c index d872020..b27938a 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c
@@ -130,14 +130,14 @@ #include "internal.h" -SSL_HANDSHAKE *ssl_handshake_new(enum ssl_hs_wait_t (*do_handshake)(SSL *ssl)) { +SSL_HANDSHAKE *ssl_handshake_new(SSL *ssl) { SSL_HANDSHAKE *hs = OPENSSL_malloc(sizeof(SSL_HANDSHAKE)); if (hs == NULL) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); return NULL; } memset(hs, 0, sizeof(SSL_HANDSHAKE)); - hs->do_handshake = do_handshake; + hs->ssl = ssl; hs->wait = ssl_hs_ok; return hs; }