Introduce a hash_message parameter to ssl_get_message. This replaces the special-case in ssl3_get_message for Channel ID. Also add ssl3_hash_current_message to hash the current message, taking TLS vs DTLS handshake header size into account. One subtlety with this flag is that a message intended to be processed with SSL_GET_MESSAGE_DONT_HASH_MESSAGE cannot follow an optional message (reprocessed with reuse_message, etc.). There is an assertion to that effect. If need be, we can loosen it to requiring that the preceeding optional message also pass SSL_GET_MESSAGE_DONT_HASH_MESSAGE and then maintain some state to perform the more accurate assertion, but this is sufficient for now. Change-Id: If8c87342b291ac041a35885b9b5ee961aee86eab Reviewed-on: https://boringssl-review.googlesource.com/1630 Reviewed-by: Adam Langley <agl@google.com>

commit: 590cbe970c75973f38aeba4b7146dc0b84b66348 [log] [tgz]
author: David Benjamin <davidben@chromium.org> Mon Aug 25 21:34:56 2014 -0400
committer: Adam Langley <agl@google.com> Wed Aug 27 01:54:50 2014 +0000
tree: 4699a8daf78d3fc4ee8eea294bedec17cde4443e
parent: 912806b1bb42151159c3d52376dd8c36c2073cfc [diff] [blame]
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 74aacc0..e58e330 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -342,7 +342,7 @@
 	int (*ssl_renegotiate)(SSL *s);
 	int (*ssl_renegotiate_check)(SSL *s);
 	long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long
-		max, int *ok);
+		max, int hash_message, int *ok);
 	int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, 
 		int peek);
 	int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
commit	590cbe970c75973f38aeba4b7146dc0b84b66348	[log] [tgz]
author	David Benjamin <davidben@chromium.org>	Mon Aug 25 21:34:56 2014 -0400
committer	Adam Langley <agl@google.com>	Wed Aug 27 01:54:50 2014 +0000
tree	4699a8daf78d3fc4ee8eea294bedec17cde4443e
parent	912806b1bb42151159c3d52376dd8c36c2073cfc [diff] [blame]