Switch SSL_GET_MESSAGE_HASH_MESSAGE to an enum.
Matches the others.
Change-Id: If8a5164ed25f9e0bc495585bd705862a61a39fd6
Reviewed-on: https://boringssl-review.googlesource.com/3760
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 16c3e08..d60aecd 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -363,7 +363,7 @@
* if |msg_type| == -1), maximum acceptable body length |max|. Read an entire
* handshake message. Handshake messages arrive in fragments. */
long dtls1_get_message(SSL *s, int st1, int stn, int msg_type, long max,
- int hash_message, int *ok) {
+ enum ssl_hash_message_t hash_message, int *ok) {
int i, al;
struct hm_header_st *msg_hdr;
uint8_t *p;
@@ -372,10 +372,10 @@
/* s3->tmp is used to store messages that are unexpected, caused
* by the absence of an optional handshake message */
if (s->s3->tmp.reuse_message) {
- /* A SSL_GET_MESSAGE_DONT_HASH_MESSAGE call cannot be combined
- * with reuse_message; the SSL_GET_MESSAGE_DONT_HASH_MESSAGE
- * would have to have been applied to the previous call. */
- assert(hash_message != SSL_GET_MESSAGE_DONT_HASH_MESSAGE);
+ /* A ssl_dont_hash_message call cannot be combined with reuse_message; the
+ * ssl_dont_hash_message would have to have been applied to the previous
+ * call. */
+ assert(hash_message == ssl_hash_message);
s->s3->tmp.reuse_message = 0;
if (msg_type >= 0 && s->s3->tmp.message_type != msg_type) {
al = SSL_AD_UNEXPECTED_MESSAGE;
@@ -421,8 +421,7 @@
s->init_msg = (uint8_t *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
- if (hash_message != SSL_GET_MESSAGE_DONT_HASH_MESSAGE &&
- !ssl3_hash_current_message(s)) {
+ if (hash_message == ssl_hash_message && !ssl3_hash_current_message(s)) {
goto err;
}
if (s->msg_callback) {
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index 2c25581..c25b052 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -533,7 +533,7 @@
s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B,
-1,
/* Use the same maximum size as ssl3_get_server_hello. */
- 20000, SSL_GET_MESSAGE_HASH_MESSAGE, &ok);
+ 20000, ssl_hash_message, &ok);
if (!ok) {
return n;
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index a32be5f..2248c9a 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -226,7 +226,7 @@
message_len =
s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED, EVP_MAX_MD_SIZE,
- SSL_GET_MESSAGE_DONT_HASH_MESSAGE, &ok);
+ ssl_dont_hash_message, &ok);
if (!ok) {
return message_len;
@@ -320,17 +320,17 @@
* maximum acceptable body length |max|. The first four bytes (msg_type and
* length) are read in state |header_state|, the body is read in state |body_state|. */
long ssl3_get_message(SSL *s, int header_state, int body_state, int msg_type,
- long max, int hash_message, int *ok) {
+ long max, enum ssl_hash_message_t hash_message, int *ok) {
uint8_t *p;
unsigned long l;
long n;
int al;
if (s->s3->tmp.reuse_message) {
- /* A SSL_GET_MESSAGE_DONT_HASH_MESSAGE call cannot be combined with
- * reuse_message; the SSL_GET_MESSAGE_DONT_HASH_MESSAGE would have to have
- * been applied to the previous call. */
- assert(hash_message != SSL_GET_MESSAGE_DONT_HASH_MESSAGE);
+ /* A ssl_dont_hash_message call cannot be combined with reuse_message; the
+ * ssl_dont_hash_message would have to have been applied to the previous
+ * call. */
+ assert(hash_message == ssl_hash_message);
s->s3->tmp.reuse_message = 0;
if (msg_type >= 0 && s->s3->tmp.message_type != msg_type) {
al = SSL_AD_UNEXPECTED_MESSAGE;
@@ -420,8 +420,7 @@
}
/* Feed this message into MAC computation. */
- if (hash_message != SSL_GET_MESSAGE_DONT_HASH_MESSAGE &&
- !ssl3_hash_current_message(s)) {
+ if (hash_message == ssl_hash_message && !ssl3_hash_current_message(s)) {
goto err;
}
if (s->msg_callback) {
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index f70cfcb..129a128 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -751,7 +751,7 @@
n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
SSL3_ST_CR_SRVR_HELLO_B, SSL3_MT_SERVER_HELLO,
20000, /* ?? */
- SSL_GET_MESSAGE_HASH_MESSAGE, &ok);
+ ssl_hash_message, &ok);
if (!ok) {
uint32_t err = ERR_peek_error();
@@ -931,7 +931,7 @@
n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A, SSL3_ST_CR_CERT_B,
SSL3_MT_CERTIFICATE, s->max_cert_list,
- SSL_GET_MESSAGE_HASH_MESSAGE, &ok);
+ ssl_hash_message, &ok);
if (!ok) {
return n;
@@ -1081,7 +1081,7 @@
* ServerKeyExchange message may be skipped */
n = s->method->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A,
SSL3_ST_CR_KEY_EXCH_B, -1, s->max_cert_list,
- SSL_GET_MESSAGE_HASH_MESSAGE, &ok);
+ ssl_hash_message, &ok);
if (!ok) {
return n;
}
@@ -1409,7 +1409,7 @@
n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_REQ_A,
SSL3_ST_CR_CERT_REQ_B, -1, s->max_cert_list,
- SSL_GET_MESSAGE_HASH_MESSAGE, &ok);
+ ssl_hash_message, &ok);
if (!ok) {
return n;
@@ -1551,7 +1551,7 @@
n = s->method->ssl_get_message(
s, SSL3_ST_CR_SESSION_TICKET_A, SSL3_ST_CR_SESSION_TICKET_B,
- SSL3_MT_NEWSESSION_TICKET, 16384, SSL_GET_MESSAGE_HASH_MESSAGE, &ok);
+ SSL3_MT_NEWSESSION_TICKET, 16384, ssl_hash_message, &ok);
if (!ok) {
return n;
@@ -1598,7 +1598,7 @@
n = s->method->ssl_get_message(
s, SSL3_ST_CR_CERT_STATUS_A, SSL3_ST_CR_CERT_STATUS_B,
- SSL3_MT_CERTIFICATE_STATUS, 16384, SSL_GET_MESSAGE_HASH_MESSAGE, &ok);
+ SSL3_MT_CERTIFICATE_STATUS, 16384, ssl_hash_message, &ok);
if (!ok) {
return n;
@@ -1635,7 +1635,7 @@
n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_DONE_A,
SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE,
30, /* should be very small, like 0 :-) */
- SSL_GET_MESSAGE_HASH_MESSAGE, &ok);
+ ssl_hash_message, &ok);
if (!ok) {
return n;
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 4e60d63..956b980 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -945,7 +945,7 @@
n = s->method->ssl_get_message(
s, SSL3_ST_SR_CLNT_HELLO_A, SSL3_ST_SR_CLNT_HELLO_B,
SSL3_MT_CLIENT_HELLO, SSL3_RT_MAX_PLAIN_LENGTH,
- SSL_GET_MESSAGE_HASH_MESSAGE, &ok);
+ ssl_hash_message, &ok);
if (!ok) {
return n;
@@ -1733,7 +1733,7 @@
n = s->method->ssl_get_message(s, SSL3_ST_SR_KEY_EXCH_A,
SSL3_ST_SR_KEY_EXCH_B,
SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, /* ??? */
- SSL_GET_MESSAGE_HASH_MESSAGE, &ok);
+ ssl_hash_message, &ok);
if (!ok) {
return n;
@@ -2168,7 +2168,7 @@
n = s->method->ssl_get_message(
s, SSL3_ST_SR_CERT_VRFY_A, SSL3_ST_SR_CERT_VRFY_B,
SSL3_MT_CERTIFICATE_VERIFY, SSL3_RT_MAX_PLAIN_LENGTH,
- SSL_GET_MESSAGE_DONT_HASH_MESSAGE, &ok);
+ ssl_dont_hash_message, &ok);
if (!ok) {
return n;
@@ -2255,8 +2255,7 @@
int is_first_certificate = 1;
n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B, -1,
- s->max_cert_list, SSL_GET_MESSAGE_HASH_MESSAGE,
- &ok);
+ s->max_cert_list, ssl_hash_message, &ok);
if (!ok) {
return n;
@@ -2583,7 +2582,7 @@
n = s->method->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A,
SSL3_ST_SR_NEXT_PROTO_B, SSL3_MT_NEXT_PROTO,
514, /* See the payload format below */
- SSL_GET_MESSAGE_HASH_MESSAGE, &ok);
+ ssl_hash_message, &ok);
if (!ok) {
return n;
@@ -2638,7 +2637,7 @@
n = s->method->ssl_get_message(
s, SSL3_ST_SR_CHANNEL_ID_A, SSL3_ST_SR_CHANNEL_ID_B,
SSL3_MT_ENCRYPTED_EXTENSIONS, 2 + 2 + TLSEXT_CHANNEL_ID_SIZE,
- SSL_GET_MESSAGE_DONT_HASH_MESSAGE, &ok);
+ ssl_dont_hash_message, &ok);
if (!ok) {
return n;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 39dce5c..8e6f121 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -401,9 +401,10 @@
#define EXPLICIT_CHAR2_CURVE_TYPE 2
#define NAMED_CURVE_TYPE 3
-/* Values for the |hash_message| parameter of |s->method->ssl_get_message|. */
-#define SSL_GET_MESSAGE_DONT_HASH_MESSAGE 0
-#define SSL_GET_MESSAGE_HASH_MESSAGE 1
+enum ssl_hash_message_t {
+ ssl_dont_hash_message,
+ ssl_hash_message,
+};
typedef struct cert_pkey_st {
X509 *x509;
@@ -545,7 +546,8 @@
int (*ssl_renegotiate)(SSL *s);
int (*ssl_renegotiate_check)(SSL *s);
long (*ssl_get_message)(SSL *s, int header_state, int body_state,
- int msg_type, long max, int hash_message, int *ok);
+ int msg_type, long max,
+ enum ssl_hash_message_t hash_message, int *ok);
int (*ssl_read_bytes)(SSL *s, int type, uint8_t *buf, int len, int peek);
int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
int (*ssl_dispatch_alert)(SSL *s);
@@ -730,7 +732,7 @@
int ssl3_send_alert(SSL *s, int level, int desc);
int ssl3_get_req_cert_type(SSL *s, uint8_t *p);
long ssl3_get_message(SSL *s, int header_state, int body_state, int msg_type,
- long max, int hash_message, int *ok);
+ long max, enum ssl_hash_message_t hash_message, int *ok);
/* ssl3_hash_current_message incorporates the current handshake message into the
* handshake hash. It returns one on success and zero on allocation failure. */
@@ -867,7 +869,7 @@
int dtls1_shutdown(SSL *s);
long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max,
- int hash_message, int *ok);
+ enum ssl_hash_message_t hash_message, int *ok);
int dtls1_get_record(SSL *s);
int dtls1_dispatch_alert(SSL *s);