Tweak ssl_early_callback_init.
It really should take a few more parameters and save a bit of
long-winded initialization work.
Change-Id: I2823f0aa82be39914a156323f6f32b470b6d6a3b
Reviewed-on: https://boringssl-review.googlesource.com/8876
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/handshake_server.c b/ssl/handshake_server.c
index 8427a29..31a5030 100644
--- a/ssl/handshake_server.c
+++ b/ssl/handshake_server.c
@@ -548,11 +548,8 @@
/* fallthrough */
case SSL3_ST_SR_CLNT_HELLO_B:
case SSL3_ST_SR_CLNT_HELLO_C:
- memset(&early_ctx, 0, sizeof(early_ctx));
- early_ctx.ssl = ssl;
- early_ctx.client_hello = ssl->init_msg;
- early_ctx.client_hello_len = ssl->init_num;
- if (!ssl_early_callback_init(&early_ctx)) {
+ if (!ssl_early_callback_init(ssl, &early_ctx, ssl->init_msg,
+ ssl->init_num)) {
al = SSL_AD_DECODE_ERROR;
OPENSSL_PUT_ERROR(SSL, SSL_R_CLIENTHELLO_PARSE_FAILED);
goto f_err;
diff --git a/ssl/internal.h b/ssl/internal.h
index 0401791..5d14eba 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -1342,7 +1342,8 @@
int tls1_generate_master_secret(SSL *ssl, uint8_t *out, const uint8_t *premaster,
size_t premaster_len);
-char ssl_early_callback_init(struct ssl_early_callback_ctx *ctx);
+int ssl_early_callback_init(SSL *ssl, struct ssl_early_callback_ctx *ctx,
+ const uint8_t *in, size_t in_len);
/* tls1_get_grouplist sets |*out_group_ids| and |*out_group_ids_len| to the
* list of allowed group IDs. If |get_peer_groups| is non-zero, return the
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 7549240..b1e3b13 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -202,9 +202,14 @@
return ret;
}
-char ssl_early_callback_init(struct ssl_early_callback_ctx *ctx) {
- CBS client_hello, session_id, cipher_suites, compression_methods, extensions;
+int ssl_early_callback_init(SSL *ssl, struct ssl_early_callback_ctx *ctx,
+ const uint8_t *in, size_t in_len) {
+ memset(ctx, 0, sizeof(*ctx));
+ ctx->ssl = ssl;
+ ctx->client_hello = in;
+ ctx->client_hello_len = in_len;
+ CBS client_hello, session_id, cipher_suites, compression_methods, extensions;
CBS_init(&client_hello, ctx->client_hello, ctx->client_hello_len);
if (/* Skip client version. */
diff --git a/ssl/tls13_server.c b/ssl/tls13_server.c
index 22392f0..cd7d65f 100644
--- a/ssl/tls13_server.c
+++ b/ssl/tls13_server.c
@@ -106,20 +106,15 @@
}
struct ssl_early_callback_ctx early_ctx;
- uint16_t client_wire_version;
- CBS client_random, session_id, cipher_suites, compression_methods;
-
- memset(&early_ctx, 0, sizeof(early_ctx));
- early_ctx.ssl = ssl;
- early_ctx.client_hello = ssl->init_msg;
- early_ctx.client_hello_len = ssl->init_num;
- if (!ssl_early_callback_init(&early_ctx)) {
+ if (!ssl_early_callback_init(ssl, &early_ctx, ssl->init_msg,
+ ssl->init_num)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_CLIENTHELLO_PARSE_FAILED);
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return ssl_hs_error;
}
- CBS cbs;
+ CBS cbs, client_random, session_id, cipher_suites, compression_methods;
+ uint16_t client_wire_version;
CBS_init(&cbs, ssl->init_msg, ssl->init_num);
if (!CBS_get_u16(&cbs, &client_wire_version) ||
!CBS_get_bytes(&cbs, &client_random, SSL3_RANDOM_SIZE) ||
@@ -280,12 +275,8 @@
}
struct ssl_early_callback_ctx early_ctx;
-
- memset(&early_ctx, 0, sizeof(early_ctx));
- early_ctx.ssl = ssl;
- early_ctx.client_hello = ssl->init_msg;
- early_ctx.client_hello_len = ssl->init_num;
- if (!ssl_early_callback_init(&early_ctx)) {
+ if (!ssl_early_callback_init(ssl, &early_ctx, ssl->init_msg,
+ ssl->init_num)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_CLIENTHELLO_PARSE_FAILED);
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return ssl_hs_error;
