Stop reseting init_num everywhere in the handshake loop.

This was needed because ssl3_get_message would get confused if init_num were
not set back to zero when reading the next message. However, ssl3_get_message
now treats init_num only as an output, not an input. (The message sending logic
and the individual handshake states still use it, so we can't get rid of it
altogether yet.)

I've kept the init_num reset at the start and end of the handshake loop alone
for now since that's more about initialization and cleanup. Though I believe
they too do not do anything.

Change-Id: I64bbdd82122498de32364e7edb3b00b166059ecd
Reviewed-on: https://boringssl-review.googlesource.com/7950
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2016-05-15 13:46:07 -04:00 committed by Adam Langley
parent 1e6d6df943
commit 1d64afda44
4 changed files with 4 additions and 69 deletions

View File

@ -168,6 +168,7 @@ int dtls1_connect(SSL *ssl) {
ssl->init_buf = buf;
buf = NULL;
}
ssl->init_num = 0;
if (!ssl_init_wbio_buffer(ssl)) {
ret = -1;
@ -175,7 +176,6 @@ int dtls1_connect(SSL *ssl) {
}
ssl->state = SSL3_ST_CW_CLNT_HELLO_A;
ssl->init_num = 0;
ssl->d1->send_cookie = 0;
ssl->hit = 0;
break;
@ -194,9 +194,6 @@ int dtls1_connect(SSL *ssl) {
ssl->s3->tmp.next_state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
}
ssl->state = SSL3_ST_CW_FLUSH;
ssl->init_num = 0;
break;
case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
@ -211,7 +208,6 @@ int dtls1_connect(SSL *ssl) {
} else {
ssl->state = SSL3_ST_CR_SRVR_HELLO_A;
}
ssl->init_num = 0;
break;
case SSL3_ST_CR_SRVR_HELLO_A:
@ -229,7 +225,6 @@ int dtls1_connect(SSL *ssl) {
} else {
ssl->state = SSL3_ST_CR_CERT_A;
}
ssl->init_num = 0;
break;
case SSL3_ST_CR_CERT_A:
@ -247,7 +242,6 @@ int dtls1_connect(SSL *ssl) {
skip = 1;
ssl->state = SSL3_ST_CR_KEY_EXCH_A;
}
ssl->init_num = 0;
break;
case SSL3_ST_VERIFY_SERVER_CERT:
@ -257,7 +251,6 @@ int dtls1_connect(SSL *ssl) {
}
ssl->state = SSL3_ST_CR_KEY_EXCH_A;
ssl->init_num = 0;
break;
case SSL3_ST_CR_KEY_EXCH_A:
@ -270,7 +263,6 @@ int dtls1_connect(SSL *ssl) {
} else {
ssl->state = SSL3_ST_CR_SRVR_DONE_A;
}
ssl->init_num = 0;
break;
case SSL3_ST_CR_CERT_REQ_A:
@ -279,7 +271,6 @@ int dtls1_connect(SSL *ssl) {
goto end;
}
ssl->state = SSL3_ST_CR_SRVR_DONE_A;
ssl->init_num = 0;
break;
case SSL3_ST_CR_SRVR_DONE_A:
@ -293,7 +284,6 @@ int dtls1_connect(SSL *ssl) {
} else {
ssl->s3->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A;
}
ssl->init_num = 0;
ssl->state = ssl->s3->tmp.next_state;
break;
@ -307,7 +297,6 @@ int dtls1_connect(SSL *ssl) {
goto end;
}
ssl->state = SSL3_ST_CW_KEY_EXCH_A;
ssl->init_num = 0;
break;
case SSL3_ST_CW_KEY_EXCH_A:
@ -324,8 +313,6 @@ int dtls1_connect(SSL *ssl) {
} else {
ssl->state = SSL3_ST_CW_CHANGE_A;
}
ssl->init_num = 0;
break;
case SSL3_ST_CW_CERT_VRFY_A:
@ -337,7 +324,6 @@ int dtls1_connect(SSL *ssl) {
goto end;
}
ssl->state = SSL3_ST_CW_CHANGE_A;
ssl->init_num = 0;
break;
case SSL3_ST_CW_CHANGE_A:
@ -352,7 +338,6 @@ int dtls1_connect(SSL *ssl) {
}
ssl->state = SSL3_ST_CW_FINISHED_A;
ssl->init_num = 0;
if (!tls1_change_cipher_state(ssl, SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
ret = -1;
@ -383,7 +368,6 @@ int dtls1_connect(SSL *ssl) {
ssl->s3->tmp.next_state = SSL3_ST_CR_CHANGE;
}
}
ssl->init_num = 0;
break;
case SSL3_ST_CR_SESSION_TICKET_A:
@ -392,7 +376,6 @@ int dtls1_connect(SSL *ssl) {
goto end;
}
ssl->state = SSL3_ST_CR_CHANGE;
ssl->init_num = 0;
break;
case SSL3_ST_CR_CERT_STATUS_A:
@ -401,7 +384,6 @@ int dtls1_connect(SSL *ssl) {
goto end;
}
ssl->state = SSL3_ST_VERIFY_SERVER_CERT;
ssl->init_num = 0;
break;
case SSL3_ST_CR_CHANGE:
@ -430,7 +412,6 @@ int dtls1_connect(SSL *ssl) {
ssl->state = SSL_ST_OK;
}
ssl->init_num = 0;
break;
case SSL3_ST_CW_FLUSH:

View File

@ -191,7 +191,6 @@ int dtls1_accept(SSL *ssl) {
}
dtls1_stop_timer(ssl);
ssl->state = SSL3_ST_SW_SRVR_HELLO_A;
ssl->init_num = 0;
break;
case SSL3_ST_SW_SRVR_HELLO_A:
@ -211,7 +210,6 @@ int dtls1_accept(SSL *ssl) {
} else {
ssl->state = SSL3_ST_SW_CERT_A;
}
ssl->init_num = 0;
break;
case SSL3_ST_SW_CERT_A:
@ -231,7 +229,6 @@ int dtls1_accept(SSL *ssl) {
skip = 1;
ssl->state = SSL3_ST_SW_KEY_EXCH_A;
}
ssl->init_num = 0;
break;
case SSL3_ST_SW_CERT_STATUS_A:
@ -241,7 +238,6 @@ int dtls1_accept(SSL *ssl) {
goto end;
}
ssl->state = SSL3_ST_SW_KEY_EXCH_A;
ssl->init_num = 0;
break;
case SSL3_ST_SW_KEY_EXCH_A:
@ -269,7 +265,6 @@ int dtls1_accept(SSL *ssl) {
}
ssl->state = SSL3_ST_SW_CERT_REQ_A;
ssl->init_num = 0;
break;
case SSL3_ST_SW_CERT_REQ_A:
@ -284,7 +279,6 @@ int dtls1_accept(SSL *ssl) {
skip = 1;
}
ssl->state = SSL3_ST_SW_SRVR_DONE_A;
ssl->init_num = 0;
break;
case SSL3_ST_SW_SRVR_DONE_A:
@ -296,7 +290,6 @@ int dtls1_accept(SSL *ssl) {
}
ssl->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
ssl->state = SSL3_ST_SW_FLUSH;
ssl->init_num = 0;
break;
case SSL3_ST_SW_FLUSH:
@ -315,7 +308,6 @@ int dtls1_accept(SSL *ssl) {
goto end;
}
}
ssl->init_num = 0;
ssl->state = SSL3_ST_SR_KEY_EXCH_A;
break;
@ -326,7 +318,6 @@ int dtls1_accept(SSL *ssl) {
goto end;
}
ssl->state = SSL3_ST_SR_CERT_VRFY_A;
ssl->init_num = 0;
break;
case SSL3_ST_SR_CERT_VRFY_A:
@ -335,7 +326,6 @@ int dtls1_accept(SSL *ssl) {
goto end;
}
ssl->state = SSL3_ST_SR_CHANGE;
ssl->init_num = 0;
break;
case SSL3_ST_SR_CHANGE:
@ -365,7 +355,6 @@ int dtls1_accept(SSL *ssl) {
} else {
ssl->state = SSL3_ST_SW_CHANGE_A;
}
ssl->init_num = 0;
break;
case SSL3_ST_SW_SESSION_TICKET_A:
@ -375,7 +364,6 @@ int dtls1_accept(SSL *ssl) {
goto end;
}
ssl->state = SSL3_ST_SW_CHANGE_A;
ssl->init_num = 0;
break;
case SSL3_ST_SW_CHANGE_A:
@ -388,7 +376,6 @@ int dtls1_accept(SSL *ssl) {
}
ssl->state = SSL3_ST_SW_FINISHED_A;
ssl->init_num = 0;
if (!tls1_change_cipher_state(ssl, SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
ret = -1;
@ -409,7 +396,6 @@ int dtls1_accept(SSL *ssl) {
} else {
ssl->s3->tmp.next_state = SSL_ST_OK;
}
ssl->init_num = 0;
break;
case SSL_ST_OK:

View File

@ -208,6 +208,7 @@ int ssl3_connect(SSL *ssl) {
ssl->init_buf = buf;
buf = NULL;
}
ssl->init_num = 0;
if (!ssl_init_wbio_buffer(ssl)) {
ret = -1;
@ -221,7 +222,6 @@ int ssl3_connect(SSL *ssl) {
}
ssl->state = SSL3_ST_CW_CLNT_HELLO_A;
ssl->init_num = 0;
break;
case SSL3_ST_CW_CLNT_HELLO_A:
@ -232,7 +232,6 @@ int ssl3_connect(SSL *ssl) {
}
ssl->s3->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A;
ssl->state = SSL3_ST_CW_FLUSH;
ssl->init_num = 0;
break;
case SSL3_ST_CR_SRVR_HELLO_A:
@ -250,7 +249,6 @@ int ssl3_connect(SSL *ssl) {
} else {
ssl->state = SSL3_ST_CR_CERT_A;
}
ssl->init_num = 0;
break;
case SSL3_ST_CR_CERT_A:
@ -268,7 +266,6 @@ int ssl3_connect(SSL *ssl) {
skip = 1;
ssl->state = SSL3_ST_CR_KEY_EXCH_A;
}
ssl->init_num = 0;
break;
case SSL3_ST_VERIFY_SERVER_CERT:
@ -278,7 +275,6 @@ int ssl3_connect(SSL *ssl) {
}
ssl->state = SSL3_ST_CR_KEY_EXCH_A;
ssl->init_num = 0;
break;
case SSL3_ST_CR_KEY_EXCH_A:
@ -291,7 +287,6 @@ int ssl3_connect(SSL *ssl) {
} else {
ssl->state = SSL3_ST_CR_SRVR_DONE_A;
}
ssl->init_num = 0;
break;
case SSL3_ST_CR_CERT_REQ_A:
@ -300,7 +295,6 @@ int ssl3_connect(SSL *ssl) {
goto end;
}
ssl->state = SSL3_ST_CR_SRVR_DONE_A;
ssl->init_num = 0;
break;
case SSL3_ST_CR_SRVR_DONE_A:
@ -313,7 +307,6 @@ int ssl3_connect(SSL *ssl) {
} else {
ssl->state = SSL3_ST_CW_KEY_EXCH_A;
}
ssl->init_num = 0;
break;
@ -326,7 +319,6 @@ int ssl3_connect(SSL *ssl) {
goto end;
}
ssl->state = SSL3_ST_CW_KEY_EXCH_A;
ssl->init_num = 0;
break;
case SSL3_ST_CW_KEY_EXCH_A:
@ -342,8 +334,6 @@ int ssl3_connect(SSL *ssl) {
} else {
ssl->state = SSL3_ST_CW_CHANGE_A;
}
ssl->init_num = 0;
break;
case SSL3_ST_CW_CERT_VRFY_A:
@ -354,7 +344,6 @@ int ssl3_connect(SSL *ssl) {
goto end;
}
ssl->state = SSL3_ST_CW_CHANGE_A;
ssl->init_num = 0;
break;
case SSL3_ST_CW_CHANGE_A:
@ -372,7 +361,6 @@ int ssl3_connect(SSL *ssl) {
if (ssl->s3->next_proto_neg_seen) {
ssl->state = SSL3_ST_CW_NEXT_PROTO_A;
}
ssl->init_num = 0;
if (!tls1_change_cipher_state(ssl, SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
ret = -1;
@ -439,7 +427,6 @@ int ssl3_connect(SSL *ssl) {
}
}
}
ssl->init_num = 0;
break;
case SSL3_ST_CR_SESSION_TICKET_A:
@ -448,7 +435,6 @@ int ssl3_connect(SSL *ssl) {
goto end;
}
ssl->state = SSL3_ST_CR_CHANGE;
ssl->init_num = 0;
break;
case SSL3_ST_CR_CERT_STATUS_A:
@ -457,7 +443,6 @@ int ssl3_connect(SSL *ssl) {
goto end;
}
ssl->state = SSL3_ST_VERIFY_SERVER_CERT;
ssl->init_num = 0;
break;
case SSL3_ST_CR_CHANGE:
@ -484,7 +469,6 @@ int ssl3_connect(SSL *ssl) {
} else {
ssl->state = SSL_ST_OK;
}
ssl->init_num = 0;
break;
case SSL3_ST_CW_FLUSH:
@ -515,13 +499,13 @@ int ssl3_connect(SSL *ssl) {
BUF_MEM_free(ssl->init_buf);
ssl->init_buf = NULL;
ssl->init_num = 0;
/* Remove write buffering now. */
ssl_free_wbio_buffer(ssl);
const int is_initial_handshake = !ssl->s3->initial_handshake_complete;
ssl->init_num = 0;
ssl->s3->tmp.in_false_start = 0;
ssl->s3->initial_handshake_complete = 1;

View File

@ -262,7 +262,6 @@ int ssl3_accept(SSL *ssl) {
goto end;
}
ssl->state = SSL3_ST_SW_SRVR_HELLO_A;
ssl->init_num = 0;
break;
case SSL3_ST_SW_SRVR_HELLO_A:
@ -280,7 +279,6 @@ int ssl3_accept(SSL *ssl) {
} else {
ssl->state = SSL3_ST_SW_CERT_A;
}
ssl->init_num = 0;
break;
case SSL3_ST_SW_CERT_A:
@ -299,7 +297,6 @@ int ssl3_accept(SSL *ssl) {
skip = 1;
ssl->state = SSL3_ST_SW_KEY_EXCH_A;
}
ssl->init_num = 0;
break;
case SSL3_ST_SW_CERT_STATUS_A:
@ -309,7 +306,6 @@ int ssl3_accept(SSL *ssl) {
goto end;
}
ssl->state = SSL3_ST_SW_KEY_EXCH_A;
ssl->init_num = 0;
break;
case SSL3_ST_SW_KEY_EXCH_A:
@ -335,7 +331,6 @@ int ssl3_accept(SSL *ssl) {
}
ssl->state = SSL3_ST_SW_CERT_REQ_A;
ssl->init_num = 0;
break;
case SSL3_ST_SW_CERT_REQ_A:
@ -349,7 +344,6 @@ int ssl3_accept(SSL *ssl) {
skip = 1;
}
ssl->state = SSL3_ST_SW_SRVR_DONE_A;
ssl->init_num = 0;
break;
case SSL3_ST_SW_SRVR_DONE_A:
@ -360,7 +354,6 @@ int ssl3_accept(SSL *ssl) {
}
ssl->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
ssl->state = SSL3_ST_SW_FLUSH;
ssl->init_num = 0;
break;
case SSL3_ST_SW_FLUSH:
@ -385,7 +378,6 @@ int ssl3_accept(SSL *ssl) {
goto end;
}
}
ssl->init_num = 0;
ssl->state = SSL3_ST_SR_KEY_EXCH_A;
break;
@ -396,7 +388,6 @@ int ssl3_accept(SSL *ssl) {
goto end;
}
ssl->state = SSL3_ST_SR_CERT_VRFY_A;
ssl->init_num = 0;
break;
case SSL3_ST_SR_CERT_VRFY_A:
@ -406,7 +397,6 @@ int ssl3_accept(SSL *ssl) {
}
ssl->state = SSL3_ST_SR_CHANGE;
ssl->init_num = 0;
break;
case SSL3_ST_SR_CHANGE:
@ -434,7 +424,6 @@ int ssl3_accept(SSL *ssl) {
if (ret <= 0) {
goto end;
}
ssl->init_num = 0;
if (ssl->s3->tlsext_channel_id_valid) {
ssl->state = SSL3_ST_SR_CHANNEL_ID_A;
} else {
@ -447,7 +436,6 @@ int ssl3_accept(SSL *ssl) {
if (ret <= 0) {
goto end;
}
ssl->init_num = 0;
ssl->state = SSL3_ST_SR_FINISHED_A;
break;
@ -473,7 +461,6 @@ int ssl3_accept(SSL *ssl) {
goto end;
}
}
ssl->init_num = 0;
break;
case SSL3_ST_SW_SESSION_TICKET_A:
@ -483,7 +470,6 @@ int ssl3_accept(SSL *ssl) {
goto end;
}
ssl->state = SSL3_ST_SW_CHANGE_A;
ssl->init_num = 0;
break;
case SSL3_ST_SW_CHANGE_A:
@ -494,7 +480,6 @@ int ssl3_accept(SSL *ssl) {
goto end;
}
ssl->state = SSL3_ST_SW_FINISHED_A;
ssl->init_num = 0;
if (!tls1_change_cipher_state(ssl, SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
ret = -1;
@ -515,7 +500,6 @@ int ssl3_accept(SSL *ssl) {
} else {
ssl->s3->tmp.next_state = SSL_ST_OK;
}
ssl->init_num = 0;
break;
case SSL_ST_OK:
@ -524,11 +508,11 @@ int ssl3_accept(SSL *ssl) {
BUF_MEM_free(ssl->init_buf);
ssl->init_buf = NULL;
ssl->init_num = 0;
/* remove buffering on output */
ssl_free_wbio_buffer(ssl);
ssl->init_num = 0;
/* If we aren't retaining peer certificates then we can discard it
* now. */