kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Don't use ssl3_read_bytes in ssl3_read_close_notify.

Browse Source 
read_close_notify is a very straight-forward hook and doesn't need much.

Change-Id: I7407d842321ea1bcb47838424a0d8f7550ad71ca
Reviewed-on: https://boringssl-review.googlesource.com/8174
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
This commit is contained in:
David Benjamin 2016-06-01 19:40:23 -04:00
parent a7810c12e9
commit 4aa4081e7f
1 changed files with 6 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
ssl/s3_pkt.c
View File

@ -336,7 +336,10 @@ int ssl3_read_change_cipher_spec(SSL *ssl) {
} }
void ssl3_read_close_notify(SSL *ssl) { void ssl3_read_close_notify(SSL *ssl) {
ssl3_read_bytes(ssl, 0, NULL, 0, 0); /* Read records until an error or close_notify. */
while (ssl3_get_record(ssl) > 0) {
;
}
} }
static int ssl3_can_renegotiate(SSL *ssl) { static int ssl3_can_renegotiate(SSL *ssl) {
@ -361,7 +364,6 @@ static int ssl3_can_renegotiate(SSL *ssl) {
* - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
* - SSL3_RT_CHANGE_CIPHER_SPEC (when ssl3_read_change_cipher_spec calls us) * - SSL3_RT_CHANGE_CIPHER_SPEC (when ssl3_read_change_cipher_spec calls us)
* - SSL3_RT_APPLICATION_DATA (when ssl3_read_app_data calls us) * - SSL3_RT_APPLICATION_DATA (when ssl3_read_app_data calls us)
* - 0 (during a shutdown, no data has to be returned)
* *
* If we don't have stored data to work from, read a SSL/TLS record first * If we don't have stored data to work from, read a SSL/TLS record first
* (possibly multiple records if we still don't have anything to return). * (possibly multiple records if we still don't have anything to return).
@ -373,7 +375,7 @@ int ssl3_read_bytes(SSL *ssl, int type, uint8_t *buf, int len, int peek) {
unsigned int n; unsigned int n;
SSL3_RECORD *rr; SSL3_RECORD *rr;
if ((type && type != SSL3_RT_APPLICATION_DATA && type != SSL3_RT_HANDSHAKE && if ((type != SSL3_RT_APPLICATION_DATA && type != SSL3_RT_HANDSHAKE &&
type != SSL3_RT_CHANGE_CIPHER_SPEC) || type != SSL3_RT_CHANGE_CIPHER_SPEC) ||
(peek && type != SSL3_RT_APPLICATION_DATA)) { (peek && type != SSL3_RT_APPLICATION_DATA)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
@ -397,7 +399,7 @@ start:
/* we now have a packet which can be read and processed */ /* we now have a packet which can be read and processed */
if (type != 0 && type == rr->type) { if (type == rr->type) {
/* Discard empty records. */ /* Discard empty records. */
if (rr->length == 0) { if (rr->length == 0) {
goto start; goto start;
@ -489,14 +491,6 @@ start:
goto start; goto start;
} }
if (type == 0) {
/* This may only occur from read_close_notify. */
assert(ssl->s3->send_shutdown == ssl_shutdown_close_notify);
/* close_notify has been sent, so discard all records other than alerts. */
rr->length = 0;
goto start;
}
al = SSL_AD_UNEXPECTED_MESSAGE; al = SSL_AD_UNEXPECTED_MESSAGE;
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD); OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);