Align dtls_open_record and tls_open_record more closely.
Ultimately the ssl_buffer_* code will be above SSL_PROTOCOL_METHOD, so having the processing be analogous is simpler. This also means that DTLS can surface errors out of dtls_open_record without the caller reading an extra record. Bug: 206 Change-Id: Ic1cb3a884763c8e875e1129b1cda226f72bc95b7 Reviewed-on: https://boringssl-review.googlesource.com/21364 Commit-Queue: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Steven Valdez <svaldez@google.com>
This commit is contained in:
parent
3b777adb61
commit
a05d427b41
@ -140,25 +140,23 @@ again:
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Read a new packet if there is no unconsumed one.
|
|
||||||
if (ssl_read_buffer(ssl).empty()) {
|
|
||||||
int read_ret = ssl_read_buffer_extend_to(ssl, 0 /* unused */);
|
|
||||||
if (read_ret <= 0) {
|
|
||||||
return read_ret;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
assert(!ssl_read_buffer(ssl).empty());
|
|
||||||
|
|
||||||
Span<uint8_t> body;
|
Span<uint8_t> body;
|
||||||
uint8_t type, alert;
|
uint8_t type, alert;
|
||||||
size_t consumed;
|
size_t consumed;
|
||||||
enum ssl_open_record_t open_ret = dtls_open_record(
|
enum ssl_open_record_t open_ret = dtls_open_record(
|
||||||
ssl, &type, &body, &consumed, &alert, ssl_read_buffer(ssl));
|
ssl, &type, &body, &consumed, &alert, ssl_read_buffer(ssl));
|
||||||
ssl_read_buffer_consume(ssl, consumed);
|
if (open_ret != ssl_open_record_partial) {
|
||||||
|
ssl_read_buffer_consume(ssl, consumed);
|
||||||
|
}
|
||||||
switch (open_ret) {
|
switch (open_ret) {
|
||||||
case ssl_open_record_partial:
|
case ssl_open_record_partial: {
|
||||||
// Impossible in DTLS.
|
assert(ssl_read_buffer(ssl).empty());
|
||||||
break;
|
int read_ret = ssl_read_buffer_extend_to(ssl, 0 /* unused */);
|
||||||
|
if (read_ret <= 0) {
|
||||||
|
return read_ret;
|
||||||
|
}
|
||||||
|
goto again;
|
||||||
|
}
|
||||||
|
|
||||||
case ssl_open_record_success: {
|
case ssl_open_record_success: {
|
||||||
if (body.size() > 0xffff) {
|
if (body.size() > 0xffff) {
|
||||||
|
@ -179,6 +179,9 @@ enum ssl_open_record_t dtls_open_record(SSL *ssl, uint8_t *out_type,
|
|||||||
size_t *out_consumed,
|
size_t *out_consumed,
|
||||||
uint8_t *out_alert, Span<uint8_t> in) {
|
uint8_t *out_alert, Span<uint8_t> in) {
|
||||||
*out_consumed = 0;
|
*out_consumed = 0;
|
||||||
|
if (in.empty()) {
|
||||||
|
return ssl_open_record_partial;
|
||||||
|
}
|
||||||
|
|
||||||
CBS cbs = CBS(in);
|
CBS cbs = CBS(in);
|
||||||
|
|
||||||
|
@ -801,8 +801,9 @@ enum ssl_open_record_t tls_open_record(SSL *ssl, uint8_t *out_type,
|
|||||||
Span<uint8_t> *out, size_t *out_consumed,
|
Span<uint8_t> *out, size_t *out_consumed,
|
||||||
uint8_t *out_alert, Span<uint8_t> in);
|
uint8_t *out_alert, Span<uint8_t> in);
|
||||||
|
|
||||||
// dtls_open_record implements |tls_open_record| for DTLS. It never returns
|
// dtls_open_record implements |tls_open_record| for DTLS. It only returns
|
||||||
// |ssl_open_record_partial| but otherwise behaves analogously.
|
// |ssl_open_record_partial| if |in| was empty and sets |*out_consumed| to
|
||||||
|
// zero. The caller should read one packet and try again.
|
||||||
enum ssl_open_record_t dtls_open_record(SSL *ssl, uint8_t *out_type,
|
enum ssl_open_record_t dtls_open_record(SSL *ssl, uint8_t *out_type,
|
||||||
Span<uint8_t> *out,
|
Span<uint8_t> *out,
|
||||||
size_t *out_consumed,
|
size_t *out_consumed,
|
||||||
|
Loading…
Reference in New Issue
Block a user