Align dtls_open_record and tls_open_record more closely.

Ultimately the ssl_buffer_* code will be above SSL_PROTOCOL_METHOD, so
having the processing be analogous is simpler. This also means that DTLS
can surface errors out of dtls_open_record without the caller reading an
extra record.

Bug: 206
Change-Id: Ic1cb3a884763c8e875e1129b1cda226f72bc95b7
Reviewed-on: https://boringssl-review.googlesource.com/21364
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
This commit is contained in:
David Benjamin 2017-10-06 19:34:55 -04:00 committed by CQ bot account: commit-bot@chromium.org
parent 3b777adb61
commit a05d427b41
3 changed files with 17 additions and 15 deletions

View File

@ -140,25 +140,23 @@ again:
return 0; return 0;
} }
// Read a new packet if there is no unconsumed one.
if (ssl_read_buffer(ssl).empty()) {
int read_ret = ssl_read_buffer_extend_to(ssl, 0 /* unused */);
if (read_ret <= 0) {
return read_ret;
}
}
assert(!ssl_read_buffer(ssl).empty());
Span<uint8_t> body; Span<uint8_t> body;
uint8_t type, alert; uint8_t type, alert;
size_t consumed; size_t consumed;
enum ssl_open_record_t open_ret = dtls_open_record( enum ssl_open_record_t open_ret = dtls_open_record(
ssl, &type, &body, &consumed, &alert, ssl_read_buffer(ssl)); ssl, &type, &body, &consumed, &alert, ssl_read_buffer(ssl));
ssl_read_buffer_consume(ssl, consumed); if (open_ret != ssl_open_record_partial) {
ssl_read_buffer_consume(ssl, consumed);
}
switch (open_ret) { switch (open_ret) {
case ssl_open_record_partial: case ssl_open_record_partial: {
// Impossible in DTLS. assert(ssl_read_buffer(ssl).empty());
break; int read_ret = ssl_read_buffer_extend_to(ssl, 0 /* unused */);
if (read_ret <= 0) {
return read_ret;
}
goto again;
}
case ssl_open_record_success: { case ssl_open_record_success: {
if (body.size() > 0xffff) { if (body.size() > 0xffff) {

View File

@ -179,6 +179,9 @@ enum ssl_open_record_t dtls_open_record(SSL *ssl, uint8_t *out_type,
size_t *out_consumed, size_t *out_consumed,
uint8_t *out_alert, Span<uint8_t> in) { uint8_t *out_alert, Span<uint8_t> in) {
*out_consumed = 0; *out_consumed = 0;
if (in.empty()) {
return ssl_open_record_partial;
}
CBS cbs = CBS(in); CBS cbs = CBS(in);

View File

@ -801,8 +801,9 @@ enum ssl_open_record_t tls_open_record(SSL *ssl, uint8_t *out_type,
Span<uint8_t> *out, size_t *out_consumed, Span<uint8_t> *out, size_t *out_consumed,
uint8_t *out_alert, Span<uint8_t> in); uint8_t *out_alert, Span<uint8_t> in);
// dtls_open_record implements |tls_open_record| for DTLS. It never returns // dtls_open_record implements |tls_open_record| for DTLS. It only returns
// |ssl_open_record_partial| but otherwise behaves analogously. // |ssl_open_record_partial| if |in| was empty and sets |*out_consumed| to
// zero. The caller should read one packet and try again.
enum ssl_open_record_t dtls_open_record(SSL *ssl, uint8_t *out_type, enum ssl_open_record_t dtls_open_record(SSL *ssl, uint8_t *out_type,
Span<uint8_t> *out, Span<uint8_t> *out,
size_t *out_consumed, size_t *out_consumed,