Release handshake buffer when sending no certificate.
See also upstream's dab18ab596acb35eff2545643e25757e4f9cd777. This allows us to add an assertion to the finished computation that the handshake buffer has already been released. BUG=492371 Change-Id: I8f15c618c8b2c70bfe583c81644d9dbea95519d4 Reviewed-on: https://boringssl-review.googlesource.com/4887 Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
parent
5f04b6521d
commit
e76ccae68b
@ -2118,6 +2118,13 @@ int ssl3_send_client_certificate(SSL *s) {
|
|||||||
return 1;
|
return 1;
|
||||||
} else {
|
} else {
|
||||||
s->s3->tmp.cert_req = 2;
|
s->s3->tmp.cert_req = 2;
|
||||||
|
/* There is no client certificate, so the handshake buffer may be
|
||||||
|
* released. */
|
||||||
|
if (s->s3->handshake_buffer &&
|
||||||
|
!ssl3_digest_cached_records(s, free_handshake_buffer)) {
|
||||||
|
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -554,6 +554,11 @@ int tls1_final_finish_mac(SSL *s, const char *str, int slen, uint8_t *out) {
|
|||||||
int err = 0;
|
int err = 0;
|
||||||
int digests_len;
|
int digests_len;
|
||||||
|
|
||||||
|
/* At this point, the handshake should have released the handshake buffer on
|
||||||
|
* its own.
|
||||||
|
* TODO(davidben): Apart from initialization, the handshake buffer should be
|
||||||
|
* orthogonal to the handshake digest. https://crbug.com/492371 */
|
||||||
|
assert(s->s3->handshake_buffer == NULL);
|
||||||
if (s->s3->handshake_buffer &&
|
if (s->s3->handshake_buffer &&
|
||||||
!ssl3_digest_cached_records(s, free_handshake_buffer)) {
|
!ssl3_digest_cached_records(s, free_handshake_buffer)) {
|
||||||
return 0;
|
return 0;
|
||||||
|
Loading…
Reference in New Issue
Block a user