From 124037fdc0571b5bd9022412348e9979a1726a31 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Tue, 16 Jun 2015 14:44:29 +0100
Subject: Tidy up ssl3_digest_cached_records logic.

Rewrite ssl3_digest_cached_records handling. Only digest cached records
if digest array is NULL: this means it is safe to call
ssl3_digest_cached_records multiple times (subsequent calls are no op).

Remove flag TLS1_FLAGS_KEEP_HANDSHAKE instead only update handshake buffer
if digest array is NULL.

Add additional "keep" parameter to ssl3_digest_cached_records to indicate
if the handshake buffer should be retained after digesting cached records
(needed for TLS 1.2 client authentication).

Reviewed-by: Matt Caswell <matt@openssl.org>
---
 ssl/t1_enc.c | 28 +++++++++++-----------------
 1 file changed, 11 insertions(+), 17 deletions(-)

(limited to 'ssl/t1_enc.c')

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index e8653412aa..9942bb433f 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -679,9 +679,8 @@ int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
     EVP_MD_CTX ctx, *d = NULL;
     int i;
 
-    if (s->s3->handshake_buffer)
-        if (!ssl3_digest_cached_records(s))
-            return 0;
+    if (!ssl3_digest_cached_records(s, 0))
+        return 0;
 
     for (i = 0; i < SSL_MAX_DIGEST; i++) {
         if (s->s3->handshake_dgst[i]
@@ -709,9 +708,8 @@ int tls1_final_finish_mac(SSL *s, const char *str, int slen,
     unsigned char hash[2 * EVP_MAX_MD_SIZE];
     unsigned char buf2[12];
 
-    if (s->s3->handshake_buffer)
-        if (!ssl3_digest_cached_records(s))
-            return 0;
+    if (!ssl3_digest_cached_records(s, 0))
+        return 0;
 
     hashlen = ssl_handshake_hash(s, hash, sizeof(hash));
 
@@ -736,17 +734,13 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
     if (s->session->flags & SSL_SESS_FLAG_EXTMS) {
         unsigned char hash[EVP_MAX_MD_SIZE * 2];
         int hashlen;
-        /* If we don't have any digests cache records */
-        if (s->s3->handshake_buffer) {
-            /*
-             * keep record buffer: this wont affect client auth because we're
-             * freezing the buffer at the same point (after client key
-             * exchange and before certificate verify)
-             */
-            s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
-            if (!ssl3_digest_cached_records(s))
-                return -1;
-        }
+        /* Digest cached records keeping record buffer (if present):
+         * this wont affect client auth because we're freezing the buffer
+         * at the same point (after client key exchange and before certificate
+         * verify)
+         */
+        if (!ssl3_digest_cached_records(s, 1))
+            return -1;
         hashlen = ssl_handshake_hash(s, hash, sizeof(hash));
 #ifdef SSL_DEBUG
         fprintf(stderr, "Handshake hashes:\n");
-- 
cgit v1.2.3