Chiebot-Mirror
/
boringssl
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Release some temporaries outside of ClientHello callbacks.

Browse Source 
Also add ECH GREASE state into the mix. Clearing this isn't critical,
especially now that we have an SSL_HANDSHAKE structure, but it's easy
enough.

Bug: 275
Change-Id: If1aa8d5c0c8fdb5af710852778ce452c507a2524
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47985
Reviewed-by: Adam Langley <agl@google.com>
chromium-5359
David Benjamin 4 years ago
parent 4e93cd487f
commit 6c9758fa9a
4 changed files with 12 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      ssl/handshake_client.cc
  2. 4
      ssl/internal.h
  3. 3
      ssl/t1_lib.cc
  4. 1
      ssl/tls13_client.cc

8
ssl/handshake_client.cc
Unescape View File

@ -422,6 +422,12 @@ static ssl_early_data_reason_t should_offer_early_data(
return ssl_early_data_accepted; return ssl_early_data_accepted;
} }
void ssl_done_writing_client_hello(SSL_HANDSHAKE *hs) {
hs->ech_grease.Reset();
hs->cookie.Reset();
hs->key_share_bytes.Reset();
}
static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) { static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl; SSL *const ssl = hs->ssl;
@ -666,7 +672,7 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
// Clear some TLS 1.3 state that no longer needs to be retained. // Clear some TLS 1.3 state that no longer needs to be retained.
hs->key_shares[0].reset(); hs->key_shares[0].reset();
hs->key_shares[1].reset(); hs->key_shares[1].reset();
hs->key_share_bytes.Reset(); ssl_done_writing_client_hello(hs);
// A TLS 1.2 server would not know to skip the early data we offered. Report // A TLS 1.2 server would not know to skip the early data we offered. Report
// an error code sooner. The caller may use this error code to implement the // an error code sooner. The caller may use this error code to implement the

4
ssl/internal.h
Unescape View File

@ -2135,6 +2135,10 @@ bool ssl_output_cert_chain(SSL_HANDSHAKE *hs);
// handshake. Note, in TLS 1.2 resumptions, this session is immutable. // handshake. Note, in TLS 1.2 resumptions, this session is immutable.
const SSL_SESSION *ssl_handshake_session(const SSL_HANDSHAKE *hs); const SSL_SESSION *ssl_handshake_session(const SSL_HANDSHAKE *hs);
// ssl_done_writing_client_hello is called after the last ClientHello is written
// by |hs|. It releases some memory that is no longer needed.
void ssl_done_writing_client_hello(SSL_HANDSHAKE *hs);
// SSLKEYLOGFILE functions. // SSLKEYLOGFILE functions.

3
ssl/t1_lib.cc
Unescape View File

@ -2265,7 +2265,6 @@ static bool ext_key_share_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
hs->key_share_bytes.size())) { hs->key_share_bytes.size())) {
return false; return false;
} }
hs->key_share_bytes.Reset();
if (group_id == 0) { if (group_id == 0) {
return CBB_flush(out); return CBB_flush(out);
} }
@ -2480,8 +2479,6 @@ static bool ext_cookie_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
return false; return false;
} }
// The cookie is no longer needed in memory.
hs->cookie.Reset();
return true; return true;
} }

1
ssl/tls13_client.cc
Unescape View File

@ -260,6 +260,7 @@ static enum ssl_hs_wait_t do_send_second_client_hello(SSL_HANDSHAKE *hs) {
return ssl_hs_error; return ssl_hs_error;
} }
ssl_done_writing_client_hello(hs);
hs->tls13_state = state_read_server_hello; hs->tls13_state = state_read_server_hello;
return ssl_hs_flush; return ssl_hs_flush;
} }

Write Preview
Loading…
Cancel
Save