mirror of https://github.com/ctz/rustls
Clarify availability of client auth state in HandshakeHash
This commit is contained in:
parent
aa70cc04eb
commit
2c643313f0
|
@ -270,8 +270,7 @@ fn emit_certverify(
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
let message = transcript
|
let message = transcript.take_handshake_buf().unwrap();
|
||||||
.take_handshake_buf();
|
|
||||||
let scheme = signer.get_scheme();
|
let scheme = signer.get_scheme();
|
||||||
let sig = signer.sign(&message)?;
|
let sig = signer.sign(&message)?;
|
||||||
let body = DigitallySignedStruct::new(scheme, sig);
|
let body = DigitallySignedStruct::new(scheme, sig);
|
||||||
|
|
|
@ -59,8 +59,10 @@ impl HandshakeHashBuffer {
|
||||||
|
|
||||||
HandshakeHash {
|
HandshakeHash {
|
||||||
ctx,
|
ctx,
|
||||||
client_auth_enabled: self.client_auth_enabled,
|
client_auth: match self.client_auth_enabled {
|
||||||
buffer: self.buffer,
|
true => Some(self.buffer),
|
||||||
|
false => None,
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -77,18 +79,14 @@ pub struct HandshakeHash {
|
||||||
ctx: digest::Context,
|
ctx: digest::Context,
|
||||||
|
|
||||||
/// true if we need to keep all messages
|
/// true if we need to keep all messages
|
||||||
client_auth_enabled: bool,
|
client_auth: Option<Vec<u8>>,
|
||||||
|
|
||||||
/// buffer for client-auth.
|
|
||||||
buffer: Vec<u8>,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
impl HandshakeHash {
|
impl HandshakeHash {
|
||||||
/// We decided not to do client auth after all, so discard
|
/// We decided not to do client auth after all, so discard
|
||||||
/// the transcript.
|
/// the transcript.
|
||||||
pub fn abandon_client_auth(&mut self) {
|
pub fn abandon_client_auth(&mut self) {
|
||||||
self.client_auth_enabled = false;
|
self.client_auth = None;
|
||||||
self.buffer.drain(..);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Hash/buffer a handshake message.
|
/// Hash/buffer a handshake message.
|
||||||
|
@ -107,8 +105,8 @@ impl HandshakeHash {
|
||||||
fn update_raw(&mut self, buf: &[u8]) -> &mut Self {
|
fn update_raw(&mut self, buf: &[u8]) -> &mut Self {
|
||||||
self.ctx.update(buf);
|
self.ctx.update(buf);
|
||||||
|
|
||||||
if self.client_auth_enabled {
|
if let Some(buffer) = &mut self.client_auth {
|
||||||
self.buffer.extend_from_slice(buf);
|
buffer.extend_from_slice(buf);
|
||||||
}
|
}
|
||||||
|
|
||||||
self
|
self
|
||||||
|
@ -128,7 +126,7 @@ impl HandshakeHash {
|
||||||
HandshakeMessagePayload::build_handshake_hash(old_hash.as_ref());
|
HandshakeMessagePayload::build_handshake_hash(old_hash.as_ref());
|
||||||
|
|
||||||
HandshakeHashBuffer {
|
HandshakeHashBuffer {
|
||||||
client_auth_enabled: self.client_auth_enabled,
|
client_auth_enabled: self.client_auth.is_some(),
|
||||||
buffer: old_handshake_hash_msg.get_encoding(),
|
buffer: old_handshake_hash_msg.get_encoding(),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -155,9 +153,8 @@ impl HandshakeHash {
|
||||||
/// Takes this object's buffer containing all handshake messages
|
/// Takes this object's buffer containing all handshake messages
|
||||||
/// so far. This method only works once; it resets the buffer
|
/// so far. This method only works once; it resets the buffer
|
||||||
/// to empty.
|
/// to empty.
|
||||||
pub fn take_handshake_buf(&mut self) -> Vec<u8> {
|
pub fn take_handshake_buf(&mut self) -> Option<Vec<u8>> {
|
||||||
debug_assert!(self.client_auth_enabled);
|
self.client_auth.take()
|
||||||
mem::replace(&mut self.buffer, Vec::new())
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// The digest algorithm
|
/// The digest algorithm
|
||||||
|
@ -177,7 +174,7 @@ mod test {
|
||||||
hhb.update_raw(b"hello");
|
hhb.update_raw(b"hello");
|
||||||
assert_eq!(hhb.buffer.len(), 5);
|
assert_eq!(hhb.buffer.len(), 5);
|
||||||
let mut hh = hhb.start_hash(&digest::SHA256);
|
let mut hh = hhb.start_hash(&digest::SHA256);
|
||||||
assert_eq!(hh.buffer.len(), 0);
|
assert!(hh.client_auth.is_none());
|
||||||
hh.update_raw(b"world");
|
hh.update_raw(b"world");
|
||||||
let h = hh.get_current_hash();
|
let h = hh.get_current_hash();
|
||||||
let h = h.as_ref();
|
let h = h.as_ref();
|
||||||
|
@ -194,9 +191,9 @@ mod test {
|
||||||
hhb.update_raw(b"hello");
|
hhb.update_raw(b"hello");
|
||||||
assert_eq!(hhb.buffer.len(), 5);
|
assert_eq!(hhb.buffer.len(), 5);
|
||||||
let mut hh = hhb.start_hash(&digest::SHA256);
|
let mut hh = hhb.start_hash(&digest::SHA256);
|
||||||
assert_eq!(hh.buffer.len(), 5);
|
assert_eq!(hh.client_auth.as_ref().map(|buf| buf.len()), Some(5));
|
||||||
hh.update_raw(b"world");
|
hh.update_raw(b"world");
|
||||||
assert_eq!(hh.buffer.len(), 10);
|
assert_eq!(hh.client_auth.as_ref().map(|buf| buf.len()), Some(10));
|
||||||
let h = hh.get_current_hash();
|
let h = hh.get_current_hash();
|
||||||
let h = h.as_ref();
|
let h = h.as_ref();
|
||||||
assert_eq!(h[0], 0x93);
|
assert_eq!(h[0], 0x93);
|
||||||
|
@ -204,7 +201,7 @@ mod test {
|
||||||
assert_eq!(h[2], 0x18);
|
assert_eq!(h[2], 0x18);
|
||||||
assert_eq!(h[3], 0x5c);
|
assert_eq!(h[3], 0x5c);
|
||||||
let buf = hh.take_handshake_buf();
|
let buf = hh.take_handshake_buf();
|
||||||
assert_eq!(b"helloworld".to_vec(), buf);
|
assert_eq!(Some(b"helloworld".to_vec()), buf);
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
|
@ -214,11 +211,11 @@ mod test {
|
||||||
hhb.update_raw(b"hello");
|
hhb.update_raw(b"hello");
|
||||||
assert_eq!(hhb.buffer.len(), 5);
|
assert_eq!(hhb.buffer.len(), 5);
|
||||||
let mut hh = hhb.start_hash(&digest::SHA256);
|
let mut hh = hhb.start_hash(&digest::SHA256);
|
||||||
assert_eq!(hh.buffer.len(), 5);
|
assert_eq!(hh.client_auth.as_ref().map(|buf| buf.len()), Some(5));
|
||||||
hh.abandon_client_auth();
|
hh.abandon_client_auth();
|
||||||
assert_eq!(hh.buffer.len(), 0);
|
assert_eq!(hh.client_auth, None);
|
||||||
hh.update_raw(b"world");
|
hh.update_raw(b"world");
|
||||||
assert_eq!(hh.buffer.len(), 0);
|
assert_eq!(hh.client_auth, None);
|
||||||
let h = hh.get_current_hash();
|
let h = hh.get_current_hash();
|
||||||
let h = h.as_ref();
|
let h = h.as_ref();
|
||||||
assert_eq!(h[0], 0x93);
|
assert_eq!(h[0], 0x93);
|
||||||
|
|
|
@ -183,7 +183,7 @@ impl hs::State for ExpectCertificateVerify {
|
||||||
HandshakeType::CertificateVerify,
|
HandshakeType::CertificateVerify,
|
||||||
HandshakePayload::CertificateVerify
|
HandshakePayload::CertificateVerify
|
||||||
)?;
|
)?;
|
||||||
let handshake_msgs = self.transcript.take_handshake_buf();
|
let handshake_msgs = self.transcript.take_handshake_buf().unwrap();
|
||||||
let certs = &self.client_cert.cert_chain;
|
let certs = &self.client_cert.cert_chain;
|
||||||
|
|
||||||
sess.config
|
sess.config
|
||||||
|
|
Loading…
Reference in New Issue