refactor: consolidate record wiping (#4412)

Author: lrstewart

tls/s2n_handshake_io.c

@@ -1336,13 +1336,10 @@ static int s2n_handshake_handle_sslv2(struct s2n_connection *conn)
     POSIX_GUARD(s2n_stuffer_wipe(&conn->handshake.io));
 
     /* We're done with the record, wipe it */
-    POSIX_GUARD(s2n_stuffer_wipe(&conn->header_in));
-    POSIX_GUARD(s2n_stuffer_wipe(&conn->in));
+    POSIX_GUARD_RESULT(s2n_record_wipe(conn));
 
     WITH_ERROR_BLINDING(conn, POSIX_GUARD(r));
 
-    conn->in_status = ENCRYPTED;
-
     /* Advance the state machine */
     POSIX_GUARD(s2n_advance_message(conn));
 
@@ -1360,15 +1357,6 @@ static int s2n_try_delete_session_cache(struct s2n_connection *conn)
     return S2N_SUCCESS;
 }
 
-static S2N_RESULT s2n_wipe_record(struct s2n_connection *conn)
-{
-    RESULT_ENSURE_REF(conn);
-    RESULT_GUARD_POSIX(s2n_stuffer_wipe(&conn->header_in));
-    RESULT_GUARD_POSIX(s2n_stuffer_wipe(&conn->in));
-    conn->in_status = ENCRYPTED;
-    return S2N_RESULT_OK;
-}
-
 static S2N_RESULT s2n_finish_read(struct s2n_connection *conn)
 {
     RESULT_ENSURE_REF(conn);
@@ -1439,7 +1427,7 @@ static int s2n_handshake_read_io(struct s2n_connection *conn)
         if ((r < S2N_SUCCESS) && (s2n_errno == S2N_ERR_EARLY_DATA_TRIAL_DECRYPT)) {
             POSIX_GUARD(s2n_stuffer_reread(&conn->in));
             POSIX_GUARD_RESULT(s2n_early_data_record_bytes(conn, s2n_stuffer_data_available(&conn->in)));
-            POSIX_GUARD_RESULT(s2n_wipe_record(conn));
+            POSIX_GUARD_RESULT(s2n_record_wipe(conn));
             return S2N_SUCCESS;
         }
         POSIX_GUARD(r);
@@ -1473,7 +1461,7 @@ static int s2n_handshake_read_io(struct s2n_connection *conn)
         POSIX_GUARD(s2n_stuffer_wipe(&conn->handshake.io));
 
         /* We're done with the record, wipe it */
-        POSIX_GUARD_RESULT(s2n_wipe_record(conn));
+        POSIX_GUARD_RESULT(s2n_record_wipe(conn));
 
         /* Advance the state machine if this was an expected message */
         if (EXPECTED_RECORD_TYPE(conn) == TLS_CHANGE_CIPHER_SPEC && !CONNECTION_IS_WRITER(conn)) {
@@ -1489,7 +1477,7 @@ static int s2n_handshake_read_io(struct s2n_connection *conn)
         /* Ignore record types that we don't support */
 
         /* We're done with the record, wipe it */
-        POSIX_GUARD_RESULT(s2n_wipe_record(conn));
+        POSIX_GUARD_RESULT(s2n_record_wipe(conn));
         return S2N_SUCCESS;
     }
 
@@ -1507,7 +1495,7 @@ static int s2n_handshake_read_io(struct s2n_connection *conn)
             /* Break out of this inner loop, but since we're not changing the state, the
              * outer loop in s2n_handshake_io() will read another record.
              */
-            POSIX_GUARD_RESULT(s2n_wipe_record(conn));
+            POSIX_GUARD_RESULT(s2n_record_wipe(conn));
             return S2N_SUCCESS;
         }
 
@@ -1556,7 +1544,7 @@ static int s2n_handshake_read_io(struct s2n_connection *conn)
     }
 
     /* We're done with the record, wipe it */
-    POSIX_GUARD_RESULT(s2n_wipe_record(conn));
+    POSIX_GUARD_RESULT(s2n_record_wipe(conn));
     return S2N_SUCCESS;
 }
 
@@ -1579,9 +1567,7 @@ static int s2n_handle_retry_state(struct s2n_connection *conn)
 
     if (!CONNECTION_IS_WRITER(conn)) {
         /* We're done parsing the record, reset everything */
-        POSIX_GUARD(s2n_stuffer_wipe(&conn->header_in));
-        POSIX_GUARD(s2n_stuffer_wipe(&conn->in));
-        conn->in_status = ENCRYPTED;
+        POSIX_GUARD_RESULT(s2n_record_wipe(conn));
     }
 
     if (CONNECTION_IS_WRITER(conn)) {

tls/s2n_record.h

@@ -78,3 +78,4 @@ int s2n_sslv2_record_header_parse(struct s2n_connection *conn, uint8_t *record_t
 int s2n_verify_cbc(struct s2n_connection *conn, struct s2n_hmac_state *hmac, struct s2n_blob *decrypted);
 S2N_RESULT s2n_aead_aad_init(const struct s2n_connection *conn, uint8_t *sequence_number, uint8_t content_type, uint16_t record_length, struct s2n_blob *ad);
 S2N_RESULT s2n_tls13_aead_aad_init(uint16_t record_length, uint8_t tag_length, struct s2n_blob *ad);
+S2N_RESULT s2n_record_wipe(struct s2n_connection *conn);

tls/s2n_record_read.c

@@ -252,3 +252,12 @@ int s2n_tls13_parse_record_type(struct s2n_stuffer *stuffer, uint8_t *record_typ
 
     return 0;
 }
+
+S2N_RESULT s2n_record_wipe(struct s2n_connection *conn)
+{
+    RESULT_ENSURE_REF(conn);
+    RESULT_GUARD_POSIX(s2n_stuffer_wipe(&conn->header_in));
+    RESULT_GUARD_POSIX(s2n_stuffer_wipe(&conn->in));
+    conn->in_status = ENCRYPTED;
+    return S2N_RESULT_OK;
+}

tls/s2n_recv.c

@@ -203,9 +203,7 @@ ssize_t s2n_recv_impl(struct s2n_connection *conn, void *buf, ssize_t size_signe
                     break;
                 }
             }
-            POSIX_GUARD(s2n_stuffer_wipe(&conn->header_in));
-            POSIX_GUARD(s2n_stuffer_wipe(&conn->in));
-            conn->in_status = ENCRYPTED;
+            POSIX_GUARD_RESULT(s2n_record_wipe(conn));
             continue;
         }
 
@@ -219,9 +217,7 @@ ssize_t s2n_recv_impl(struct s2n_connection *conn, void *buf, ssize_t size_signe
 
         /* Are we ready for more encrypted data? */
         if (s2n_stuffer_data_available(&conn->in) == 0) {
-            POSIX_GUARD(s2n_stuffer_wipe(&conn->header_in));
-            POSIX_GUARD(s2n_stuffer_wipe(&conn->in));
-            conn->in_status = ENCRYPTED;
+            POSIX_GUARD_RESULT(s2n_record_wipe(conn));
         }
 
         /* If we've read some data, return it in legacy mode */

tls/s2n_shutdown.c

@@ -124,9 +124,7 @@ int s2n_shutdown(struct s2n_connection *conn, s2n_blocked_status *blocked)
         /* Reset IO. Make sure we do this before attempting to read a record in
          * case a previous failed read left IO in a bad state.
          */
-        POSIX_GUARD(s2n_stuffer_wipe(&conn->header_in));
-        POSIX_GUARD(s2n_stuffer_wipe(&conn->in));
-        conn->in_status = ENCRYPTED;
+        POSIX_GUARD_RESULT(s2n_record_wipe(conn));
 
         POSIX_GUARD(s2n_read_full_record(conn, &record_type, &isSSLv2));
         POSIX_ENSURE(!isSSLv2, S2N_ERR_BAD_MESSAGE);