I'm not sure if I like this asthetically, but passing around the

entire handshake state in many cases makes things simpler to update,
in that each message type already knows what it needs depending on the
version, params, etc, and this way a) that knowledge doesn't need to
percolate up the the actual client and server handshake code and b)
each message type can be updated for new formats/version without
having to change its callers. Downside is it hides the dependency
information away, and makes it non-obvious what needs to be created
beforehand for each message to work correctly. However this is
(almost) entirely predicated on the handshake message flows, and these
we control with the next expected message scheme, so this should be
fairly safe to do.

This checkin only updates the ones where it was immediately relevant
but for consistency probably all of them should be updated in the same
way.

1 files changed, 10 insertions, 29 deletions

diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h
index ee05031c0..0b43545dc 100644
--- a/src/tls/tls_messages.h
+++ b/src/tls/tls_messages.h
@@ -8,7 +8,7 @@
 #ifndef BOTAN_TLS_MESSAGES_H__
 #define BOTAN_TLS_MESSAGES_H__
 
-#include <botan/internal/tls_handshake_hash.h>
+#include <botan/internal/tls_handshake_state.h>
 #include <botan/tls_session.h>
 #include <botan/tls_policy.h>
 #include <botan/tls_magic.h>
@@ -290,20 +290,14 @@ class Certificate_Verify : public Handshake_Message
       /**
       * Check the signature on a certificate verify message
       * @param cert the purported certificate
-      * @param hash the running handshake message hash
-      * @param version the version number we negotiated
-      * @param master_secret the session key (only used if version is SSL_V3)
+      * @param state the handshake state
       */
       bool verify(const X509_Certificate& cert,
-                  TLS_Handshake_Hash& hash,
-                  Version_Code version,
-                  const SecureVector<byte>& master_secret);
+                  TLS_Handshake_State* state);
 
       Certificate_Verify(Record_Writer& writer,
-                         TLS_Handshake_Hash& hash,
+                         TLS_Handshake_State* state,
                          RandomNumberGenerator& rng,
-                         Version_Code version,
-                         const SecureVector<byte>& master_secret,
                          const Private_Key* key);
 
       Certificate_Verify(const MemoryRegion<byte>& buf) { deserialize(buf); }
@@ -325,27 +319,18 @@ class Finished : public Handshake_Message
       MemoryVector<byte> verify_data() const
          { return verification_data; }
 
-      bool verify(const MemoryRegion<byte>& buf,
-                  Version_Code version,
-                  const TLS_Handshake_Hash& hash,
+      bool verify(TLS_Handshake_State* state,
                   Connection_Side side);
 
       Finished(Record_Writer& writer,
-               TLS_Handshake_Hash& hash,
-               Version_Code version,
-               Connection_Side side,
-               const MemoryRegion<byte>& master_secret);
+               TLS_Handshake_State* state,
+               Connection_Side side);
 
       Finished(const MemoryRegion<byte>& buf) { deserialize(buf); }
    private:
       MemoryVector<byte> serialize() const;
       void deserialize(const MemoryRegion<byte>&);
 
-      MemoryVector<byte> compute_verify(const MemoryRegion<byte>& master_secret,
-                                        TLS_Handshake_Hash hash,
-                                        Connection_Side side,
-                                        Version_Code version);
-
       Connection_Side side;
       MemoryVector<byte> verification_data;
    };
@@ -375,16 +360,12 @@ class Server_Key_Exchange : public Handshake_Message
       Public_Key* key() const;
 
       bool verify(const X509_Certificate& cert,
-                  const MemoryRegion<byte>& c_random,
-                  const MemoryRegion<byte>& s_random) const;
+                  TLS_Handshake_State* state) const;
 
       Server_Key_Exchange(Record_Writer& writer,
-                          TLS_Handshake_Hash& hash,
+                          TLS_Handshake_State* state,
                           RandomNumberGenerator& rng,
-                          const Public_Key* kex_key,
-                          const Private_Key* priv_key,
-                          const MemoryRegion<byte>& c_random,
-                          const MemoryRegion<byte>& s_random);
+                          const Private_Key* priv_key);
 
       Server_Key_Exchange(const MemoryRegion<byte>& buf) { deserialize(buf); }
    private: