Move new_cipher and new_session to SSL_HANDSHAKE.
This lets us trim another two pointers of per-connection state.
Change-Id: I2145d529bc25b7e24a921d01e82ee99f2c98867c
Reviewed-on: https://boringssl-review.googlesource.com/13804
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c
index 35c3d14..e6b8c09 100644
--- a/ssl/handshake_client.c
+++ b/ssl/handshake_client.c
@@ -248,7 +248,7 @@
break;
case SSL3_ST_CR_CERT_A:
- if (ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) {
+ if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
ret = ssl3_get_server_certificate(hs);
if (ret <= 0) {
goto end;
@@ -268,7 +268,7 @@
break;
case SSL3_ST_VERIFY_SERVER_CERT:
- if (ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) {
+ if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
ret = ssl3_verify_server_cert(hs);
if (ret <= 0) {
goto end;
@@ -286,7 +286,7 @@
break;
case SSL3_ST_CR_CERT_REQ_A:
- if (ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) {
+ if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
ret = ssl3_get_certificate_request(hs);
if (ret <= 0) {
goto end;
@@ -467,15 +467,15 @@
* of the new established_session due to False Start. The caller may
* have taken a reference to the temporary session. */
ssl->s3->established_session =
- SSL_SESSION_dup(ssl->s3->new_session, SSL_SESSION_DUP_ALL);
+ SSL_SESSION_dup(hs->new_session, SSL_SESSION_DUP_ALL);
if (ssl->s3->established_session == NULL) {
ret = -1;
goto end;
}
ssl->s3->established_session->not_resumable = 0;
- SSL_SESSION_free(ssl->s3->new_session);
- ssl->s3->new_session = NULL;
+ SSL_SESSION_free(hs->new_session);
+ hs->new_session = NULL;
}
hs->state = SSL_ST_OK;
@@ -912,9 +912,9 @@
goto f_err;
}
/* Note: session_id could be empty. */
- ssl->s3->new_session->session_id_length = CBS_len(&session_id);
- OPENSSL_memcpy(ssl->s3->new_session->session_id, CBS_data(&session_id),
- CBS_len(&session_id));
+ hs->new_session->session_id_length = CBS_len(&session_id);
+ OPENSSL_memcpy(hs->new_session->session_id, CBS_data(&session_id),
+ CBS_len(&session_id));
}
const SSL_CIPHER *c = SSL_get_cipher_by_value(cipher_suite);
@@ -956,9 +956,9 @@
goto f_err;
}
} else {
- ssl->s3->new_session->cipher = c;
+ hs->new_session->cipher = c;
}
- ssl->s3->tmp.new_cipher = c;
+ hs->new_cipher = c;
/* Now that the cipher is known, initialize the handshake hash and hash the
* ServerHello. */
@@ -972,7 +972,7 @@
* which requires hashing the handshake transcript. Otherwise, the handshake
* buffer may be released. */
if (ssl->session != NULL ||
- !ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) {
+ !ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
SSL_TRANSCRIPT_free_buffer(&hs->transcript);
}
@@ -1033,27 +1033,27 @@
CBS_init(&cbs, ssl->init_msg, ssl->init_num);
uint8_t alert = SSL_AD_DECODE_ERROR;
- sk_CRYPTO_BUFFER_pop_free(ssl->s3->new_session->certs, CRYPTO_BUFFER_free);
+ sk_CRYPTO_BUFFER_pop_free(hs->new_session->certs, CRYPTO_BUFFER_free);
EVP_PKEY_free(hs->peer_pubkey);
hs->peer_pubkey = NULL;
- ssl->s3->new_session->certs = ssl_parse_cert_chain(
- &alert, &hs->peer_pubkey, NULL, &cbs, ssl->ctx->pool);
- if (ssl->s3->new_session->certs == NULL) {
+ hs->new_session->certs = ssl_parse_cert_chain(&alert, &hs->peer_pubkey, NULL,
+ &cbs, ssl->ctx->pool);
+ if (hs->new_session->certs == NULL) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
return -1;
}
- if (sk_CRYPTO_BUFFER_num(ssl->s3->new_session->certs) == 0 ||
+ if (sk_CRYPTO_BUFFER_num(hs->new_session->certs) == 0 ||
CBS_len(&cbs) != 0 ||
- !ssl->ctx->x509_method->session_cache_objects(ssl->s3->new_session)) {
+ !ssl->ctx->x509_method->session_cache_objects(hs->new_session)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return -1;
}
if (!ssl_check_leaf_certificate(
- ssl, hs->peer_pubkey,
- sk_CRYPTO_BUFFER_value(ssl->s3->new_session->certs, 0))) {
+ hs, hs->peer_pubkey,
+ sk_CRYPTO_BUFFER_value(hs->new_session->certs, 0))) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return -1;
}
@@ -1094,8 +1094,8 @@
goto f_err;
}
- if (!CBS_stow(&ocsp_response, &ssl->s3->new_session->ocsp_response,
- &ssl->s3->new_session->ocsp_response_length)) {
+ if (!CBS_stow(&ocsp_response, &hs->new_session->ocsp_response,
+ &hs->new_session->ocsp_response_length)) {
al = SSL_AD_INTERNAL_ERROR;
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
goto f_err;
@@ -1109,8 +1109,8 @@
static int ssl3_verify_server_cert(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
- if (!ssl_verify_cert_chain(ssl, &ssl->s3->new_session->verify_result,
- ssl->s3->new_session->x509_chain)) {
+ if (!ssl_verify_cert_chain(ssl, &hs->new_session->verify_result,
+ hs->new_session->x509_chain)) {
return -1;
}
@@ -1131,7 +1131,7 @@
if (ssl->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
/* Some ciphers (pure PSK) have an optional ServerKeyExchange message. */
- if (ssl_cipher_requires_server_key_exchange(ssl->s3->tmp.new_cipher)) {
+ if (ssl_cipher_requires_server_key_exchange(hs->new_cipher)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
return -1;
@@ -1150,8 +1150,8 @@
CBS_init(&server_key_exchange, ssl->init_msg, ssl->init_num);
CBS server_key_exchange_orig = server_key_exchange;
- uint32_t alg_k = ssl->s3->tmp.new_cipher->algorithm_mkey;
- uint32_t alg_a = ssl->s3->tmp.new_cipher->algorithm_auth;
+ uint32_t alg_k = hs->new_cipher->algorithm_mkey;
+ uint32_t alg_a = hs->new_cipher->algorithm_auth;
if (alg_a & SSL_aPSK) {
CBS psk_identity_hint;
@@ -1247,7 +1247,7 @@
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
goto f_err;
}
- ssl->s3->new_session->group_id = group_id;
+ hs->new_session->group_id = group_id;
/* Ensure the group is consistent with preferences. */
if (!tls1_check_group_id(ssl, group_id)) {
@@ -1275,7 +1275,7 @@
CBS_len(&server_key_exchange_orig) - CBS_len(&server_key_exchange));
/* ServerKeyExchange should be signed by the server's public key. */
- if (ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) {
+ if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
uint16_t signature_algorithm = 0;
if (ssl3_protocol_version(ssl) >= TLS1_2_VERSION) {
if (!CBS_get_u16(&server_key_exchange, &signature_algorithm)) {
@@ -1286,7 +1286,7 @@
if (!tls12_check_peer_sigalg(ssl, &al, signature_algorithm)) {
goto f_err;
}
- ssl->s3->new_session->peer_signature_algorithm = signature_algorithm;
+ hs->new_session->peer_signature_algorithm = signature_algorithm;
} else if (hs->peer_pubkey->type == EVP_PKEY_RSA) {
signature_algorithm = SSL_SIGN_RSA_PKCS1_MD5_SHA1;
} else if (hs->peer_pubkey->type == EVP_PKEY_EC) {
@@ -1495,8 +1495,8 @@
goto err;
}
- uint32_t alg_k = ssl->s3->tmp.new_cipher->algorithm_mkey;
- uint32_t alg_a = ssl->s3->tmp.new_cipher->algorithm_auth;
+ uint32_t alg_k = hs->new_cipher->algorithm_mkey;
+ uint32_t alg_a = hs->new_cipher->algorithm_auth;
/* If using a PSK key exchange, prepare the pre-shared key. */
unsigned psk_len = 0;
@@ -1519,9 +1519,9 @@
}
assert(psk_len <= PSK_MAX_PSK_LEN);
- OPENSSL_free(ssl->s3->new_session->psk_identity);
- ssl->s3->new_session->psk_identity = BUF_strdup(identity);
- if (ssl->s3->new_session->psk_identity == NULL) {
+ OPENSSL_free(hs->new_session->psk_identity);
+ hs->new_session->psk_identity = BUF_strdup(identity);
+ if (hs->new_session->psk_identity == NULL) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -1644,13 +1644,12 @@
goto err;
}
- ssl->s3->new_session->master_key_length = tls1_generate_master_secret(
- hs, ssl->s3->new_session->master_key, pms, pms_len);
- if (ssl->s3->new_session->master_key_length == 0) {
+ hs->new_session->master_key_length = tls1_generate_master_secret(
+ hs, hs->new_session->master_key, pms, pms_len);
+ if (hs->new_session->master_key_length == 0) {
goto err;
}
- ssl->s3->new_session->extended_master_secret =
- ssl->s3->tmp.extended_master_secret;
+ hs->new_session->extended_master_secret = ssl->s3->tmp.extended_master_secret;
OPENSSL_cleanse(pms, pms_len);
OPENSSL_free(pms);
@@ -1708,9 +1707,9 @@
uint8_t digest[EVP_MAX_MD_SIZE];
size_t digest_len;
- if (!SSL_TRANSCRIPT_ssl3_cert_verify_hash(
- &hs->transcript, digest, &digest_len, ssl->s3->new_session,
- signature_algorithm)) {
+ if (!SSL_TRANSCRIPT_ssl3_cert_verify_hash(&hs->transcript, digest,
+ &digest_len, hs->new_session,
+ signature_algorithm)) {
goto err;
}
@@ -1838,7 +1837,7 @@
}
int session_renewed = ssl->session != NULL;
- SSL_SESSION *session = ssl->s3->new_session;
+ SSL_SESSION *session = hs->new_session;
if (session_renewed) {
/* The server is sending a new ticket for an existing session. Sessions are
* immutable once established, so duplicate all but the ticket of the
diff --git a/ssl/handshake_server.c b/ssl/handshake_server.c
index d3a32ef..fdf78e4 100644
--- a/ssl/handshake_server.c
+++ b/ssl/handshake_server.c
@@ -263,7 +263,7 @@
break;
case SSL3_ST_SW_CERT_A:
- if (ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) {
+ if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
ret = ssl3_send_server_certificate(hs);
if (ret <= 0) {
goto end;
@@ -284,10 +284,10 @@
case SSL3_ST_SW_KEY_EXCH_A:
case SSL3_ST_SW_KEY_EXCH_B:
- alg_a = ssl->s3->tmp.new_cipher->algorithm_auth;
+ alg_a = hs->new_cipher->algorithm_auth;
/* PSK ciphers send ServerKeyExchange if there is an identity hint. */
- if (ssl_cipher_requires_server_key_exchange(ssl->s3->tmp.new_cipher) ||
+ if (ssl_cipher_requires_server_key_exchange(hs->new_cipher) ||
((alg_a & SSL_aPSK) && ssl->psk_identity_hint)) {
ret = ssl3_send_server_key_exchange(hs);
if (ret <= 0) {
@@ -393,7 +393,7 @@
}
/* If this is a full handshake with ChannelID then record the handshake
- * hashes in |ssl->s3->new_session| in case we need them to verify a
+ * hashes in |hs->new_session| in case we need them to verify a
* ChannelID signature on a resumption of this session in the future. */
if (ssl->session == NULL && ssl->s3->tlsext_channel_id_valid) {
ret = tls1_record_handshake_hashes_for_channel_id(hs);
@@ -461,12 +461,11 @@
/* If we aren't retaining peer certificates then we can discard it
* now. */
- if (ssl->s3->new_session != NULL &&
+ if (hs->new_session != NULL &&
ssl->retain_only_sha256_of_client_certs) {
- sk_CRYPTO_BUFFER_pop_free(ssl->s3->new_session->certs,
- CRYPTO_BUFFER_free);
- ssl->s3->new_session->certs = NULL;
- ssl->ctx->x509_method->session_clear(ssl->s3->new_session);
+ sk_CRYPTO_BUFFER_pop_free(hs->new_session->certs, CRYPTO_BUFFER_free);
+ hs->new_session->certs = NULL;
+ ssl->ctx->x509_method->session_clear(hs->new_session);
}
SSL_SESSION_free(ssl->s3->established_session);
@@ -474,9 +473,9 @@
SSL_SESSION_up_ref(ssl->session);
ssl->s3->established_session = ssl->session;
} else {
- ssl->s3->established_session = ssl->s3->new_session;
+ ssl->s3->established_session = hs->new_session;
ssl->s3->established_session->not_resumable = 0;
- ssl->s3->new_session = NULL;
+ hs->new_session = NULL;
}
if (hs->v2_clienthello) {
@@ -897,9 +896,9 @@
/* Negotiate the cipher suite. This must be done after |cert_cb| so the
* certificate is finalized. */
- ssl->s3->tmp.new_cipher =
+ hs->new_cipher =
ssl3_choose_cipher(hs, &client_hello, ssl_get_cipher_preferences(ssl));
- if (ssl->s3->tmp.new_cipher == NULL) {
+ if (hs->new_cipher == NULL) {
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_CIPHER);
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
return -1;
@@ -943,7 +942,7 @@
goto f_err;
}
- if (!ssl_session_is_resumable(ssl, session) ||
+ if (!ssl_session_is_resumable(hs, session) ||
/* If the client offers the EMS extension, but the previous session
* didn't use it, then negotiate a new session. */
ssl->s3->tmp.extended_master_secret !=
@@ -968,7 +967,7 @@
/* Clear the session ID if we want the session to be single-use. */
if (!(ssl->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)) {
- ssl->s3->new_session->session_id_length = 0;
+ hs->new_session->session_id_length = 0;
}
}
@@ -981,13 +980,13 @@
}
if (ssl->session == NULL) {
- ssl->s3->new_session->cipher = ssl->s3->tmp.new_cipher;
+ hs->new_session->cipher = hs->new_cipher;
/* On new sessions, stash the SNI value in the session. */
if (hs->hostname != NULL) {
- OPENSSL_free(ssl->s3->new_session->tlsext_hostname);
- ssl->s3->new_session->tlsext_hostname = BUF_strdup(hs->hostname);
- if (ssl->s3->new_session->tlsext_hostname == NULL) {
+ OPENSSL_free(hs->new_session->tlsext_hostname);
+ hs->new_session->tlsext_hostname = BUF_strdup(hs->hostname);
+ if (hs->new_session->tlsext_hostname == NULL) {
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
}
@@ -1001,14 +1000,14 @@
hs->cert_request = 0;
}
/* CertificateRequest may only be sent in certificate-based ciphers. */
- if (!ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) {
+ if (!ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
hs->cert_request = 0;
}
if (!hs->cert_request) {
/* OpenSSL returns X509_V_OK when no certificates are requested. This is
* classed by them as a bug, but it's assumed by at least NGINX. */
- ssl->s3->new_session->verify_result = X509_V_OK;
+ hs->new_session->verify_result = X509_V_OK;
}
}
@@ -1021,7 +1020,7 @@
/* Now that all parameters are known, initialize the handshake hash and hash
* the ClientHello. */
if (!SSL_TRANSCRIPT_init_hash(&hs->transcript, ssl3_protocol_version(ssl),
- ssl->s3->tmp.new_cipher->algorithm_prf) ||
+ hs->new_cipher->algorithm_prf) ||
!ssl_hash_current_message(hs)) {
goto f_err;
}
@@ -1049,7 +1048,7 @@
/* We only accept ChannelIDs on connections with ECDHE in order to avoid a
* known attack while we fix ChannelID itself. */
if (ssl->s3->tlsext_channel_id_valid &&
- (ssl->s3->tmp.new_cipher->algorithm_mkey & SSL_kECDHE) == 0) {
+ (hs->new_cipher->algorithm_mkey & SSL_kECDHE) == 0) {
ssl->s3->tlsext_channel_id_valid = 0;
}
@@ -1074,7 +1073,7 @@
/* TODO(davidben): Implement the TLS 1.1 and 1.2 downgrade sentinels once TLS
* 1.3 is finalized and we are not implementing a draft version. */
- const SSL_SESSION *session = ssl->s3->new_session;
+ const SSL_SESSION *session = hs->new_session;
if (ssl->session != NULL) {
session = ssl->session;
}
@@ -1086,7 +1085,7 @@
!CBB_add_u8_length_prefixed(&body, &session_id) ||
!CBB_add_bytes(&session_id, session->session_id,
session->session_id_length) ||
- !CBB_add_u16(&body, ssl_cipher_get_value(ssl->s3->tmp.new_cipher)) ||
+ !CBB_add_u16(&body, ssl_cipher_get_value(hs->new_cipher)) ||
!CBB_add_u8(&body, 0 /* no compression */) ||
!ssl_add_serverhello_tlsext(hs, &body) ||
!ssl_add_message_cbb(ssl, &cbb)) {
@@ -1137,8 +1136,8 @@
/* Put together the parameters. */
if (hs->state == SSL3_ST_SW_KEY_EXCH_A) {
- uint32_t alg_k = ssl->s3->tmp.new_cipher->algorithm_mkey;
- uint32_t alg_a = ssl->s3->tmp.new_cipher->algorithm_auth;
+ uint32_t alg_k = hs->new_cipher->algorithm_mkey;
+ uint32_t alg_a = hs->new_cipher->algorithm_auth;
/* Pre-allocate enough room to comfortably fit an ECDHE public key. */
if (!CBB_init(&cbb, 128)) {
@@ -1191,7 +1190,7 @@
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
goto err;
}
- ssl->s3->new_session->group_id = group_id;
+ hs->new_session->group_id = group_id;
/* Set up ECDH, generate a key, and emit the public half. */
if (!SSL_ECDH_CTX_init(&hs->ecdh_ctx, group_id) ||
@@ -1219,7 +1218,7 @@
}
/* Add a signature. */
- if (ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) {
+ if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
if (!ssl_has_private_key(ssl)) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
goto err;
@@ -1416,7 +1415,7 @@
/* OpenSSL returns X509_V_OK when no certificates are received. This is
* classed by them as a bug, but it's assumed by at least NGINX. */
- ssl->s3->new_session->verify_result = X509_V_OK;
+ hs->new_session->verify_result = X509_V_OK;
ssl->s3->tmp.reuse_message = 1;
return 1;
}
@@ -1433,29 +1432,28 @@
CBS certificate_msg;
CBS_init(&certificate_msg, ssl->init_msg, ssl->init_num);
- sk_CRYPTO_BUFFER_pop_free(ssl->s3->new_session->certs, CRYPTO_BUFFER_free);
+ sk_CRYPTO_BUFFER_pop_free(hs->new_session->certs, CRYPTO_BUFFER_free);
EVP_PKEY_free(hs->peer_pubkey);
hs->peer_pubkey = NULL;
uint8_t alert = SSL_AD_DECODE_ERROR;
- ssl->s3->new_session->certs =
- ssl_parse_cert_chain(&alert, &hs->peer_pubkey,
- ssl->retain_only_sha256_of_client_certs
- ? ssl->s3->new_session->peer_sha256
- : NULL,
- &certificate_msg, ssl->ctx->pool);
- if (ssl->s3->new_session->certs == NULL) {
+ hs->new_session->certs = ssl_parse_cert_chain(
+ &alert, &hs->peer_pubkey,
+ ssl->retain_only_sha256_of_client_certs ? hs->new_session->peer_sha256
+ : NULL,
+ &certificate_msg, ssl->ctx->pool);
+ if (hs->new_session->certs == NULL) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
return -1;
}
if (CBS_len(&certificate_msg) != 0 ||
- !ssl->ctx->x509_method->session_cache_objects(ssl->s3->new_session)) {
+ !ssl->ctx->x509_method->session_cache_objects(hs->new_session)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return -1;
}
- if (sk_CRYPTO_BUFFER_num(ssl->s3->new_session->certs) == 0) {
+ if (sk_CRYPTO_BUFFER_num(hs->new_session->certs) == 0) {
/* No client certificate so the handshake buffer may be discarded. */
SSL_TRANSCRIPT_free_buffer(&hs->transcript);
@@ -1476,17 +1474,17 @@
/* OpenSSL returns X509_V_OK when no certificates are received. This is
* classed by them as a bug, but it's assumed by at least NGINX. */
- ssl->s3->new_session->verify_result = X509_V_OK;
+ hs->new_session->verify_result = X509_V_OK;
return 1;
}
/* The hash will have been filled in. */
if (ssl->retain_only_sha256_of_client_certs) {
- ssl->s3->new_session->peer_sha256_valid = 1;
+ hs->new_session->peer_sha256_valid = 1;
}
- if (!ssl_verify_cert_chain(ssl, &ssl->s3->new_session->verify_result,
- ssl->s3->new_session->x509_chain)) {
+ if (!ssl_verify_cert_chain(ssl, &hs->new_session->verify_result,
+ hs->new_session->x509_chain)) {
return -1;
}
return 1;
@@ -1518,8 +1516,8 @@
}
CBS_init(&client_key_exchange, ssl->init_msg, ssl->init_num);
- alg_k = ssl->s3->tmp.new_cipher->algorithm_mkey;
- alg_a = ssl->s3->tmp.new_cipher->algorithm_auth;
+ alg_k = hs->new_cipher->algorithm_mkey;
+ alg_a = hs->new_cipher->algorithm_auth;
/* If using a PSK key exchange, prepare the pre-shared key. */
if (alg_a & SSL_aPSK) {
@@ -1547,15 +1545,15 @@
goto f_err;
}
- if (!CBS_strdup(&psk_identity, &ssl->s3->new_session->psk_identity)) {
+ if (!CBS_strdup(&psk_identity, &hs->new_session->psk_identity)) {
al = SSL_AD_INTERNAL_ERROR;
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
goto f_err;
}
/* Look up the key for the identity. */
- psk_len = ssl->psk_server_callback(ssl, ssl->s3->new_session->psk_identity,
- psk, sizeof(psk));
+ psk_len = ssl->psk_server_callback(ssl, hs->new_session->psk_identity, psk,
+ sizeof(psk));
if (psk_len > PSK_MAX_PSK_LEN) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
al = SSL_AD_INTERNAL_ERROR;
@@ -1740,14 +1738,12 @@
}
/* Compute the master secret */
- ssl->s3->new_session->master_key_length =
- tls1_generate_master_secret(hs, ssl->s3->new_session->master_key,
- premaster_secret, premaster_secret_len);
- if (ssl->s3->new_session->master_key_length == 0) {
+ hs->new_session->master_key_length = tls1_generate_master_secret(
+ hs, hs->new_session->master_key, premaster_secret, premaster_secret_len);
+ if (hs->new_session->master_key_length == 0) {
goto err;
}
- ssl->s3->new_session->extended_master_secret =
- ssl->s3->tmp.extended_master_secret;
+ hs->new_session->extended_master_secret = ssl->s3->tmp.extended_master_secret;
OPENSSL_cleanse(premaster_secret, premaster_secret_len);
OPENSSL_free(premaster_secret);
@@ -1800,7 +1796,7 @@
if (!tls12_check_peer_sigalg(ssl, &al, signature_algorithm)) {
goto f_err;
}
- ssl->s3->new_session->peer_signature_algorithm = signature_algorithm;
+ hs->new_session->peer_signature_algorithm = signature_algorithm;
} else if (hs->peer_pubkey->type == EVP_PKEY_RSA) {
signature_algorithm = SSL_SIGN_RSA_PKCS1_MD5_SHA1;
} else if (hs->peer_pubkey->type == EVP_PKEY_EC) {
@@ -1826,7 +1822,7 @@
uint8_t digest[EVP_MAX_MD_SIZE];
size_t digest_len;
if (!SSL_TRANSCRIPT_ssl3_cert_verify_hash(&hs->transcript, digest,
- &digest_len, ssl->s3->new_session,
+ &digest_len, hs->new_session,
signature_algorithm)) {
goto err;
}
@@ -1923,8 +1919,8 @@
SSL_SESSION *session_copy = NULL;
if (ssl->session == NULL) {
/* Fix the timeout to measure from the ticket issuance time. */
- ssl_session_rebase_time(ssl, ssl->s3->new_session);
- session = ssl->s3->new_session;
+ ssl_session_rebase_time(ssl, hs->new_session);
+ session = hs->new_session;
} else {
/* We are renewing an existing session. Duplicate the session to adjust the
* timeout. */
diff --git a/ssl/internal.h b/ssl/internal.h
index 7fe5dee..040b6fd 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -854,9 +854,9 @@
int ssl_add_client_CA_list(SSL *ssl, CBB *cbb);
/* ssl_check_leaf_certificate returns one if |pkey| and |leaf| are suitable as
- * a server's leaf certificate for |ssl|. Otherwise, it returns zero and pushes
+ * a server's leaf certificate for |hs|. Otherwise, it returns zero and pushes
* an error on the error queue. */
-int ssl_check_leaf_certificate(SSL *ssl, EVP_PKEY *pkey,
+int ssl_check_leaf_certificate(SSL_HANDSHAKE *hs, EVP_PKEY *pkey,
const CRYPTO_BUFFER *leaf);
@@ -1049,6 +1049,13 @@
/* peer_pubkey is the public key parsed from the peer's leaf certificate. */
EVP_PKEY *peer_pubkey;
+ /* new_session is the new mutable session being established by the current
+ * handshake. It should not be cached. */
+ SSL_SESSION *new_session;
+
+ /* new_cipher is the cipher being negotiated in this handshake. */
+ const SSL_CIPHER *new_cipher;
+
/* key_block is the record-layer key block for TLS 1.2 and earlier. */
uint8_t *key_block;
uint8_t key_block_len;
@@ -1605,9 +1612,6 @@
* TODO(davidben): Move everything not needed after the handshake completes to
* |hs| and remove this. */
struct {
- /* used to hold the new cipher we are going to use */
- const SSL_CIPHER *new_cipher;
-
int message_type;
int reuse_message;
@@ -1625,10 +1629,6 @@
char extended_master_secret;
} tmp;
- /* new_session is the new mutable session being established by the current
- * handshake. It should not be cached. */
- SSL_SESSION *new_session;
-
/* established_session is the session established by the connection. This
* session is only filled upon the completion of the handshake and is
* immutable. */
@@ -1936,9 +1936,10 @@
* it has expired. */
int ssl_session_is_time_valid(const SSL *ssl, const SSL_SESSION *session);
-/* ssl_session_is_resumable returns one if |session| is resumable for |ssl| and
+/* ssl_session_is_resumable returns one if |session| is resumable for |hs| and
* zero otherwise. */
-int ssl_session_is_resumable(const SSL *ssl, const SSL_SESSION *session);
+int ssl_session_is_resumable(const SSL_HANDSHAKE *hs,
+ const SSL_SESSION *session);
/* SSL_SESSION_get_digest returns the digest used in |session|. If the digest is
* invalid, it returns NULL. */
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 0669d18..7fd09c6 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -167,6 +167,7 @@
OPENSSL_free(hs->cookie);
OPENSSL_free(hs->key_share_bytes);
OPENSSL_free(hs->public_key);
+ SSL_SESSION_free(hs->new_session);
OPENSSL_free(hs->peer_sigalgs);
OPENSSL_free(hs->peer_supported_group_list);
OPENSSL_free(hs->peer_key);
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 1c723cd..57a27c7 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -197,7 +197,6 @@
ssl_read_buffer_clear(ssl);
ssl_write_buffer_clear(ssl);
- SSL_SESSION_free(ssl->s3->new_session);
SSL_SESSION_free(ssl->s3->established_session);
ssl_handshake_free(ssl->s3->hs);
OPENSSL_free(ssl->s3->next_proto_negotiated);
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index f4301a8..c60c6fa 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -898,20 +898,20 @@
ssl_cert_set_cert_cb(ssl->cert, cb, arg);
}
-int ssl_check_leaf_certificate(SSL *ssl, EVP_PKEY *pkey,
+int ssl_check_leaf_certificate(SSL_HANDSHAKE *hs, EVP_PKEY *pkey,
const CRYPTO_BUFFER *leaf) {
+ SSL *const ssl = hs->ssl;
assert(ssl3_protocol_version(ssl) < TLS1_3_VERSION);
/* Check the certificate's type matches the cipher. */
- const SSL_CIPHER *cipher = ssl->s3->tmp.new_cipher;
- int expected_type = ssl_cipher_get_key_type(cipher);
+ int expected_type = ssl_cipher_get_key_type(hs->new_cipher);
assert(expected_type != EVP_PKEY_NONE);
if (pkey->type != expected_type) {
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CERTIFICATE_TYPE);
return 0;
}
- if (cipher->algorithm_auth & SSL_aECDSA) {
+ if (hs->new_cipher->algorithm_auth & SSL_aECDSA) {
CBS leaf_cbs;
CBS_init(&leaf_cbs, CRYPTO_BUFFER_data(leaf), CRYPTO_BUFFER_len(leaf));
/* ECDSA and ECDH certificates use the same public key format. Instead,
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 57178cf..517ddbb 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2496,10 +2496,11 @@
}
const SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl) {
- if (!SSL_in_init(ssl)) {
+ SSL_HANDSHAKE *hs = ssl->s3->hs;
+ if (hs == NULL) {
return NULL;
}
- return ssl->s3->tmp.new_cipher;
+ return hs->new_cipher;
}
void SSL_set_retain_only_sha256_of_client_certs(SSL *ssl, int enabled) {
diff --git a/ssl/ssl_session.c b/ssl/ssl_session.c
index 47f3bcd..bbe88c3 100644
--- a/ssl/ssl_session.c
+++ b/ssl/ssl_session.c
@@ -468,8 +468,8 @@
if (!SSL_in_init(ssl)) {
return ssl->s3->established_session;
}
- if (ssl->s3->new_session != NULL) {
- return ssl->s3->new_session;
+ if (ssl->s3->hs->new_session != NULL) {
+ return ssl->s3->hs->new_session;
}
return ssl->session;
}
@@ -572,8 +572,8 @@
session->not_resumable = 1;
session->verify_result = X509_V_ERR_INVALID_CALL;
- SSL_SESSION_free(ssl->s3->new_session);
- ssl->s3->new_session = session;
+ SSL_SESSION_free(hs->new_session);
+ hs->new_session = session;
ssl_set_session(ssl, NULL);
return 1;
@@ -700,18 +700,20 @@
return session->timeout > (long)now.tv_sec - session->time;
}
-int ssl_session_is_resumable(const SSL *ssl, const SSL_SESSION *session) {
+int ssl_session_is_resumable(const SSL_HANDSHAKE *hs,
+ const SSL_SESSION *session) {
+ const SSL *const ssl = hs->ssl;
return ssl_session_is_context_valid(ssl, session) &&
/* The session must have been created by the same type of end point as
* we're now using it with. */
- session->is_server == ssl->server &&
+ ssl->server == session->is_server &&
/* The session must not be expired. */
ssl_session_is_time_valid(ssl, session) &&
/* Only resume if the session's version matches the negotiated
* version. */
ssl->version == session->ssl_version &&
/* Only resume if the session's cipher matches the negotiated one. */
- ssl->s3->tmp.new_cipher == session->cipher &&
+ hs->new_cipher == session->cipher &&
/* If the session contains a client certificate (either the full
* certificate or just the hash) then require that the form of the
* certificate matches the current configuration. */
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index d01992e..909d6df 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -330,8 +330,8 @@
}
SSL_SESSION *session = ssl->session;
- if (ssl->s3->new_session != NULL) {
- session = ssl->s3->new_session;
+ if (hs->new_session != NULL) {
+ session = hs->new_session;
}
const EVP_AEAD *aead = NULL;
@@ -427,10 +427,9 @@
iv = server_write_iv;
}
- SSL_AEAD_CTX *aead_ctx =
- SSL_AEAD_CTX_new(is_read ? evp_aead_open : evp_aead_seal,
- ssl3_protocol_version(ssl), ssl->s3->tmp.new_cipher, key,
- key_len, mac_secret, mac_secret_len, iv, iv_len);
+ SSL_AEAD_CTX *aead_ctx = SSL_AEAD_CTX_new(
+ is_read ? evp_aead_open : evp_aead_seal, ssl3_protocol_version(ssl),
+ hs->new_cipher, key, key_len, mac_secret, mac_secret_len, iv, iv_len);
if (aead_ctx == NULL) {
return 0;
}
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index eadaff9..7a9f83a 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -616,9 +616,9 @@
assert(ssl->tlsext_hostname != NULL);
if (ssl->session == NULL) {
- OPENSSL_free(ssl->s3->new_session->tlsext_hostname);
- ssl->s3->new_session->tlsext_hostname = BUF_strdup(ssl->tlsext_hostname);
- if (!ssl->s3->new_session->tlsext_hostname) {
+ OPENSSL_free(hs->new_session->tlsext_hostname);
+ hs->new_session->tlsext_hostname = BUF_strdup(ssl->tlsext_hostname);
+ if (!hs->new_session->tlsext_hostname) {
*out_alert = SSL_AD_INTERNAL_ERROR;
return 0;
}
@@ -1118,7 +1118,7 @@
/* OCSP stapling is forbidden on non-certificate ciphers. */
if (CBS_len(contents) != 0 ||
- !ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) {
+ !ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
return 0;
}
@@ -1154,7 +1154,7 @@
!hs->ocsp_stapling_requested ||
ssl->cert->ocsp_response == NULL ||
ssl->s3->session_reused ||
- !ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) {
+ !ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
return 1;
}
@@ -1341,10 +1341,8 @@
*
* TODO(davidben): Enforce this anyway. */
if (!ssl->s3->session_reused &&
- !CBS_stow(
- contents,
- &ssl->s3->new_session->tlsext_signed_cert_timestamp_list,
- &ssl->s3->new_session->tlsext_signed_cert_timestamp_list_length)) {
+ !CBS_stow(contents, &hs->new_session->tlsext_signed_cert_timestamp_list,
+ &hs->new_session->tlsext_signed_cert_timestamp_list_length)) {
*out_alert = SSL_AD_INTERNAL_ERROR;
return 0;
}
@@ -1853,8 +1851,8 @@
return 1;
}
- const uint32_t alg_k = ssl->s3->tmp.new_cipher->algorithm_mkey;
- const uint32_t alg_a = ssl->s3->tmp.new_cipher->algorithm_auth;
+ const uint32_t alg_k = hs->new_cipher->algorithm_mkey;
+ const uint32_t alg_a = hs->new_cipher->algorithm_auth;
const int using_ecc = (alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA);
if (!using_ecc) {
@@ -2219,7 +2217,6 @@
int ssl_ext_key_share_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t **out_secret,
size_t *out_secret_len,
uint8_t *out_alert, CBS *contents) {
- SSL *const ssl = hs->ssl;
CBS peer_key;
uint16_t group_id;
if (!CBS_get_u16(contents, &group_id) ||
@@ -2241,7 +2238,7 @@
return 0;
}
- ssl->s3->new_session->group_id = group_id;
+ hs->new_session->group_id = group_id;
SSL_ECDH_CTX_cleanup(&hs->ecdh_ctx);
return 1;
}
@@ -2323,7 +2320,6 @@
}
int ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
- SSL *const ssl = hs->ssl;
uint16_t group_id;
CBB kse_bytes, public_key;
if (!tls1_get_shared_group(hs, &group_id) ||
@@ -2340,7 +2336,7 @@
hs->public_key = NULL;
hs->public_key_len = 0;
- ssl->s3->new_session->group_id = group_id;
+ hs->new_session->group_id = group_id;
return 1;
}
@@ -3519,7 +3515,7 @@
}
/* tls1_record_handshake_hashes_for_channel_id records the current handshake
- * hashes in |ssl->s3->new_session| so that Channel ID resumptions can sign that
+ * hashes in |hs->new_session| so that Channel ID resumptions can sign that
* data. */
int tls1_record_handshake_hashes_for_channel_id(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
@@ -3531,18 +3527,18 @@
}
OPENSSL_COMPILE_ASSERT(
- sizeof(ssl->s3->new_session->original_handshake_hash) == EVP_MAX_MD_SIZE,
+ sizeof(hs->new_session->original_handshake_hash) == EVP_MAX_MD_SIZE,
original_handshake_hash_is_too_small);
size_t digest_len;
if (!SSL_TRANSCRIPT_get_hash(&hs->transcript,
- ssl->s3->new_session->original_handshake_hash,
+ hs->new_session->original_handshake_hash,
&digest_len)) {
return -1;
}
OPENSSL_COMPILE_ASSERT(EVP_MAX_MD_SIZE <= 0xff, max_md_size_is_too_large);
- ssl->s3->new_session->original_handshake_hash_len = (uint8_t)digest_len;
+ hs->new_session->original_handshake_hash_len = (uint8_t)digest_len;
return 1;
}
diff --git a/ssl/tls13_both.c b/ssl/tls13_both.c
index 063652e..91cae9a 100644
--- a/ssl/tls13_both.c
+++ b/ssl/tls13_both.c
@@ -211,7 +211,7 @@
if (retain_sha256) {
/* Retain the hash of the leaf certificate if requested. */
SHA256(CBS_data(&certificate), CBS_len(&certificate),
- ssl->s3->new_session->peer_sha256);
+ hs->new_session->peer_sha256);
}
}
@@ -262,8 +262,8 @@
}
if (sk_CRYPTO_BUFFER_num(certs) == 1 &&
- !CBS_stow(&ocsp_response, &ssl->s3->new_session->ocsp_response,
- &ssl->s3->new_session->ocsp_response_length)) {
+ !CBS_stow(&ocsp_response, &hs->new_session->ocsp_response,
+ &hs->new_session->ocsp_response_length)) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
goto err;
}
@@ -283,10 +283,9 @@
}
if (sk_CRYPTO_BUFFER_num(certs) == 1 &&
- !CBS_stow(&sct,
- &ssl->s3->new_session->tlsext_signed_cert_timestamp_list,
- &ssl->s3->new_session
- ->tlsext_signed_cert_timestamp_list_length)) {
+ !CBS_stow(
+ &sct, &hs->new_session->tlsext_signed_cert_timestamp_list,
+ &hs->new_session->tlsext_signed_cert_timestamp_list_length)) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
goto err;
}
@@ -303,17 +302,17 @@
hs->peer_pubkey = pkey;
pkey = NULL;
- sk_CRYPTO_BUFFER_pop_free(ssl->s3->new_session->certs, CRYPTO_BUFFER_free);
- ssl->s3->new_session->certs = certs;
+ sk_CRYPTO_BUFFER_pop_free(hs->new_session->certs, CRYPTO_BUFFER_free);
+ hs->new_session->certs = certs;
certs = NULL;
- if (!ssl->ctx->x509_method->session_cache_objects(ssl->s3->new_session)) {
+ if (!ssl->ctx->x509_method->session_cache_objects(hs->new_session)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
goto err;
}
- if (sk_CRYPTO_BUFFER_num(ssl->s3->new_session->certs) == 0) {
+ if (sk_CRYPTO_BUFFER_num(hs->new_session->certs) == 0) {
if (!allow_anonymous) {
OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_CERTIFICATE_REQUIRED);
@@ -322,17 +321,17 @@
/* OpenSSL returns X509_V_OK when no certificates are requested. This is
* classed by them as a bug, but it's assumed by at least NGINX. */
- ssl->s3->new_session->verify_result = X509_V_OK;
+ hs->new_session->verify_result = X509_V_OK;
/* No certificate, so nothing more to do. */
ret = 1;
goto err;
}
- ssl->s3->new_session->peer_sha256_valid = retain_sha256;
+ hs->new_session->peer_sha256_valid = retain_sha256;
- if (!ssl_verify_cert_chain(ssl, &ssl->s3->new_session->verify_result,
- ssl->s3->new_session->x509_chain)) {
+ if (!ssl_verify_cert_chain(ssl, &hs->new_session->verify_result,
+ hs->new_session->x509_chain)) {
goto err;
}
@@ -370,7 +369,7 @@
ssl3_send_alert(ssl, SSL3_AL_FATAL, al);
goto err;
}
- ssl->s3->new_session->peer_signature_algorithm = signature_algorithm;
+ hs->new_session->peer_signature_algorithm = signature_algorithm;
if (!tls13_get_cert_verify_signature_input(
hs, &msg, &msg_len,
diff --git a/ssl/tls13_client.c b/ssl/tls13_client.c
index 815b30e..8e994e5 100644
--- a/ssl/tls13_client.c
+++ b/ssl/tls13_client.c
@@ -251,34 +251,33 @@
ssl->s3->session_reused = 1;
/* Only authentication information carries over in TLS 1.3. */
- ssl->s3->new_session =
- SSL_SESSION_dup(ssl->session, SSL_SESSION_DUP_AUTH_ONLY);
- if (ssl->s3->new_session == NULL) {
+ hs->new_session = SSL_SESSION_dup(ssl->session, SSL_SESSION_DUP_AUTH_ONLY);
+ if (hs->new_session == NULL) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_hs_error;
}
ssl_set_session(ssl, NULL);
/* Resumption incorporates fresh key material, so refresh the timeout. */
- ssl_session_renew_timeout(ssl, ssl->s3->new_session,
+ ssl_session_renew_timeout(ssl, hs->new_session,
ssl->initial_ctx->session_psk_dhe_timeout);
} else if (!ssl_get_new_session(hs, 0)) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_hs_error;
}
- ssl->s3->new_session->cipher = cipher;
- ssl->s3->tmp.new_cipher = cipher;
+ hs->new_session->cipher = cipher;
+ hs->new_cipher = cipher;
/* Store the initial negotiated ALPN in the session. */
if (ssl->s3->alpn_selected != NULL) {
- ssl->s3->new_session->early_alpn =
+ hs->new_session->early_alpn =
BUF_memdup(ssl->s3->alpn_selected, ssl->s3->alpn_selected_len);
- if (ssl->s3->new_session->early_alpn == NULL) {
+ if (hs->new_session->early_alpn == NULL) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_hs_error;
}
- ssl->s3->new_session->early_alpn_len = ssl->s3->alpn_selected_len;
+ hs->new_session->early_alpn_len = ssl->s3->alpn_selected_len;
}
/* The PRF hash is now known. Set up the key schedule. */
@@ -288,8 +287,8 @@
/* Incorporate the PSK into the running secret. */
if (ssl->s3->session_reused) {
- if (!tls13_advance_key_schedule(hs, ssl->s3->new_session->master_key,
- ssl->s3->new_session->master_key_length)) {
+ if (!tls13_advance_key_schedule(hs, hs->new_session->master_key,
+ hs->new_session->master_key_length)) {
return ssl_hs_error;
}
} else if (!tls13_advance_key_schedule(hs, kZeroes, hs->hash_len)) {
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 4d140e3..412705d 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -30,7 +30,7 @@
int tls13_init_key_schedule(SSL_HANDSHAKE *hs) {
if (!SSL_TRANSCRIPT_init_hash(&hs->transcript, ssl3_protocol_version(hs->ssl),
- hs->ssl->s3->tmp.new_cipher->algorithm_prf)) {
+ hs->new_cipher->algorithm_prf)) {
return 0;
}
@@ -237,17 +237,15 @@
static const char kTLS13LabelResumption[] = "resumption master secret";
int tls13_derive_resumption_secret(SSL_HANDSHAKE *hs) {
- SSL *const ssl = hs->ssl;
- if (ssl->s3->hs->hash_len > SSL_MAX_MASTER_KEY_LENGTH) {
+ if (hs->hash_len > SSL_MAX_MASTER_KEY_LENGTH) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
return 0;
}
- ssl->s3->new_session->master_key_length = hs->hash_len;
- return derive_secret(hs, ssl->s3->new_session->master_key,
- ssl->s3->new_session->master_key_length,
- (const uint8_t *)kTLS13LabelResumption,
- strlen(kTLS13LabelResumption));
+ hs->new_session->master_key_length = hs->hash_len;
+ return derive_secret(
+ hs, hs->new_session->master_key, hs->new_session->master_key_length,
+ (const uint8_t *)kTLS13LabelResumption, strlen(kTLS13LabelResumption));
}
static const char kTLS13LabelFinished[] = "finished";
diff --git a/ssl/tls13_server.c b/ssl/tls13_server.c
index 5c9e6db..402c234 100644
--- a/ssl/tls13_server.c
+++ b/ssl/tls13_server.c
@@ -150,8 +150,8 @@
}
/* Negotiate the cipher suite. */
- ssl->s3->tmp.new_cipher = choose_tls13_cipher(ssl, &client_hello);
- if (ssl->s3->tmp.new_cipher == NULL) {
+ hs->new_cipher = choose_tls13_cipher(ssl, &client_hello);
+ if (hs->new_cipher == NULL) {
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_CIPHER);
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
return ssl_hs_error;
@@ -189,7 +189,7 @@
}
if (session != NULL &&
- !ssl_session_is_resumable(ssl, session)) {
+ !ssl_session_is_resumable(hs, session)) {
SSL_SESSION_free(session);
session = NULL;
}
@@ -202,13 +202,13 @@
return ssl_hs_error;
}
- ssl->s3->new_session->cipher = ssl->s3->tmp.new_cipher;
+ hs->new_session->cipher = hs->new_cipher;
/* On new sessions, stash the SNI value in the session. */
if (hs->hostname != NULL) {
- OPENSSL_free(ssl->s3->new_session->tlsext_hostname);
- ssl->s3->new_session->tlsext_hostname = BUF_strdup(hs->hostname);
- if (ssl->s3->new_session->tlsext_hostname == NULL) {
+ OPENSSL_free(hs->new_session->tlsext_hostname);
+ hs->new_session->tlsext_hostname = BUF_strdup(hs->hostname);
+ if (hs->new_session->tlsext_hostname == NULL) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_hs_error;
}
@@ -222,8 +222,8 @@
}
/* Only authentication information carries over in TLS 1.3. */
- ssl->s3->new_session = SSL_SESSION_dup(session, SSL_SESSION_DUP_AUTH_ONLY);
- if (ssl->s3->new_session == NULL) {
+ hs->new_session = SSL_SESSION_dup(session, SSL_SESSION_DUP_AUTH_ONLY);
+ if (hs->new_session == NULL) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_hs_error;
}
@@ -231,7 +231,7 @@
SSL_SESSION_free(session);
/* Resumption incorporates fresh key material, so refresh the timeout. */
- ssl_session_renew_timeout(ssl, ssl->s3->new_session,
+ ssl_session_renew_timeout(ssl, hs->new_session,
ssl->initial_ctx->session_psk_dhe_timeout);
}
@@ -253,19 +253,19 @@
/* Store the initial negotiated ALPN in the session. */
if (ssl->s3->alpn_selected != NULL) {
- ssl->s3->new_session->early_alpn =
+ hs->new_session->early_alpn =
BUF_memdup(ssl->s3->alpn_selected, ssl->s3->alpn_selected_len);
- if (ssl->s3->new_session->early_alpn == NULL) {
+ if (hs->new_session->early_alpn == NULL) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_hs_error;
}
- ssl->s3->new_session->early_alpn_len = ssl->s3->alpn_selected_len;
+ hs->new_session->early_alpn_len = ssl->s3->alpn_selected_len;
}
/* Incorporate the PSK into the running secret. */
if (ssl->s3->session_reused) {
- if (!tls13_advance_key_schedule(hs, ssl->s3->new_session->master_key,
- ssl->s3->new_session->master_key_length)) {
+ if (!tls13_advance_key_schedule(hs, hs->new_session->master_key,
+ hs->new_session->master_key_length)) {
return ssl_hs_error;
}
} else if (!tls13_advance_key_schedule(hs, kZeroes, hs->hash_len)) {
@@ -351,7 +351,7 @@
!CBB_add_u16(&body, ssl->version) ||
!RAND_bytes(ssl->s3->server_random, sizeof(ssl->s3->server_random)) ||
!CBB_add_bytes(&body, ssl->s3->server_random, SSL3_RANDOM_SIZE) ||
- !CBB_add_u16(&body, ssl_cipher_get_value(ssl->s3->tmp.new_cipher)) ||
+ !CBB_add_u16(&body, ssl_cipher_get_value(hs->new_cipher)) ||
!CBB_add_u16_length_prefixed(&body, &extensions) ||
!ssl_ext_pre_shared_key_add_serverhello(hs, &extensions) ||
!ssl_ext_key_share_add_serverhello(hs, &extensions)) {
@@ -483,7 +483,7 @@
if (!hs->cert_request) {
/* OpenSSL returns X509_V_OK when no certificates are requested. This is
* classed by them as a bug, but it's assumed by at least NGINX. */
- ssl->s3->new_session->verify_result = X509_V_OK;
+ hs->new_session->verify_result = X509_V_OK;
/* Skip this state. */
hs->tls13_state = state_process_channel_id;
@@ -506,7 +506,7 @@
static enum ssl_hs_wait_t do_process_client_certificate_verify(
SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
- if (sk_CRYPTO_BUFFER_num(ssl->s3->new_session->certs) == 0) {
+ if (sk_CRYPTO_BUFFER_num(hs->new_session->certs) == 0) {
/* Skip this state. */
hs->tls13_state = state_process_channel_id;
return ssl_hs_ok;
@@ -554,7 +554,7 @@
/* Rebase the session timestamp so that it is measured from ticket
* issuance. */
- ssl_session_rebase_time(ssl, ssl->s3->new_session);
+ ssl_session_rebase_time(ssl, hs->new_session);
hs->tls13_state = state_send_new_session_ticket;
return ssl_hs_ok;
}
@@ -572,7 +572,7 @@
return ssl_hs_ok;
}
- SSL_SESSION *session = ssl->s3->new_session;
+ SSL_SESSION *session = hs->new_session;
CBB cbb;
CBB_zero(&cbb);
