Pass explicit hs parameters to tls13_*.c. This removes all explicit ssl->s3->hs access in those files. Change-Id: I801ca1c894936aecef21e56ec7e7acb9d1b99688 Reviewed-on: https://boringssl-review.googlesource.com/12318 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

commit: 6e4fc336c4465c2fa63a512efb5b96776f15c412 [log] [tgz]
author: David Benjamin <davidben@google.com> Thu Nov 17 16:43:08 2016 +0900
committer: David Benjamin <davidben@google.com> Tue Dec 06 19:49:24 2016 +0000
tree: 37b356b7662c7a4626e1a3c6e73890923f8115ed
parent: 8c880a2b953160b8e4cf8c081bafb9271c01af4b [diff]
diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c
index 1ee20ee..76a08f5 100644
--- a/ssl/handshake_client.c
+++ b/ssl/handshake_client.c

@@ -894,7 +894,7 @@
     return 1;
   }
 
-  ssl_clear_tls13_state(ssl);
+  ssl_clear_tls13_state(hs);
 
   if (ssl->s3->tmp.message_type != SSL3_MT_SERVER_HELLO) {
     ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);

diff --git a/ssl/internal.h b/ssl/internal.h
index d31ccb8..b401fe4 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h

@@ -798,11 +798,12 @@
 /* tls13_init_key_schedule initializes the handshake hash and key derivation
  * state. The cipher suite and PRF hash must have been selected at this point.
  * It returns one on success and zero on error. */
-int tls13_init_key_schedule(SSL *ssl);
+int tls13_init_key_schedule(SSL_HANDSHAKE *hs);
 
 /* tls13_advance_key_schedule incorporates |in| into the key schedule with
  * HKDF-Extract. It returns one on success and zero on error. */
-int tls13_advance_key_schedule(SSL *ssl, const uint8_t *in, size_t len);
+int tls13_advance_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *in,
+                               size_t len);
 
 /* tls13_get_context_hash writes Hash(Handshake Context) to |out| which must
  * have room for at least |EVP_MAX_MD_SIZE| bytes. On success, it returns one
@@ -826,7 +827,7 @@
 /* tls13_set_handshake_traffic derives the handshake traffic secret and
  * switches both read and write traffic to it. It returns one on success and
  * zero on error. */
-int tls13_set_handshake_traffic(SSL *ssl);
+int tls13_set_handshake_traffic(SSL_HANDSHAKE *hs);
 
 /* tls13_rotate_traffic_key derives the next read or write traffic secret. It
  * returns one on success and zero on error. */
@@ -835,10 +836,10 @@
 /* tls13_derive_application_secrets derives the initial application data traffic
  * and exporter secrets based on the handshake transcripts and |master_secret|.
  * It returns one on success and zero on error. */
-int tls13_derive_application_secrets(SSL *ssl);
+int tls13_derive_application_secrets(SSL_HANDSHAKE *hs);
 
 /* tls13_derive_resumption_secret derives the |resumption_secret|. */
-int tls13_derive_resumption_secret(SSL *ssl);
+int tls13_derive_resumption_secret(SSL_HANDSHAKE *hs);
 
 /* tls13_export_keying_material provides an exporter interface to use the
  * |exporter_secret|. */
@@ -851,7 +852,8 @@
  * the integrity of the Finished message, and stores the result in |out| and
  * length in |out_len|. |is_server| is 1 if this is for the Server Finished and
  * 0 for the Client Finished. */
-int tls13_finished_mac(SSL *ssl, uint8_t *out, size_t *out_len, int is_server);
+int tls13_finished_mac(SSL_HANDSHAKE *hs, uint8_t *out,
+                       size_t *out_len, int is_server);
 
 /* tls13_write_psk_binder calculates the PSK binder value and replaces the last
  * bytes of |msg| with the resulting value. It returns 1 on success, and 0 on
@@ -1051,12 +1053,12 @@
 
 int tls13_process_certificate(SSL *ssl, int allow_anonymous);
 int tls13_process_certificate_verify(SSL *ssl);
-int tls13_process_finished(SSL *ssl);
+int tls13_process_finished(SSL_HANDSHAKE *hs);
 
-int tls13_prepare_certificate(SSL *ssl);
+int tls13_prepare_certificate(SSL_HANDSHAKE *hs);
 enum ssl_private_key_result_t tls13_prepare_certificate_verify(
-    SSL *ssl, int is_first_run);
-int tls13_prepare_finished(SSL *ssl);
+    SSL_HANDSHAKE *hs, int is_first_run);
+int tls13_prepare_finished(SSL_HANDSHAKE *hs);
 int tls13_process_new_session_ticket(SSL *ssl);
 
 int ssl_ext_key_share_parse_serverhello(SSL *ssl, uint8_t **out_secret,
@@ -1084,7 +1086,7 @@
 
 /* ssl_clear_tls13_state releases client state only needed for TLS 1.3. It
  * should be called once the version is known to be TLS 1.2 or earlier. */
-void ssl_clear_tls13_state(SSL *ssl);
+void ssl_clear_tls13_state(SSL_HANDSHAKE *hs);
 
 enum ssl_cert_verify_context_t {
   ssl_cert_verify_server,

diff --git a/ssl/tls13_both.c b/ssl/tls13_both.c
index 7d61304..6f697e6 100644
--- a/ssl/tls13_both.c
+++ b/ssl/tls13_both.c

@@ -401,10 +401,11 @@
   return 1;
 }
 
-int tls13_process_finished(SSL *ssl) {
+int tls13_process_finished(SSL_HANDSHAKE *hs) {
+  SSL *const ssl = hs->ssl;
   uint8_t verify_data[EVP_MAX_MD_SIZE];
   size_t verify_data_len;
-  if (!tls13_finished_mac(ssl, verify_data, &verify_data_len, !ssl->server)) {
+  if (!tls13_finished_mac(hs, verify_data, &verify_data_len, !ssl->server)) {
     return 0;
   }
 
@@ -423,7 +424,8 @@
   return 1;
 }
 
-int tls13_prepare_certificate(SSL *ssl) {
+int tls13_prepare_certificate(SSL_HANDSHAKE *hs) {
+  SSL *const ssl = hs->ssl;
   CBB cbb, body, certificate_list;
   if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_CERTIFICATE) ||
       /* The request context is always empty in the handshake. */
@@ -450,7 +452,7 @@
     goto err;
   }
 
-  if (ssl->s3->hs->scts_requested &&
+  if (hs->scts_requested &&
       ssl->ctx->signed_cert_timestamp_list_length != 0) {
     CBB contents;
     if (!CBB_add_u16(&extensions, TLSEXT_TYPE_certificate_timestamp) ||
@@ -463,7 +465,7 @@
     }
   }
 
-  if (ssl->s3->hs->ocsp_stapling_requested &&
+  if (hs->ocsp_stapling_requested &&
       ssl->ctx->ocsp_response_length != 0) {
     CBB contents, ocsp_response;
     if (!CBB_add_u16(&extensions, TLSEXT_TYPE_status_request) ||
@@ -500,7 +502,8 @@
 }
 
 enum ssl_private_key_result_t tls13_prepare_certificate_verify(
-    SSL *ssl, int is_first_run) {
+    SSL_HANDSHAKE *hs, int is_first_run) {
+  SSL *const ssl = hs->ssl;
   enum ssl_private_key_result_t ret = ssl_private_key_failure;
   uint8_t *msg = NULL;
   size_t msg_len;
@@ -561,11 +564,12 @@
   return ret;
 }
 
-int tls13_prepare_finished(SSL *ssl) {
+int tls13_prepare_finished(SSL_HANDSHAKE *hs) {
+  SSL *const ssl = hs->ssl;
   size_t verify_data_len;
   uint8_t verify_data[EVP_MAX_MD_SIZE];
 
-  if (!tls13_finished_mac(ssl, verify_data, &verify_data_len, ssl->server)) {
+  if (!tls13_finished_mac(hs, verify_data, &verify_data_len, ssl->server)) {
     ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
     OPENSSL_PUT_ERROR(SSL, SSL_R_DIGEST_CHECK_FAILED);
     return 0;

diff --git a/ssl/tls13_client.c b/ssl/tls13_client.c
index 7a93103..6992b52 100644
--- a/ssl/tls13_client.c
+++ b/ssl/tls13_client.c

@@ -276,17 +276,17 @@
   /* The PRF hash is now known. Set up the key schedule. */
   size_t hash_len =
       EVP_MD_size(ssl_get_handshake_digest(ssl_get_algorithm_prf(ssl)));
-  if (!tls13_init_key_schedule(ssl)) {
+  if (!tls13_init_key_schedule(hs)) {
     return ssl_hs_error;
   }
 
   /* Incorporate the PSK into the running secret. */
   if (ssl->s3->session_reused) {
-    if (!tls13_advance_key_schedule(ssl, ssl->s3->new_session->master_key,
+    if (!tls13_advance_key_schedule(hs, ssl->s3->new_session->master_key,
                                     ssl->s3->new_session->master_key_length)) {
       return ssl_hs_error;
     }
-  } else if (!tls13_advance_key_schedule(ssl, kZeroes, hash_len)) {
+  } else if (!tls13_advance_key_schedule(hs, kZeroes, hash_len)) {
     return ssl_hs_error;
   }
 
@@ -299,7 +299,7 @@
     return ssl_hs_error;
   }
 
-  if (!tls13_advance_key_schedule(ssl, dhe_secret, dhe_secret_len)) {
+  if (!tls13_advance_key_schedule(hs, dhe_secret, dhe_secret_len)) {
     OPENSSL_free(dhe_secret);
     return ssl_hs_error;
   }
@@ -312,7 +312,7 @@
     return ssl_hs_error;
   }
 
-  if (!tls13_set_handshake_traffic(ssl)) {
+  if (!tls13_set_handshake_traffic(hs)) {
     return ssl_hs_error;
   }
 
@@ -430,11 +430,11 @@
 static enum ssl_hs_wait_t do_process_server_finished(SSL_HANDSHAKE *hs) {
   SSL *const ssl = hs->ssl;
   if (!tls13_check_message_type(ssl, SSL3_MT_FINISHED) ||
-      !tls13_process_finished(ssl) ||
+      !tls13_process_finished(hs) ||
       !ssl_hash_current_message(ssl) ||
       /* Update the secret to the master secret and derive traffic keys. */
-      !tls13_advance_key_schedule(ssl, kZeroes, hs->hash_len) ||
-      !tls13_derive_application_secrets(ssl)) {
+      !tls13_advance_key_schedule(hs, kZeroes, hs->hash_len) ||
+      !tls13_derive_application_secrets(hs)) {
     return ssl_hs_error;
   }
 
@@ -481,7 +481,7 @@
     return ssl_hs_error;
   }
 
-  if (!tls13_prepare_certificate(ssl)) {
+  if (!tls13_prepare_certificate(hs)) {
     return ssl_hs_error;
   }
 
@@ -498,7 +498,7 @@
     return ssl_hs_ok;
   }
 
-  switch (tls13_prepare_certificate_verify(ssl, is_first_run)) {
+  switch (tls13_prepare_certificate_verify(hs, is_first_run)) {
     case ssl_private_key_success:
       hs->state = state_send_channel_id;
       return ssl_hs_write_message;
@@ -543,7 +543,7 @@
 }
 
 static enum ssl_hs_wait_t do_send_client_finished(SSL_HANDSHAKE *hs) {
-  if (!tls13_prepare_finished(hs->ssl)) {
+  if (!tls13_prepare_finished(hs)) {
     return ssl_hs_error;
   }
 
@@ -557,7 +557,7 @@
                              hs->hash_len) ||
       !tls13_set_traffic_key(ssl, evp_aead_seal, hs->client_traffic_secret_0,
                              hs->hash_len) ||
-      !tls13_derive_resumption_secret(ssl)) {
+      !tls13_derive_resumption_secret(hs)) {
     return ssl_hs_error;
   }
 
@@ -668,10 +668,10 @@
   return 1;
 }
 
-void ssl_clear_tls13_state(SSL *ssl) {
-  SSL_ECDH_CTX_cleanup(&ssl->s3->hs->ecdh_ctx);
+void ssl_clear_tls13_state(SSL_HANDSHAKE *hs) {
+  SSL_ECDH_CTX_cleanup(&hs->ecdh_ctx);
 
-  OPENSSL_free(ssl->s3->hs->key_share_bytes);
-  ssl->s3->hs->key_share_bytes = NULL;
-  ssl->s3->hs->key_share_bytes_len = 0;
+  OPENSSL_free(hs->key_share_bytes);
+  hs->key_share_bytes = NULL;
+  hs->key_share_bytes_len = 0;
 }

diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index d53313c..4fca65b 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c

@@ -27,8 +27,8 @@
 #include "internal.h"
 
 
-int tls13_init_key_schedule(SSL *ssl) {
-  SSL_HANDSHAKE *hs = ssl->s3->hs;
+int tls13_init_key_schedule(SSL_HANDSHAKE *hs) {
+  SSL *const ssl = hs->ssl;
   const EVP_MD *digest = ssl_get_handshake_digest(ssl_get_algorithm_prf(ssl));
 
   hs->hash_len = EVP_MD_size(digest);
@@ -44,9 +44,10 @@
   return 1;
 }
 
-int tls13_advance_key_schedule(SSL *ssl, const uint8_t *in, size_t len) {
-  SSL_HANDSHAKE *hs = ssl->s3->hs;
-  const EVP_MD *digest = ssl_get_handshake_digest(ssl_get_algorithm_prf(ssl));
+int tls13_advance_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *in,
+                               size_t len) {
+  const EVP_MD *digest =
+      ssl_get_handshake_digest(ssl_get_algorithm_prf(hs->ssl));
 
   return HKDF_extract(hs->secret, &hs->hash_len, digest, in, len, hs->secret,
                       hs->hash_len);
@@ -97,9 +98,9 @@
 /* derive_secret derives a secret of length |len| and writes the result in |out|
  * with the given label and the current base secret and most recently-saved
  * handshake context. It returns one on success and zero on error. */
-static int derive_secret(SSL *ssl, uint8_t *out, size_t len,
+static int derive_secret(SSL_HANDSHAKE *hs, uint8_t *out, size_t len,
                          const uint8_t *label, size_t label_len) {
-  SSL_HANDSHAKE *hs = ssl->s3->hs;
+  SSL *const ssl = hs->ssl;
   const EVP_MD *digest = ssl_get_handshake_digest(ssl_get_algorithm_prf(ssl));
 
   uint8_t context_hash[EVP_MAX_MD_SIZE];
@@ -184,17 +185,16 @@
 static const char kTLS13LabelServerApplicationTraffic[] =
     "server application traffic secret";
 
-int tls13_set_handshake_traffic(SSL *ssl) {
-  SSL_HANDSHAKE *hs = ssl->s3->hs;
-
+int tls13_set_handshake_traffic(SSL_HANDSHAKE *hs) {
+  SSL *const ssl = hs->ssl;
   uint8_t client_traffic_secret[EVP_MAX_MD_SIZE];
   uint8_t server_traffic_secret[EVP_MAX_MD_SIZE];
-  if (!derive_secret(ssl, client_traffic_secret, hs->hash_len,
+  if (!derive_secret(hs, client_traffic_secret, hs->hash_len,
                      (const uint8_t *)kTLS13LabelClientHandshakeTraffic,
                      strlen(kTLS13LabelClientHandshakeTraffic)) ||
       !ssl_log_secret(ssl, "CLIENT_HANDSHAKE_TRAFFIC_SECRET",
                       client_traffic_secret, hs->hash_len) ||
-      !derive_secret(ssl, server_traffic_secret, hs->hash_len,
+      !derive_secret(hs, server_traffic_secret, hs->hash_len,
                      (const uint8_t *)kTLS13LabelServerHandshakeTraffic,
                      strlen(kTLS13LabelServerHandshakeTraffic)) ||
       !ssl_log_secret(ssl, "SERVER_HANDSHAKE_TRAFFIC_SECRET",
@@ -222,21 +222,20 @@
 
 static const char kTLS13LabelExporter[] = "exporter master secret";
 
-int tls13_derive_application_secrets(SSL *ssl) {
-  SSL_HANDSHAKE *hs = ssl->s3->hs;
-
+int tls13_derive_application_secrets(SSL_HANDSHAKE *hs) {
+  SSL *const ssl = hs->ssl;
   ssl->s3->exporter_secret_len = hs->hash_len;
-  return derive_secret(ssl, hs->client_traffic_secret_0, hs->hash_len,
+  return derive_secret(hs, hs->client_traffic_secret_0, hs->hash_len,
                        (const uint8_t *)kTLS13LabelClientApplicationTraffic,
                        strlen(kTLS13LabelClientApplicationTraffic)) &&
          ssl_log_secret(ssl, "CLIENT_TRAFFIC_SECRET_0",
                         hs->client_traffic_secret_0, hs->hash_len) &&
-         derive_secret(ssl, hs->server_traffic_secret_0, hs->hash_len,
+         derive_secret(hs, hs->server_traffic_secret_0, hs->hash_len,
                        (const uint8_t *)kTLS13LabelServerApplicationTraffic,
                        strlen(kTLS13LabelServerApplicationTraffic)) &&
          ssl_log_secret(ssl, "SERVER_TRAFFIC_SECRET_0",
                         hs->server_traffic_secret_0, hs->hash_len) &&
-         derive_secret(ssl, ssl->s3->exporter_secret, hs->hash_len,
+         derive_secret(hs, ssl->s3->exporter_secret, hs->hash_len,
                        (const uint8_t *)kTLS13LabelExporter,
                        strlen(kTLS13LabelExporter));
 }
@@ -269,14 +268,15 @@
 
 static const char kTLS13LabelResumption[] = "resumption master secret";
 
-int tls13_derive_resumption_secret(SSL *ssl) {
+int tls13_derive_resumption_secret(SSL_HANDSHAKE *hs) {
+  SSL *const ssl = hs->ssl;
   if (ssl->s3->hs->hash_len > SSL_MAX_MASTER_KEY_LENGTH) {
     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
     return 0;
   }
 
-  ssl->s3->new_session->master_key_length = ssl->s3->hs->hash_len;
-  return derive_secret(ssl, ssl->s3->new_session->master_key,
+  ssl->s3->new_session->master_key_length = hs->hash_len;
+  return derive_secret(hs, ssl->s3->new_session->master_key,
                        ssl->s3->new_session->master_key_length,
                        (const uint8_t *)kTLS13LabelResumption,
                        strlen(kTLS13LabelResumption));
@@ -302,8 +302,9 @@
   return 1;
 }
 
-int tls13_finished_mac(SSL *ssl, uint8_t *out, size_t *out_len, int is_server) {
-  SSL_HANDSHAKE *hs = ssl->s3->hs;
+int tls13_finished_mac(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len,
+                       int is_server) {
+  SSL *const ssl = hs->ssl;
   const EVP_MD *digest = ssl_get_handshake_digest(ssl_get_algorithm_prf(ssl));
 
   const uint8_t *traffic_secret;

diff --git a/ssl/tls13_server.c b/ssl/tls13_server.c
index 27a92b9..c1af999 100644
--- a/ssl/tls13_server.c
+++ b/ssl/tls13_server.c

@@ -53,8 +53,9 @@
 
 static const uint8_t kZeroes[EVP_MAX_MD_SIZE] = {0};
 
-static int resolve_ecdhe_secret(SSL *ssl, int *out_need_retry,
+static int resolve_ecdhe_secret(SSL_HANDSHAKE *hs, int *out_need_retry,
                                 struct ssl_early_callback_ctx *early_ctx) {
+  SSL *const ssl = hs->ssl;
   *out_need_retry = 0;
 
   /* We only support connections that include an ECDHE key exchange. */
@@ -82,7 +83,7 @@
     return 0;
   }
 
-  int ok = tls13_advance_key_schedule(ssl, dhe_secret, dhe_secret_len);
+  int ok = tls13_advance_key_schedule(hs, dhe_secret, dhe_secret_len);
   OPENSSL_free(dhe_secret);
   return ok;
 }
@@ -246,8 +247,8 @@
     ssl->s3->new_session->cipher = ssl->s3->tmp.new_cipher;
 
     /* On new sessions, stash the SNI value in the session. */
-    if (ssl->s3->hs->hostname != NULL) {
-      ssl->s3->new_session->tlsext_hostname = BUF_strdup(ssl->s3->hs->hostname);
+    if (hs->hostname != NULL) {
+      ssl->s3->new_session->tlsext_hostname = BUF_strdup(hs->hostname);
       if (ssl->s3->new_session->tlsext_hostname == NULL) {
         ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
         return ssl_hs_error;
@@ -289,17 +290,17 @@
   /* The PRF hash is now known. Set up the key schedule. */
   size_t hash_len =
       EVP_MD_size(ssl_get_handshake_digest(ssl_get_algorithm_prf(ssl)));
-  if (!tls13_init_key_schedule(ssl)) {
+  if (!tls13_init_key_schedule(hs)) {
     return ssl_hs_error;
   }
 
   /* Incorporate the PSK into the running secret. */
   if (ssl->s3->session_reused) {
-    if (!tls13_advance_key_schedule(ssl, ssl->s3->new_session->master_key,
+    if (!tls13_advance_key_schedule(hs, ssl->s3->new_session->master_key,
                                     ssl->s3->new_session->master_key_length)) {
       return ssl_hs_error;
     }
-  } else if (!tls13_advance_key_schedule(ssl, kZeroes, hash_len)) {
+  } else if (!tls13_advance_key_schedule(hs, kZeroes, hash_len)) {
     return ssl_hs_error;
   }
 
@@ -307,7 +308,7 @@
 
   /* Resolve ECDHE and incorporate it into the secret. */
   int need_retry;
-  if (!resolve_ecdhe_secret(ssl, &need_retry, &client_hello)) {
+  if (!resolve_ecdhe_secret(hs, &need_retry, &client_hello)) {
     if (need_retry) {
       hs->state = state_send_hello_retry_request;
       return ssl_hs_ok;
@@ -360,7 +361,7 @@
   }
 
   int need_retry;
-  if (!resolve_ecdhe_secret(ssl, &need_retry, &client_hello)) {
+  if (!resolve_ecdhe_secret(hs, &need_retry, &client_hello)) {
     if (need_retry) {
       /* Only send one HelloRetryRequest. */
       ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
@@ -403,7 +404,7 @@
 
 static enum ssl_hs_wait_t do_send_encrypted_extensions(SSL_HANDSHAKE *hs) {
   SSL *const ssl = hs->ssl;
-  if (!tls13_set_handshake_traffic(ssl)) {
+  if (!tls13_set_handshake_traffic(hs)) {
     return ssl_hs_error;
   }
 
@@ -480,7 +481,7 @@
     return ssl_hs_error;
   }
 
-  if (!tls13_prepare_certificate(ssl)) {
+  if (!tls13_prepare_certificate(hs)) {
     return ssl_hs_error;
   }
 
@@ -490,7 +491,7 @@
 
 static enum ssl_hs_wait_t do_send_server_certificate_verify(SSL_HANDSHAKE *hs,
                                                             int is_first_run) {
-  switch (tls13_prepare_certificate_verify(hs->ssl, is_first_run)) {
+  switch (tls13_prepare_certificate_verify(hs, is_first_run)) {
     case ssl_private_key_success:
       hs->state = state_send_server_finished;
       return ssl_hs_write_message;
@@ -508,7 +509,7 @@
 }
 
 static enum ssl_hs_wait_t do_send_server_finished(SSL_HANDSHAKE *hs) {
-  if (!tls13_prepare_finished(hs->ssl)) {
+  if (!tls13_prepare_finished(hs)) {
     return ssl_hs_error;
   }
 
@@ -519,8 +520,8 @@
 static enum ssl_hs_wait_t do_flush(SSL_HANDSHAKE *hs) {
   SSL *const ssl = hs->ssl;
   /* Update the secret to the master secret and derive traffic keys. */
-  if (!tls13_advance_key_schedule(ssl, kZeroes, hs->hash_len) ||
-      !tls13_derive_application_secrets(ssl) ||
+  if (!tls13_advance_key_schedule(hs, kZeroes, hs->hash_len) ||
+      !tls13_derive_application_secrets(hs) ||
       !tls13_set_traffic_key(ssl, evp_aead_seal, hs->server_traffic_secret_0,
                              hs->hash_len)) {
     return ssl_hs_error;
@@ -600,12 +601,12 @@
 static enum ssl_hs_wait_t do_process_client_finished(SSL_HANDSHAKE *hs) {
   SSL *const ssl = hs->ssl;
   if (!tls13_check_message_type(ssl, SSL3_MT_FINISHED) ||
-      !tls13_process_finished(ssl) ||
+      !tls13_process_finished(hs) ||
       !ssl_hash_current_message(ssl) ||
       /* evp_aead_seal keys have already been switched. */
       !tls13_set_traffic_key(ssl, evp_aead_open, hs->client_traffic_secret_0,
                              hs->hash_len) ||
-      !tls13_derive_resumption_secret(ssl)) {
+      !tls13_derive_resumption_secret(hs)) {
     return ssl_hs_error;
   }
commit	6e4fc336c4465c2fa63a512efb5b96776f15c412	[log] [tgz]
author	David Benjamin <davidben@google.com>	Thu Nov 17 16:43:08 2016 +0900
committer	David Benjamin <davidben@google.com>	Tue Dec 06 19:49:24 2016 +0000
tree	37b356b7662c7a4626e1a3c6e73890923f8115ed
parent	8c880a2b953160b8e4cf8c081bafb9271c01af4b [diff]