Pass explicit hs parameters to ssl_ext_*.
Change-Id: I84a8ff1d717f3291403f6fc49668c84f89b910da
Reviewed-on: https://boringssl-review.googlesource.com/12342
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/internal.h b/ssl/internal.h
index e307cb9..eb2af49 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -1061,22 +1061,22 @@
int tls13_prepare_finished(SSL_HANDSHAKE *hs);
int tls13_process_new_session_ticket(SSL *ssl);
-int ssl_ext_key_share_parse_serverhello(SSL *ssl, uint8_t **out_secret,
+int ssl_ext_key_share_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t **out_secret,
size_t *out_secret_len,
uint8_t *out_alert, CBS *contents);
-int ssl_ext_key_share_parse_clienthello(SSL *ssl, int *out_found,
+int ssl_ext_key_share_parse_clienthello(SSL_HANDSHAKE *hs, int *out_found,
uint8_t **out_secret,
size_t *out_secret_len,
uint8_t *out_alert, CBS *contents);
-int ssl_ext_key_share_add_serverhello(SSL *ssl, CBB *out);
+int ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out);
-int ssl_ext_pre_shared_key_parse_serverhello(SSL *ssl, uint8_t *out_alert,
- CBS *contents);
-int ssl_ext_pre_shared_key_parse_clienthello(SSL *ssl,
+int ssl_ext_pre_shared_key_parse_serverhello(SSL_HANDSHAKE *hs,
+ uint8_t *out_alert, CBS *contents);
+int ssl_ext_pre_shared_key_parse_clienthello(SSL_HANDSHAKE *hs,
SSL_SESSION **out_session,
CBS *out_binders,
uint8_t *out_alert, CBS *contents);
-int ssl_ext_pre_shared_key_add_serverhello(SSL *ssl, CBB *out);
+int ssl_ext_pre_shared_key_add_serverhello(SSL_HANDSHAKE *hs, CBB *out);
/* ssl_is_sct_list_valid does a shallow parse of the SCT list in |contents| and
* returns one iff it's valid. */
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index a87bee1..0b27165 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1990,7 +1990,8 @@
return CBB_flush(out);
}
-int ssl_ext_pre_shared_key_parse_serverhello(SSL *ssl, uint8_t *out_alert,
+int ssl_ext_pre_shared_key_parse_serverhello(SSL_HANDSHAKE *hs,
+ uint8_t *out_alert,
CBS *contents) {
uint16_t psk_id;
if (!CBS_get_u16(contents, &psk_id) ||
@@ -2010,11 +2011,12 @@
return 1;
}
-int ssl_ext_pre_shared_key_parse_clienthello(SSL *ssl,
+int ssl_ext_pre_shared_key_parse_clienthello(SSL_HANDSHAKE *hs,
SSL_SESSION **out_session,
CBS *out_binders,
uint8_t *out_alert,
CBS *contents) {
+ SSL *const ssl = hs->ssl;
/* We only process the first PSK identity since we don't support pure PSK. */
uint32_t obfuscated_ticket_age;
CBS identities, ticket, binders;
@@ -2081,8 +2083,8 @@
return 1;
}
-int ssl_ext_pre_shared_key_add_serverhello(SSL *ssl, CBB *out) {
- if (!ssl->s3->session_reused) {
+int ssl_ext_pre_shared_key_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
+ if (!hs->ssl->s3->session_reused) {
return 1;
}
@@ -2260,9 +2262,10 @@
return CBB_flush(out);
}
-int ssl_ext_key_share_parse_serverhello(SSL *ssl, uint8_t **out_secret,
+int ssl_ext_key_share_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t **out_secret,
size_t *out_secret_len,
uint8_t *out_alert, CBS *contents) {
+ SSL *const ssl = hs->ssl;
CBS peer_key;
uint16_t group_id;
if (!CBS_get_u16(contents, &group_id) ||
@@ -2272,28 +2275,28 @@
return 0;
}
- if (SSL_ECDH_CTX_get_id(&ssl->s3->hs->ecdh_ctx) != group_id) {
+ if (SSL_ECDH_CTX_get_id(&hs->ecdh_ctx) != group_id) {
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE);
return 0;
}
- if (!SSL_ECDH_CTX_finish(&ssl->s3->hs->ecdh_ctx, out_secret, out_secret_len,
- out_alert, CBS_data(&peer_key),
- CBS_len(&peer_key))) {
+ if (!SSL_ECDH_CTX_finish(&hs->ecdh_ctx, out_secret, out_secret_len, out_alert,
+ CBS_data(&peer_key), CBS_len(&peer_key))) {
*out_alert = SSL_AD_INTERNAL_ERROR;
return 0;
}
ssl->s3->new_session->key_exchange_info = group_id;
- SSL_ECDH_CTX_cleanup(&ssl->s3->hs->ecdh_ctx);
+ SSL_ECDH_CTX_cleanup(&hs->ecdh_ctx);
return 1;
}
-int ssl_ext_key_share_parse_clienthello(SSL *ssl, int *out_found,
+int ssl_ext_key_share_parse_clienthello(SSL_HANDSHAKE *hs, int *out_found,
uint8_t **out_secret,
size_t *out_secret_len,
uint8_t *out_alert, CBS *contents) {
+ SSL *const ssl = hs->ssl;
uint16_t group_id;
CBS key_shares;
if (!tls1_get_shared_group(ssl, &group_id)) {
@@ -2348,11 +2351,9 @@
CBB public_key;
if (!CBB_init(&public_key, 32) ||
!SSL_ECDH_CTX_init(&group, group_id) ||
- !SSL_ECDH_CTX_accept(&group, &public_key, &secret, &secret_len,
- out_alert, CBS_data(&peer_key),
- CBS_len(&peer_key)) ||
- !CBB_finish(&public_key, &ssl->s3->hs->public_key,
- &ssl->s3->hs->public_key_len)) {
+ !SSL_ECDH_CTX_accept(&group, &public_key, &secret, &secret_len, out_alert,
+ CBS_data(&peer_key), CBS_len(&peer_key)) ||
+ !CBB_finish(&public_key, &hs->public_key, &hs->public_key_len)) {
OPENSSL_free(secret);
SSL_ECDH_CTX_cleanup(&group);
CBB_cleanup(&public_key);
@@ -2368,7 +2369,8 @@
return 1;
}
-int ssl_ext_key_share_add_serverhello(SSL *ssl, CBB *out) {
+int ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
+ SSL *const ssl = hs->ssl;
uint16_t group_id;
CBB kse_bytes, public_key;
if (!tls1_get_shared_group(ssl, &group_id) ||
@@ -2376,15 +2378,14 @@
!CBB_add_u16_length_prefixed(out, &kse_bytes) ||
!CBB_add_u16(&kse_bytes, group_id) ||
!CBB_add_u16_length_prefixed(&kse_bytes, &public_key) ||
- !CBB_add_bytes(&public_key, ssl->s3->hs->public_key,
- ssl->s3->hs->public_key_len) ||
+ !CBB_add_bytes(&public_key, hs->public_key, hs->public_key_len) ||
!CBB_flush(out)) {
return 0;
}
- OPENSSL_free(ssl->s3->hs->public_key);
- ssl->s3->hs->public_key = NULL;
- ssl->s3->hs->public_key_len = 0;
+ OPENSSL_free(hs->public_key);
+ hs->public_key = NULL;
+ hs->public_key_len = 0;
ssl->s3->new_session->key_exchange_info = group_id;
return 1;
diff --git a/ssl/tls13_client.c b/ssl/tls13_client.c
index 6992b52..7319ca1 100644
--- a/ssl/tls13_client.c
+++ b/ssl/tls13_client.c
@@ -230,7 +230,7 @@
return ssl_hs_error;
}
- if (!ssl_ext_pre_shared_key_parse_serverhello(ssl, &alert,
+ if (!ssl_ext_pre_shared_key_parse_serverhello(hs, &alert,
&pre_shared_key)) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
return ssl_hs_error;
@@ -293,7 +293,7 @@
/* Resolve ECDHE and incorporate it into the secret. */
uint8_t *dhe_secret;
size_t dhe_secret_len;
- if (!ssl_ext_key_share_parse_serverhello(ssl, &dhe_secret, &dhe_secret_len,
+ if (!ssl_ext_key_share_parse_serverhello(hs, &dhe_secret, &dhe_secret_len,
&alert, &key_share)) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
return ssl_hs_error;
diff --git a/ssl/tls13_server.c b/ssl/tls13_server.c
index c1af999..9778610 100644
--- a/ssl/tls13_server.c
+++ b/ssl/tls13_server.c
@@ -71,7 +71,7 @@
uint8_t *dhe_secret;
size_t dhe_secret_len;
uint8_t alert = SSL_AD_DECODE_ERROR;
- if (!ssl_ext_key_share_parse_clienthello(ssl, &found_key_share, &dhe_secret,
+ if (!ssl_ext_key_share_parse_clienthello(hs, &found_key_share, &dhe_secret,
&dhe_secret_len, &alert,
&key_share)) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
@@ -223,7 +223,7 @@
return ssl_hs_error;
}
- if (!ssl_ext_pre_shared_key_parse_clienthello(ssl, &session, &binders,
+ if (!ssl_ext_pre_shared_key_parse_clienthello(hs, &session, &binders,
&alert, &pre_shared_key)) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
return ssl_hs_error;
@@ -388,8 +388,8 @@
!CBB_add_bytes(&body, ssl->s3->server_random, SSL3_RANDOM_SIZE) ||
!CBB_add_u16(&body, ssl_cipher_get_value(ssl->s3->tmp.new_cipher)) ||
!CBB_add_u16_length_prefixed(&body, &extensions) ||
- !ssl_ext_pre_shared_key_add_serverhello(ssl, &extensions) ||
- !ssl_ext_key_share_add_serverhello(ssl, &extensions) ||
+ !ssl_ext_pre_shared_key_add_serverhello(hs, &extensions) ||
+ !ssl_ext_key_share_add_serverhello(hs, &extensions) ||
!ssl_complete_message(ssl, &cbb)) {
goto err;
}
