Move TB state to ssl->s3.
These are connection state, so they should be reset on SSL_clear.
Change-Id: I861fe52578836615d2719c9e1ff0911c798f336e
Reviewed-on: https://boringssl-review.googlesource.com/27384
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
diff --git a/ssl/handoff.cc b/ssl/handoff.cc
index f47f997..2cbbaeb 100644
--- a/ssl/handoff.cc
+++ b/ssl/handoff.cc
@@ -155,8 +155,8 @@
hostname_len) ||
!CBB_add_asn1_octet_string(&seq, s3->tlsext_channel_id,
sizeof(s3->tlsext_channel_id)) ||
- !CBB_add_asn1_bool(&seq, ssl->token_binding_negotiated) ||
- !CBB_add_asn1_uint64(&seq, ssl->negotiated_token_binding_param) ||
+ !CBB_add_asn1_bool(&seq, ssl->s3->token_binding_negotiated) ||
+ !CBB_add_asn1_uint64(&seq, ssl->s3->negotiated_token_binding_param) ||
!CBB_add_asn1_bool(&seq, s3->hs->next_proto_neg_seen) ||
!CBB_add_asn1_bool(&seq, s3->hs->cert_request) ||
!CBB_add_asn1_bool(&seq, s3->hs->extended_master_secret) ||
@@ -274,8 +274,8 @@
s3->hostname.reset(hostname_str);
}
- ssl->token_binding_negotiated = token_binding_negotiated;
- ssl->negotiated_token_binding_param =
+ s3->token_binding_negotiated = token_binding_negotiated;
+ s3->negotiated_token_binding_param =
static_cast<uint8_t>(negotiated_token_binding_param);
s3->hs->next_proto_neg_seen = next_proto_neg_seen;
s3->hs->wait = ssl_hs_flush;
diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc
index 0b352c2..087645d 100644
--- a/ssl/handshake_client.cc
+++ b/ssl/handshake_client.cc
@@ -740,7 +740,7 @@
return ssl_hs_error;
}
- if (ssl->token_binding_negotiated &&
+ if (ssl->s3->token_binding_negotiated &&
(!hs->extended_master_secret || !ssl->s3->send_connection_binding)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_TB_WITHOUT_EMS_OR_RI);
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
diff --git a/ssl/internal.h b/ssl/internal.h
index e69b382..f4dc96f 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -2308,6 +2308,10 @@
// key_update_count is the number of consecutive KeyUpdates received.
uint8_t key_update_count = 0;
+ // The negotiated Token Binding key parameter. Only valid if
+ // |token_binding_negotiated| is set.
+ uint8_t negotiated_token_binding_param = 0;
+
// skip_early_data instructs the record layer to skip unexpected early data
// messages when 0RTT is rejected.
bool skip_early_data:1;
@@ -2357,6 +2361,9 @@
// fired, were it not a draft.
bool draft_downgrade:1;
+ // token_binding_negotiated is set if Token Binding was negotiated.
+ bool token_binding_negotiated:1;
+
// hs_buf is the buffer of handshake data to process.
UniquePtr<BUF_MEM> hs_buf;
@@ -2680,10 +2687,6 @@
uint8_t *token_binding_params;
size_t token_binding_params_len;
- // The negotiated Token Binding key parameter. Only valid if
- // |token_binding_negotiated| is set.
- uint8_t negotiated_token_binding_param;
-
// Contains the QUIC transport params that this endpoint will send.
uint8_t *quic_transport_params;
size_t quic_transport_params_len;
@@ -2715,9 +2718,6 @@
// we'll advertise support.
bool tlsext_channel_id_enabled:1;
- // token_binding_negotiated is set if Token Binding was negotiated.
- bool token_binding_negotiated:1;
-
// retain_only_sha256_of_client_certs is true if we should compute the SHA256
// hash of the peer's certificate and then discard it to save memory and
// session space. Only effective on the server side.
diff --git a/ssl/s3_lib.cc b/ssl/s3_lib.cc
index a3fc8d7..baa5a17 100644
--- a/ssl/s3_lib.cc
+++ b/ssl/s3_lib.cc
@@ -177,7 +177,8 @@
key_update_pending(false),
wpend_pending(false),
early_data_accepted(false),
- draft_downgrade(false) {}
+ draft_downgrade(false),
+ token_binding_negotiated(false) {}
SSL3_STATE::~SSL3_STATE() {}
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 6312504..14fb0ff 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -2164,11 +2164,11 @@
}
int SSL_is_token_binding_negotiated(const SSL *ssl) {
- return ssl->token_binding_negotiated;
+ return ssl->s3->token_binding_negotiated;
}
uint8_t SSL_get_negotiated_token_binding_param(const SSL *ssl) {
- return ssl->negotiated_token_binding_param;
+ return ssl->s3->negotiated_token_binding_param;
}
size_t SSL_get0_certificate_types(SSL *ssl, const uint8_t **out_types) {
diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index 97c0c4b..2d3a664 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc
@@ -2528,8 +2528,8 @@
for (size_t i = 0; i < ssl->token_binding_params_len; ++i) {
if (param == ssl->token_binding_params[i]) {
- ssl->negotiated_token_binding_param = param;
- ssl->token_binding_negotiated = true;
+ ssl->s3->negotiated_token_binding_param = param;
+ ssl->s3->token_binding_negotiated = true;
return true;
}
}
@@ -2547,7 +2547,7 @@
uint8_t tb_param = ssl->token_binding_params[i];
for (uint8_t peer_param : peer_params) {
if (tb_param == peer_param) {
- ssl->negotiated_token_binding_param = tb_param;
+ ssl->s3->negotiated_token_binding_param = tb_param;
return true;
}
}
@@ -2587,14 +2587,14 @@
return true;
}
- ssl->token_binding_negotiated = true;
+ ssl->s3->token_binding_negotiated = true;
return true;
}
static bool ext_token_binding_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
- if (!ssl->token_binding_negotiated) {
+ if (!ssl->s3->token_binding_negotiated) {
return true;
}
@@ -2603,7 +2603,7 @@
!CBB_add_u16_length_prefixed(out, &contents) ||
!CBB_add_u16(&contents, hs->negotiated_token_binding_version) ||
!CBB_add_u8_length_prefixed(&contents, ¶ms) ||
- !CBB_add_u8(¶ms, ssl->negotiated_token_binding_param) ||
+ !CBB_add_u8(¶ms, ssl->s3->negotiated_token_binding_param) ||
!CBB_flush(out)) {
return false;
}
@@ -3220,7 +3220,7 @@
static int ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
- if (ssl->token_binding_negotiated &&
+ if (ssl->s3->token_binding_negotiated &&
!(SSL_get_secure_renegotiation_support(ssl) &&
SSL_get_extms_support(ssl))) {
OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_TB_WITHOUT_EMS_OR_RI);
diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc
index aa05456..6e328b8 100644
--- a/ssl/tls13_client.cc
+++ b/ssl/tls13_client.cc
@@ -436,7 +436,7 @@
return ssl_hs_error;
}
if (ssl->s3->tlsext_channel_id_valid || hs->received_custom_extension ||
- ssl->token_binding_negotiated) {
+ ssl->s3->token_binding_negotiated) {
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION_ON_EARLY_DATA);
return ssl_hs_error;
}
diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc
index 3bd6786..9d7f5e0 100644
--- a/ssl/tls13_server.cc
+++ b/ssl/tls13_server.cc
@@ -391,7 +391,7 @@
// Channel ID is incompatible with 0-RTT.
!ssl->s3->tlsext_channel_id_valid &&
// If Token Binding is negotiated, reject 0-RTT.
- !ssl->token_binding_negotiated &&
+ !ssl->s3->token_binding_negotiated &&
// Custom extensions is incompatible with 0-RTT.
hs->custom_extensions.received == 0 &&
// The negotiated ALPN must match the one in the ticket.
