commit a4c8ff01903c56277d4218341e9a68864bc6aea9
author David Benjamin <davidben@google.com> Sat Oct 08 02:49:01 2016 -0400
committer Adam Langley <agl@google.com> Sun Oct 09 17:30:32 2016 +0000
tree 82de28728369687bc0fee86c3b71e7d97d7815db
parent 43612b6bc742dc4ac242b8e5a10a9f34da29d7d5

Move TLS 1.2 key exchange fields to SSL_HANDSHAKE.

SSL_HANDSHAKE is dropped after the handshake, so I've removed the logic
around smaller sizes. It's much simpler when we can use CBS_stow and
CBB_finish without extra bounds-checking.

Change-Id: Idafaa5d69e171aed9a8759f3d44e52cb01c40f39
Reviewed-on: https://boringssl-review.googlesource.com/11567
Reviewed-by: Adam Langley <agl@google.com>

ssl/internal.h

diff --git a/ssl/internal.h b/ssl/internal.h
index 591e6ab..0243ac4 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -919,7 +919,7 @@
     uint16_t received;
   } custom_extensions;
 
-  /* ecdh_ctx is the active client ECDH offer in TLS 1.3. */
+  /* ecdh_ctx is the current ECDH instance. */
   SSL_ECDH_CTX ecdh_ctx;
 
   /* retry_group is the group ID selected by the server in HelloRetryRequest in
@@ -949,6 +949,15 @@
   uint16_t *peer_supported_group_list;
   size_t peer_supported_group_list_len;
 
+  /* peer_key is the peer's ECDH key for a TLS 1.2 client. */
+  uint8_t *peer_key;
+  size_t peer_key_len;
+
+  /* server_params, in TLS 1.2, stores the ServerKeyExchange parameters to be
+   * signed while the signature is being computed. */
+  uint8_t *server_params;
+  size_t server_params_len;
+
   /* session_tickets_sent, in TLS 1.3, is the number of tickets the server has
    * sent. */
   uint8_t session_tickets_sent;