Move extensions bitmasks into SSL_HANDSHAKE.
Change-Id: I3ab30a44b7f90ef1159e022cd17b7f50ffe27a93
Reviewed-on: https://boringssl-review.googlesource.com/11522
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index f920ce6..a81dd7a 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -4337,27 +4337,6 @@
int reuse_message;
- union {
- /* sent is a bitset where the bits correspond to elements of kExtensions
- * in t1_lib.c. Each bit is set if that extension was sent in a
- * ClientHello. It's not used by servers. */
- uint32_t sent;
- /* received is a bitset, like |sent|, but is used by servers to record
- * which extensions were received from a client. */
- uint32_t received;
- } extensions;
-
- union {
- /* sent is a bitset where the bits correspond to elements of
- * |client_custom_extensions| in the |SSL_CTX|. Each bit is set if that
- * extension was sent in a ClientHello. It's not used by servers. */
- uint16_t sent;
- /* received is a bitset, like |sent|, but is used by servers to record
- * which custom extensions were received from a client. The bits here
- * correspond to |server_custom_extensions|. */
- uint16_t received;
- } custom_extensions;
-
uint8_t *key_block;
uint8_t key_block_length;
diff --git a/ssl/custom_extensions.c b/ssl/custom_extensions.c
index ed802ee..780cdc6 100644
--- a/ssl/custom_extensions.c
+++ b/ssl/custom_extensions.c
@@ -72,7 +72,7 @@
const SSL_CUSTOM_EXTENSION *ext = sk_SSL_CUSTOM_EXTENSION_value(stack, i);
if (ssl->server &&
- !(ssl->s3->tmp.custom_extensions.received & (1u << i))) {
+ !(ssl->s3->hs->custom_extensions.received & (1u << i))) {
/* Servers cannot echo extensions that the client didn't send. */
continue;
}
@@ -102,8 +102,8 @@
}
if (!ssl->server) {
- assert((ssl->s3->tmp.custom_extensions.sent & (1u << i)) == 0);
- ssl->s3->tmp.custom_extensions.sent |= (1u << i);
+ assert((ssl->s3->hs->custom_extensions.sent & (1u << i)) == 0);
+ ssl->s3->hs->custom_extensions.sent |= (1u << i);
}
break;
@@ -134,7 +134,7 @@
if (/* Unknown extensions are not allowed in a ServerHello. */
ext == NULL ||
/* Also, if we didn't send the extension, that's also unacceptable. */
- !(ssl->s3->tmp.custom_extensions.sent & (1u << index))) {
+ !(ssl->s3->hs->custom_extensions.sent & (1u << index))) {
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
ERR_add_error_dataf("extension: %u", (unsigned)value);
*out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
@@ -162,8 +162,8 @@
return 1;
}
- assert((ssl->s3->tmp.custom_extensions.received & (1u << index)) == 0);
- ssl->s3->tmp.custom_extensions.received |= (1u << index);
+ assert((ssl->s3->hs->custom_extensions.received & (1u << index)) == 0);
+ ssl->s3->hs->custom_extensions.received |= (1u << index);
if (ext->parse_callback &&
!ext->parse_callback(ssl, value, CBS_data(extension), CBS_len(extension),
@@ -184,7 +184,7 @@
* can be set on an |SSL_CTX|. It's determined by the size of the bitset used
* to track when an extension has been sent. */
#define MAX_NUM_CUSTOM_EXTENSIONS \
- (sizeof(((struct ssl3_state_st *)NULL)->tmp.custom_extensions.sent) * 8)
+ (sizeof(((SSL_HANDSHAKE *)NULL)->custom_extensions.sent) * 8)
static int custom_ext_append(STACK_OF(SSL_CUSTOM_EXTENSION) **stack,
unsigned extension_value,
diff --git a/ssl/internal.h b/ssl/internal.h
index e3c2668..1766775 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -898,6 +898,27 @@
uint8_t secret[EVP_MAX_MD_SIZE];
uint8_t traffic_secret_0[EVP_MAX_MD_SIZE];
+ union {
+ /* sent is a bitset where the bits correspond to elements of kExtensions
+ * in t1_lib.c. Each bit is set if that extension was sent in a
+ * ClientHello. It's not used by servers. */
+ uint32_t sent;
+ /* received is a bitset, like |sent|, but is used by servers to record
+ * which extensions were received from a client. */
+ uint32_t received;
+ } extensions;
+
+ union {
+ /* sent is a bitset where the bits correspond to elements of
+ * |client_custom_extensions| in the |SSL_CTX|. Each bit is set if that
+ * extension was sent in a ClientHello. It's not used by servers. */
+ uint16_t sent;
+ /* received is a bitset, like |sent|, but is used by servers to record
+ * which custom extensions were received from a client. The bits here
+ * correspond to |server_custom_extensions|. */
+ uint16_t received;
+ } custom_extensions;
+
/* ecdh_ctx is the active client ECDH offer in TLS 1.3. */
SSL_ECDH_CTX ecdh_ctx;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 3dbfb5e..efb3347 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2604,12 +2604,11 @@
#define kNumExtensions (sizeof(kExtensions) / sizeof(struct tls_extension))
OPENSSL_COMPILE_ASSERT(kNumExtensions <=
- sizeof(((SSL *)NULL)->s3->tmp.extensions.sent) * 8,
+ sizeof(((SSL_HANDSHAKE *)NULL)->extensions.sent) * 8,
too_many_extensions_for_sent_bitset);
-OPENSSL_COMPILE_ASSERT(kNumExtensions <=
- sizeof(((SSL *)NULL)->s3->tmp.extensions.received) *
- 8,
- too_many_extensions_for_received_bitset);
+OPENSSL_COMPILE_ASSERT(
+ kNumExtensions <= sizeof(((SSL_HANDSHAKE *)NULL)->extensions.received) * 8,
+ too_many_extensions_for_received_bitset);
static const struct tls_extension *tls_extension_find(uint32_t *out_index,
uint16_t value) {
@@ -2642,8 +2641,8 @@
goto err;
}
- ssl->s3->tmp.extensions.sent = 0;
- ssl->s3->tmp.custom_extensions.sent = 0;
+ ssl->s3->hs->extensions.sent = 0;
+ ssl->s3->hs->custom_extensions.sent = 0;
for (size_t i = 0; i < kNumExtensions; i++) {
if (kExtensions[i].init != NULL) {
@@ -2670,7 +2669,7 @@
}
if (CBB_len(&extensions) != len_before) {
- ssl->s3->tmp.extensions.sent |= (1u << i);
+ ssl->s3->hs->extensions.sent |= (1u << i);
}
}
@@ -2745,7 +2744,7 @@
unsigned i;
for (i = 0; i < kNumExtensions; i++) {
- if (!(ssl->s3->tmp.extensions.received & (1u << i))) {
+ if (!(ssl->s3->hs->extensions.received & (1u << i))) {
/* Don't send extensions that were not received. */
continue;
}
@@ -2783,8 +2782,8 @@
}
}
- ssl->s3->tmp.extensions.received = 0;
- ssl->s3->tmp.custom_extensions.received = 0;
+ ssl->s3->hs->extensions.received = 0;
+ ssl->s3->hs->custom_extensions.received = 0;
CBS extensions;
CBS_init(&extensions, client_hello->extensions, client_hello->extensions_len);
@@ -2817,7 +2816,7 @@
continue;
}
- ssl->s3->tmp.extensions.received |= (1u << ext_index);
+ ssl->s3->hs->extensions.received |= (1u << ext_index);
uint8_t alert = SSL_AD_DECODE_ERROR;
if (!ext->parse_clienthello(ssl, &alert, &extension)) {
*out_alert = alert;
@@ -2828,7 +2827,7 @@
}
for (size_t i = 0; i < kNumExtensions; i++) {
- if (ssl->s3->tmp.extensions.received & (1u << i)) {
+ if (ssl->s3->hs->extensions.received & (1u << i)) {
continue;
}
@@ -2842,7 +2841,7 @@
CBS_init(&fake_contents, kFakeRenegotiateExtension,
sizeof(kFakeRenegotiateExtension));
contents = &fake_contents;
- ssl->s3->tmp.extensions.received |= (1u << i);
+ ssl->s3->hs->extensions.received |= (1u << i);
}
/* Extension wasn't observed so call the callback with a NULL
@@ -2914,7 +2913,7 @@
continue;
}
- if (!(ssl->s3->tmp.extensions.sent & (1u << ext_index)) &&
+ if (!(ssl->s3->hs->extensions.sent & (1u << ext_index)) &&
type != TLSEXT_TYPE_renegotiate) {
/* If the extension was never sent then it is illegal, except for the
* renegotiation extension which, in SSL 3.0, is signaled via SCSV. */
