Google Git
Sign in
boringssl / boringssl / 02e6256b16b54319b1c01d4133ca3317e82b2dbb^! / .
commit02e6256b16b54319b1c01d4133ca3317e82b2dbb[log] [tgz]
authorDavid Benjamin <davidben@google.com>Mon Dec 18 18:04:01 2017 -0500
committerCQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>Tue Dec 19 15:44:38 2017 +0000
tree2355334393d31391b3097c72112186b45c8ac87f
parenta0c87adbf0bc23810895ebd7f131790f137d2f6d [diff]
Move early_data_accepted to ssl->s3.

This is connection state, not configuration, so it must live on
ssl->s3, otherwise SSL_clear will be confused.

Change-Id: Id7c87ced5248d3953e37946e2d0673d66bfedb08
Reviewed-on: https://boringssl-review.googlesource.com/24264
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/ssl/internal.h b/ssl/internal.h
index 4151d2b..ae0e593 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h

@@ -2297,6 +2297,9 @@
   // wpend_pending is true if we have a pending write outstanding.
   bool wpend_pending:1;
 
+  // early_data_accepted is true if early data was accepted by the server.
+  bool early_data_accepted:1;
+
   uint8_t send_alert[2] = {0};
 
   // hs_buf is the buffer of handshake data to process.
@@ -2643,9 +2646,6 @@
   // hash of the peer's certificate and then discard it to save memory and
   // session space. Only effective on the server side.
   bool retain_only_sha256_of_client_certs:1;
-
-  // early_data_accepted is true if early data was accepted by the server.
-  bool early_data_accepted:1;
 };
 
 // From draft-ietf-tls-tls13-18, used in determining PSK modes.

diff --git a/ssl/s3_lib.cc b/ssl/s3_lib.cc
index b925cd7..9a17573 100644
--- a/ssl/s3_lib.cc
+++ b/ssl/s3_lib.cc

@@ -175,7 +175,8 @@
       send_connection_binding(false),
       tlsext_channel_id_valid(false),
       key_update_pending(false),
-      wpend_pending(false) {}
+      wpend_pending(false),
+      early_data_accepted(false) {}
 
 SSL3_STATE::~SSL3_STATE() {}
 

diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 6da081e..af4ffc4 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc

@@ -1187,7 +1187,7 @@
 }
 
 int SSL_early_data_accepted(const SSL *ssl) {
-  return ssl->early_data_accepted;
+  return ssl->s3->early_data_accepted;
 }
 
 void SSL_reset_early_data_reject(SSL *ssl) {

diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index 34ad410..814cce1 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc

@@ -2033,7 +2033,7 @@
     return false;
   }
 
-  ssl->early_data_accepted = true;
+  ssl->s3->early_data_accepted = true;
   return true;
 }
 
@@ -2055,7 +2055,7 @@
 }
 
 static bool ext_early_data_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
-  if (!hs->ssl->early_data_accepted) {
+  if (!hs->ssl->s3->early_data_accepted) {
     return true;
   }
 

diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc
index c230afa..8d46d9f 100644
--- a/ssl/tls13_client.cc
+++ b/ssl/tls13_client.cc

@@ -464,7 +464,7 @@
     hs->new_session->early_alpn_len = ssl->s3->alpn_selected.size();
   }
 
-  if (ssl->early_data_accepted) {
+  if (ssl->s3->early_data_accepted) {
     if (hs->early_session->cipher != hs->new_session->cipher ||
         MakeConstSpan(hs->early_session->early_alpn,
                       hs->early_session->early_alpn_len) !=
@@ -484,7 +484,7 @@
 
   ssl->method->next_message(ssl);
   hs->tls13_state = state_read_certificate_request;
-  if (hs->in_early_data && !ssl->early_data_accepted) {
+  if (hs->in_early_data && !ssl->s3->early_data_accepted) {
     return ssl_hs_early_data_rejected;
   }
   return ssl_hs_ok;
@@ -663,7 +663,7 @@
 static enum ssl_hs_wait_t do_send_end_of_early_data(SSL_HANDSHAKE *hs) {
   SSL *const ssl = hs->ssl;
 
-  if (ssl->early_data_accepted) {
+  if (ssl->s3->early_data_accepted) {
     hs->can_early_write = false;
     if (ssl_is_draft22(ssl->version)) {
       ScopedCBB cbb;

diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc
index af9167c..4651459 100644
--- a/ssl/tls13_server.cc
+++ b/ssl/tls13_server.cc

@@ -398,7 +398,7 @@
           // The negotiated ALPN must match the one in the ticket.
           ssl->s3->alpn_selected ==
               MakeConstSpan(session->early_alpn, session->early_alpn_len)) {
-        ssl->early_data_accepted = true;
+        ssl->s3->early_data_accepted = true;
       }
 
       if (hs->new_session == NULL) {
@@ -457,7 +457,7 @@
     return ssl_hs_error;
   }
 
-  if (ssl->early_data_accepted) {
+  if (ssl->s3->early_data_accepted) {
     if (!tls13_derive_early_secrets(hs)) {
       return ssl_hs_error;
     }
@@ -469,7 +469,7 @@
   bool need_retry;
   if (!resolve_ecdhe_secret(hs, &need_retry, &client_hello)) {
     if (need_retry) {
-      ssl->early_data_accepted = false;
+      ssl->s3->early_data_accepted = false;
       ssl->s3->skip_early_data = true;
       ssl->method->next_message(ssl);
       if (ssl_is_draft22(ssl->version) &&
@@ -724,7 +724,7 @@
     return ssl_hs_error;
   }
 
-  if (ssl->early_data_accepted) {
+  if (ssl->s3->early_data_accepted) {
     // If accepting 0-RTT, we send tickets half-RTT. This gets the tickets on
     // the wire sooner and also avoids triggering a write on |SSL_read| when
     // processing the client Finished. This requires computing the client
@@ -772,7 +772,7 @@
 
 static enum ssl_hs_wait_t do_read_second_client_flight(SSL_HANDSHAKE *hs) {
   SSL *const ssl = hs->ssl;
-  if (ssl->early_data_accepted) {
+  if (ssl->s3->early_data_accepted) {
     if (!tls13_set_traffic_key(ssl, evp_aead_open, hs->early_traffic_secret,
                                hs->hash_len)) {
       return ssl_hs_error;
@@ -782,7 +782,8 @@
     hs->in_early_data = true;
   }
   hs->tls13_state = state_process_end_of_early_data;
-  return ssl->early_data_accepted ? ssl_hs_read_end_of_early_data : ssl_hs_ok;
+  return ssl->s3->early_data_accepted ? ssl_hs_read_end_of_early_data
+                                      : ssl_hs_ok;
 }
 
 static enum ssl_hs_wait_t do_process_end_of_early_data(SSL_HANDSHAKE *hs) {
@@ -790,7 +791,7 @@
   if (hs->early_data_offered) {
     // If early data was not accepted, the EndOfEarlyData and ChangeCipherSpec
     // message will be in the discarded early data.
-    if (hs->ssl->early_data_accepted) {
+    if (hs->ssl->s3->early_data_accepted) {
       if (ssl_is_draft22(ssl->version)) {
         SSLMessage msg;
         if (!ssl->method->get_message(ssl, &msg)) {
@@ -813,8 +814,9 @@
                              hs->hash_len)) {
     return ssl_hs_error;
   }
-  hs->tls13_state = ssl->early_data_accepted ? state_read_client_finished
-                                             : state_read_client_certificate;
+  hs->tls13_state = ssl->s3->early_data_accepted
+                        ? state_read_client_finished
+                        : state_read_client_certificate;
   return ssl_hs_ok;
 }
 
@@ -913,14 +915,14 @@
   if (!ssl_check_message_type(ssl, msg, SSL3_MT_FINISHED) ||
       // If early data was accepted, we've already computed the client Finished
       // and derived the resumption secret.
-      !tls13_process_finished(hs, msg, ssl->early_data_accepted) ||
+      !tls13_process_finished(hs, msg, ssl->s3->early_data_accepted) ||
       // evp_aead_seal keys have already been switched.
       !tls13_set_traffic_key(ssl, evp_aead_open, hs->client_traffic_secret_0,
                              hs->hash_len)) {
     return ssl_hs_error;
   }
 
-  if (!ssl->early_data_accepted) {
+  if (!ssl->s3->early_data_accepted) {
     if (!ssl_hash_message(hs, msg) ||
         !tls13_derive_resumption_secret(hs)) {
       return ssl_hs_error;