Move the PQ-experiment signal to SSL_CTX.

In the case where I need it, it's easier for it to be on the context
rather than on each connection.

Change-Id: I5da2929ae6825d6b3151ccabb813cb8ad16416a1
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/36746
Commit-Queue: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 690a388..9285b3f 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -3044,7 +3044,7 @@
 // signaling bit. These functions should not be used without explicit permission
 // from BoringSSL-team.
 
-OPENSSL_EXPORT int SSL_enable_pq_experiment_signal(SSL *ssl);
+OPENSSL_EXPORT void SSL_CTX_enable_pq_experiment_signal(SSL_CTX *ctx);
 OPENSSL_EXPORT int SSL_pq_experiment_signal_seen(const SSL *ssl);
 
 
diff --git a/ssl/internal.h b/ssl/internal.h
index 2598058..85b8112 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -2588,11 +2588,6 @@
   // jdk11_workaround is whether to disable TLS 1.3 for JDK 11 clients, as a
   // workaround for https://bugs.openjdk.java.net/browse/JDK-8211806.
   bool jdk11_workaround : 1;
-
-  // pq_experiment_signal indicates that an empty extension should be sent
-  // (for clients) or echoed (for servers) to indicate participation in an
-  // experiment of post-quantum key exchanges.
-  bool pq_experiment_signal : 1;
 };
 
 // From RFC 8446, used in determining PSK modes.
@@ -3193,6 +3188,11 @@
   // If enable_early_data is true, early data can be sent and accepted.
   bool enable_early_data : 1;
 
+  // pq_experiment_signal indicates that an empty extension should be sent
+  // (for clients) or echoed (for servers) to indicate participation in an
+  // experiment of post-quantum key exchanges.
+  bool pq_experiment_signal : 1;
+
  private:
   ~ssl_ctx_st();
   friend void SSL_CTX_free(SSL_CTX *);
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 45ed62f..00ee7da 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -569,7 +569,8 @@
       false_start_allowed_without_alpn(false),
       ignore_tls13_downgrade(false),
       handoff(false),
-      enable_early_data(false) {
+      enable_early_data(false),
+      pq_experiment_signal(false) {
   CRYPTO_MUTEX_init(&lock);
   CRYPTO_new_ex_data(&ex_data);
 }
@@ -734,8 +735,7 @@
       handoff(false),
       shed_handshake_config(false),
       ignore_tls13_downgrade(false),
-      jdk11_workaround(false),
-      pq_experiment_signal(false) {
+      jdk11_workaround(false) {
   assert(ssl);
 }
 
@@ -1246,12 +1246,8 @@
   return ssl_send_alert_impl(ssl, SSL3_AL_FATAL, alert);
 }
 
-int SSL_enable_pq_experiment_signal(SSL *ssl) {
-  if (!ssl->config) {
-    return 0;
-  }
-  ssl->config->pq_experiment_signal = true;
-  return 1;
+void SSL_CTX_enable_pq_experiment_signal(SSL_CTX *ctx) {
+  ctx->pq_experiment_signal = true;
 }
 
 int SSL_pq_experiment_signal_seen(const SSL *ssl) {
diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index c05e2c6..88685c8 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc
@@ -2894,7 +2894,7 @@
 
 static bool ext_pq_experiment_signal_add_clienthello(SSL_HANDSHAKE *hs,
                                                      CBB *out) {
-  if (hs->config->pq_experiment_signal &&
+  if (hs->ssl->ctx->pq_experiment_signal &&
       (!CBB_add_u16(out, TLSEXT_TYPE_pq_experiment_signal) ||
        !CBB_add_u16(out, 0))) {
     return false;
@@ -2910,7 +2910,7 @@
     return true;
   }
 
-  if (!hs->config->pq_experiment_signal || CBS_len(contents) != 0) {
+  if (!hs->ssl->ctx->pq_experiment_signal || CBS_len(contents) != 0) {
     return false;
   }
 
@@ -2929,7 +2929,7 @@
     return false;
   }
 
-  if (hs->ssl->config->pq_experiment_signal) {
+  if (hs->ssl->ctx->pq_experiment_signal) {
     hs->ssl->s3->pq_experiment_signal_seen = true;
   }
 
diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc
index 8de81f5..19f94ba 100644
--- a/ssl/test/test_config.cc
+++ b/ssl/test/test_config.cc
@@ -1346,6 +1346,10 @@
     SSL_CTX_set_options(ssl_ctx.get(), SSL_OP_CIPHER_SERVER_PREFERENCE);
   }
 
+  if (enable_pq_experiment_signal) {
+    SSL_CTX_enable_pq_experiment_signal(ssl_ctx.get());
+  }
+
   return ssl_ctx;
 }
 
@@ -1716,11 +1720,5 @@
     }
   }
 
-  if (enable_pq_experiment_signal &&
-      !SSL_enable_pq_experiment_signal(ssl.get())) {
-    fprintf(stderr, "SSL_enable_pq_experiment_signal failed.\n");
-    return nullptr;
-  }
-
   return ssl;
 }