Browse Source
Pass explicit hs parameters to ssl_ext_*.
Change-Id: I84a8ff1d717f3291403f6fc49668c84f89b910da Reviewed-on: https://boringssl-review.googlesource.com/12342 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>kris/onging/CECPQ3_patch15
David Benjamin
8 years ago
committed by
CQ bot account: commit-bot@chromium.org
CQ bot account: commit-bot@chromium.org
4 changed files with 36 additions and 35 deletions
Split View
Diff Options
-
+7 -7ssl/internal.h
-
+23 -22ssl/t1_lib.c
-
+2 -2ssl/tls13_client.c
-
+4 -4ssl/tls13_server.c
+ 7
- 7
ssl/internal.h
View File
| @@ -1061,22 +1061,22 @@ enum ssl_private_key_result_t tls13_prepare_certificate_verify( | |||
| int tls13_prepare_finished(SSL_HANDSHAKE *hs); | |||
| int tls13_process_new_session_ticket(SSL *ssl); | |||
| int ssl_ext_key_share_parse_serverhello(SSL *ssl, uint8_t **out_secret, | |||
| int ssl_ext_key_share_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t **out_secret, | |||
| size_t *out_secret_len, | |||
| uint8_t *out_alert, CBS *contents); | |||
| int ssl_ext_key_share_parse_clienthello(SSL *ssl, int *out_found, | |||
| int ssl_ext_key_share_parse_clienthello(SSL_HANDSHAKE *hs, int *out_found, | |||
| uint8_t **out_secret, | |||
| size_t *out_secret_len, | |||
| uint8_t *out_alert, CBS *contents); | |||
| int ssl_ext_key_share_add_serverhello(SSL *ssl, CBB *out); | |||
| int ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out); | |||
| int ssl_ext_pre_shared_key_parse_serverhello(SSL *ssl, uint8_t *out_alert, | |||
| CBS *contents); | |||
| int ssl_ext_pre_shared_key_parse_clienthello(SSL *ssl, | |||
| int ssl_ext_pre_shared_key_parse_serverhello(SSL_HANDSHAKE *hs, | |||
| uint8_t *out_alert, CBS *contents); | |||
| int ssl_ext_pre_shared_key_parse_clienthello(SSL_HANDSHAKE *hs, | |||
| SSL_SESSION **out_session, | |||
| CBS *out_binders, | |||
| uint8_t *out_alert, CBS *contents); | |||
| int ssl_ext_pre_shared_key_add_serverhello(SSL *ssl, CBB *out); | |||
| int ssl_ext_pre_shared_key_add_serverhello(SSL_HANDSHAKE *hs, CBB *out); | |||
| /* ssl_is_sct_list_valid does a shallow parse of the SCT list in |contents| and | |||
| * returns one iff it's valid. */ | |||
+ 23
- 22
ssl/t1_lib.c
View File
| @@ -1990,7 +1990,8 @@ static int ext_pre_shared_key_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { | |||
| return CBB_flush(out); | |||
| } | |||
| int ssl_ext_pre_shared_key_parse_serverhello(SSL *ssl, uint8_t *out_alert, | |||
| int ssl_ext_pre_shared_key_parse_serverhello(SSL_HANDSHAKE *hs, | |||
| uint8_t *out_alert, | |||
| CBS *contents) { | |||
| uint16_t psk_id; | |||
| if (!CBS_get_u16(contents, &psk_id) || | |||
| @@ -2010,11 +2011,12 @@ int ssl_ext_pre_shared_key_parse_serverhello(SSL *ssl, uint8_t *out_alert, | |||
| return 1; | |||
| } | |||
| int ssl_ext_pre_shared_key_parse_clienthello(SSL *ssl, | |||
| int ssl_ext_pre_shared_key_parse_clienthello(SSL_HANDSHAKE *hs, | |||
| SSL_SESSION **out_session, | |||
| CBS *out_binders, | |||
| uint8_t *out_alert, | |||
| CBS *contents) { | |||
| SSL *const ssl = hs->ssl; | |||
| /* We only process the first PSK identity since we don't support pure PSK. */ | |||
| uint32_t obfuscated_ticket_age; | |||
| CBS identities, ticket, binders; | |||
| @@ -2081,8 +2083,8 @@ int ssl_ext_pre_shared_key_parse_clienthello(SSL *ssl, | |||
| return 1; | |||
| } | |||
| int ssl_ext_pre_shared_key_add_serverhello(SSL *ssl, CBB *out) { | |||
| if (!ssl->s3->session_reused) { | |||
| int ssl_ext_pre_shared_key_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { | |||
| if (!hs->ssl->s3->session_reused) { | |||
| return 1; | |||
| } | |||
| @@ -2260,9 +2262,10 @@ static int ext_key_share_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { | |||
| return CBB_flush(out); | |||
| } | |||
| int ssl_ext_key_share_parse_serverhello(SSL *ssl, uint8_t **out_secret, | |||
| int ssl_ext_key_share_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t **out_secret, | |||
| size_t *out_secret_len, | |||
| uint8_t *out_alert, CBS *contents) { | |||
| SSL *const ssl = hs->ssl; | |||
| CBS peer_key; | |||
| uint16_t group_id; | |||
| if (!CBS_get_u16(contents, &group_id) || | |||
| @@ -2272,28 +2275,28 @@ int ssl_ext_key_share_parse_serverhello(SSL *ssl, uint8_t **out_secret, | |||
| return 0; | |||
| } | |||
| if (SSL_ECDH_CTX_get_id(&ssl->s3->hs->ecdh_ctx) != group_id) { | |||
| if (SSL_ECDH_CTX_get_id(&hs->ecdh_ctx) != group_id) { | |||
| *out_alert = SSL_AD_ILLEGAL_PARAMETER; | |||
| OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE); | |||
| return 0; | |||
| } | |||
| if (!SSL_ECDH_CTX_finish(&ssl->s3->hs->ecdh_ctx, out_secret, out_secret_len, | |||
| out_alert, CBS_data(&peer_key), | |||
| CBS_len(&peer_key))) { | |||
| if (!SSL_ECDH_CTX_finish(&hs->ecdh_ctx, out_secret, out_secret_len, out_alert, | |||
| CBS_data(&peer_key), CBS_len(&peer_key))) { | |||
| *out_alert = SSL_AD_INTERNAL_ERROR; | |||
| return 0; | |||
| } | |||
| ssl->s3->new_session->key_exchange_info = group_id; | |||
| SSL_ECDH_CTX_cleanup(&ssl->s3->hs->ecdh_ctx); | |||
| SSL_ECDH_CTX_cleanup(&hs->ecdh_ctx); | |||
| return 1; | |||
| } | |||
| int ssl_ext_key_share_parse_clienthello(SSL *ssl, int *out_found, | |||
| int ssl_ext_key_share_parse_clienthello(SSL_HANDSHAKE *hs, int *out_found, | |||
| uint8_t **out_secret, | |||
| size_t *out_secret_len, | |||
| uint8_t *out_alert, CBS *contents) { | |||
| SSL *const ssl = hs->ssl; | |||
| uint16_t group_id; | |||
| CBS key_shares; | |||
| if (!tls1_get_shared_group(ssl, &group_id)) { | |||
| @@ -2348,11 +2351,9 @@ int ssl_ext_key_share_parse_clienthello(SSL *ssl, int *out_found, | |||
| CBB public_key; | |||
| if (!CBB_init(&public_key, 32) || | |||
| !SSL_ECDH_CTX_init(&group, group_id) || | |||
| !SSL_ECDH_CTX_accept(&group, &public_key, &secret, &secret_len, | |||
| out_alert, CBS_data(&peer_key), | |||
| CBS_len(&peer_key)) || | |||
| !CBB_finish(&public_key, &ssl->s3->hs->public_key, | |||
| &ssl->s3->hs->public_key_len)) { | |||
| !SSL_ECDH_CTX_accept(&group, &public_key, &secret, &secret_len, out_alert, | |||
| CBS_data(&peer_key), CBS_len(&peer_key)) || | |||
| !CBB_finish(&public_key, &hs->public_key, &hs->public_key_len)) { | |||
| OPENSSL_free(secret); | |||
| SSL_ECDH_CTX_cleanup(&group); | |||
| CBB_cleanup(&public_key); | |||
| @@ -2368,7 +2369,8 @@ int ssl_ext_key_share_parse_clienthello(SSL *ssl, int *out_found, | |||
| return 1; | |||
| } | |||
| int ssl_ext_key_share_add_serverhello(SSL *ssl, CBB *out) { | |||
| int ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { | |||
| SSL *const ssl = hs->ssl; | |||
| uint16_t group_id; | |||
| CBB kse_bytes, public_key; | |||
| if (!tls1_get_shared_group(ssl, &group_id) || | |||
| @@ -2376,15 +2378,14 @@ int ssl_ext_key_share_add_serverhello(SSL *ssl, CBB *out) { | |||
| !CBB_add_u16_length_prefixed(out, &kse_bytes) || | |||
| !CBB_add_u16(&kse_bytes, group_id) || | |||
| !CBB_add_u16_length_prefixed(&kse_bytes, &public_key) || | |||
| !CBB_add_bytes(&public_key, ssl->s3->hs->public_key, | |||
| ssl->s3->hs->public_key_len) || | |||
| !CBB_add_bytes(&public_key, hs->public_key, hs->public_key_len) || | |||
| !CBB_flush(out)) { | |||
| return 0; | |||
| } | |||
| OPENSSL_free(ssl->s3->hs->public_key); | |||
| ssl->s3->hs->public_key = NULL; | |||
| ssl->s3->hs->public_key_len = 0; | |||
| OPENSSL_free(hs->public_key); | |||
| hs->public_key = NULL; | |||
| hs->public_key_len = 0; | |||
| ssl->s3->new_session->key_exchange_info = group_id; | |||
| return 1; | |||
+ 2
- 2
ssl/tls13_client.c
View File
| @@ -230,7 +230,7 @@ static enum ssl_hs_wait_t do_process_server_hello(SSL_HANDSHAKE *hs) { | |||
| return ssl_hs_error; | |||
| } | |||
| if (!ssl_ext_pre_shared_key_parse_serverhello(ssl, &alert, | |||
| if (!ssl_ext_pre_shared_key_parse_serverhello(hs, &alert, | |||
| &pre_shared_key)) { | |||
| ssl3_send_alert(ssl, SSL3_AL_FATAL, alert); | |||
| return ssl_hs_error; | |||
| @@ -293,7 +293,7 @@ static enum ssl_hs_wait_t do_process_server_hello(SSL_HANDSHAKE *hs) { | |||
| /* Resolve ECDHE and incorporate it into the secret. */ | |||
| uint8_t *dhe_secret; | |||
| size_t dhe_secret_len; | |||
| if (!ssl_ext_key_share_parse_serverhello(ssl, &dhe_secret, &dhe_secret_len, | |||
| if (!ssl_ext_key_share_parse_serverhello(hs, &dhe_secret, &dhe_secret_len, | |||
| &alert, &key_share)) { | |||
| ssl3_send_alert(ssl, SSL3_AL_FATAL, alert); | |||
| return ssl_hs_error; | |||
+ 4
- 4
ssl/tls13_server.c
View File
| @@ -71,7 +71,7 @@ static int resolve_ecdhe_secret(SSL_HANDSHAKE *hs, int *out_need_retry, | |||
| uint8_t *dhe_secret; | |||
| size_t dhe_secret_len; | |||
| uint8_t alert = SSL_AD_DECODE_ERROR; | |||
| if (!ssl_ext_key_share_parse_clienthello(ssl, &found_key_share, &dhe_secret, | |||
| if (!ssl_ext_key_share_parse_clienthello(hs, &found_key_share, &dhe_secret, | |||
| &dhe_secret_len, &alert, | |||
| &key_share)) { | |||
| ssl3_send_alert(ssl, SSL3_AL_FATAL, alert); | |||
| @@ -223,7 +223,7 @@ static enum ssl_hs_wait_t do_select_parameters(SSL_HANDSHAKE *hs) { | |||
| return ssl_hs_error; | |||
| } | |||
| if (!ssl_ext_pre_shared_key_parse_clienthello(ssl, &session, &binders, | |||
| if (!ssl_ext_pre_shared_key_parse_clienthello(hs, &session, &binders, | |||
| &alert, &pre_shared_key)) { | |||
| ssl3_send_alert(ssl, SSL3_AL_FATAL, alert); | |||
| return ssl_hs_error; | |||
| @@ -388,8 +388,8 @@ static enum ssl_hs_wait_t do_send_server_hello(SSL_HANDSHAKE *hs) { | |||
| !CBB_add_bytes(&body, ssl->s3->server_random, SSL3_RANDOM_SIZE) || | |||
| !CBB_add_u16(&body, ssl_cipher_get_value(ssl->s3->tmp.new_cipher)) || | |||
| !CBB_add_u16_length_prefixed(&body, &extensions) || | |||
| !ssl_ext_pre_shared_key_add_serverhello(ssl, &extensions) || | |||
| !ssl_ext_key_share_add_serverhello(ssl, &extensions) || | |||
| !ssl_ext_pre_shared_key_add_serverhello(hs, &extensions) || | |||
| !ssl_ext_key_share_add_serverhello(hs, &extensions) || | |||
| !ssl_complete_message(ssl, &cbb)) { | |||
| goto err; | |||
| } | |||