Pass explicit hs parameters to kExtensions callbacks.

This takes care of many of the explicit ssl->s3->hs accesses. Change-Id: I380fae959f3a7021d6de9d19a4ca451b9a0aefe5 Reviewed-on: https://boringssl-review.googlesource.com/12317 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-12-03 02:20:34 -05:00 · 2016-12-03 02:20:34 -05:00 · 8c880a2b95
commit 8c880a2b95
parent 7b668a873e
6 changed files with 244 additions and 188 deletions
--- a/ssl/handshake_client.c
+++ b/ssl/handshake_client.c
@ -658,7 +658,8 @@ static int ssl_write_client_cipher_list(SSL *ssl, CBB *out,
  return CBB_flush(out);
 }

-int ssl_write_client_hello(SSL *ssl) {
+int ssl_write_client_hello(SSL_HANDSHAKE *hs) {
+  SSL *const ssl = hs->ssl;
  uint16_t min_version, max_version;
  if (!ssl_get_version_range(ssl, &min_version, &max_version)) {
    return 0;
@ -695,7 +696,7 @@ int ssl_write_client_hello(SSL *ssl) {
  if (!ssl_write_client_cipher_list(ssl, &body, min_version, max_version) ||
      !CBB_add_u8(&body, 1 /* one compression method */) ||
      !CBB_add_u8(&body, 0 /* null compression */) ||
-      !ssl_add_clienthello_tlsext(ssl, &body, header_len + CBB_len(&body))) {
+      !ssl_add_clienthello_tlsext(hs, &body, header_len + CBB_len(&body))) {
    goto err;
  }

@ -707,7 +708,7 @@ int ssl_write_client_hello(SSL *ssl) {

  /* Now that the length prefixes have been computed, fill in the placeholder
   * PSK binder. */
-  if (ssl->s3->hs->needs_psk_binder &&
+  if (hs->needs_psk_binder &&
      !tls13_write_psk_binder(ssl, msg, len)) {
    OPENSSL_free(msg);
    goto err;
@ -774,7 +775,7 @@ static int ssl3_send_client_hello(SSL_HANDSHAKE *hs) {
    return -1;
  }

-  if (!ssl_write_client_hello(ssl)) {
+  if (!ssl_write_client_hello(hs)) {
    return -1;
  }

@ -997,7 +998,7 @@ static int ssl3_get_server_hello(SSL_HANDSHAKE *hs) {
  }

  /* TLS extensions */
-  if (!ssl_parse_serverhello_tlsext(ssl, &server_hello)) {
+  if (!ssl_parse_serverhello_tlsext(hs, &server_hello)) {
    OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
    goto err;
  }
--- a/ssl/handshake_server.c
+++ b/ssl/handshake_server.c
@ -733,7 +733,7 @@ static int ssl3_get_client_hello(SSL_HANDSHAKE *hs) {
    }

    /* TLS extensions. */
-    if (!ssl_parse_clienthello_tlsext(ssl, &client_hello)) {
+    if (!ssl_parse_clienthello_tlsext(hs, &client_hello)) {
      OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
      goto err;
    }
@ -940,7 +940,7 @@ static int ssl3_send_server_hello(SSL_HANDSHAKE *hs) {
                     session->session_id_length) ||
      !CBB_add_u16(&body, ssl_cipher_get_value(ssl->s3->tmp.new_cipher)) ||
      !CBB_add_u8(&body, 0 /* no compression */) ||
-      !ssl_add_serverhello_tlsext(ssl, &body) ||
+      !ssl_add_serverhello_tlsext(hs, &body) ||
      !ssl_complete_message(ssl, &cbb)) {
    OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
    CBB_cleanup(&cbb);
--- a/ssl/internal.h
+++ b/ssl/internal.h
@ -1080,7 +1080,7 @@ int ssl_ext_pre_shared_key_add_serverhello(SSL *ssl, CBB *out);
 * returns one iff it's valid. */
 int ssl_is_sct_list_valid(const CBS *contents);

-int ssl_write_client_hello(SSL *ssl);
+int ssl_write_client_hello(SSL_HANDSHAKE *hs);

 /* ssl_clear_tls13_state releases client state only needed for TLS 1.3. It
 * should be called once the version is known to be TLS 1.2 or earlier. */
@ -1877,12 +1877,12 @@ int tls1_set_curves_list(uint16_t **out_group_ids, size_t *out_group_ids_len,
 * returns one on success and zero on failure. The |header_len| argument is the
 * length of the ClientHello written so far and is used to compute the padding
 * length. (It does not include the record header.) */
-int ssl_add_clienthello_tlsext(SSL *ssl, CBB *out, size_t header_len);
+int ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out, size_t header_len);

-int ssl_add_serverhello_tlsext(SSL *ssl, CBB *out);
+int ssl_add_serverhello_tlsext(SSL_HANDSHAKE *hs, CBB *out);
 int ssl_parse_clienthello_tlsext(
-    SSL *ssl, const struct ssl_early_callback_ctx *client_hello);
-int ssl_parse_serverhello_tlsext(SSL *ssl, CBS *cbs);
+    SSL_HANDSHAKE *hs, const struct ssl_early_callback_ctx *client_hello);
+int ssl_parse_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs);

 #define tlsext_tick_md EVP_sha256

--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
--- a/ssl/tls13_client.c
+++ b/ssl/tls13_client.c
@ -143,7 +143,7 @@ static enum ssl_hs_wait_t do_process_hello_retry_request(SSL_HANDSHAKE *hs) {
 }

 static enum ssl_hs_wait_t do_send_second_client_hello(SSL_HANDSHAKE *hs) {
-  if (!ssl_write_client_hello(hs->ssl)) {
+  if (!ssl_write_client_hello(hs)) {
    return ssl_hs_error;
  }

@ -328,7 +328,7 @@ static enum ssl_hs_wait_t do_process_encrypted_extensions(SSL_HANDSHAKE *hs) {

  CBS cbs;
  CBS_init(&cbs, ssl->init_msg, ssl->init_num);
-  if (!ssl_parse_serverhello_tlsext(ssl, &cbs)) {
+  if (!ssl_parse_serverhello_tlsext(hs, &cbs)) {
    OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
    return ssl_hs_error;
  }
--- a/ssl/tls13_server.c
+++ b/ssl/tls13_server.c
@ -119,7 +119,7 @@ static enum ssl_hs_wait_t do_process_client_hello(SSL_HANDSHAKE *hs) {
  }

  /* TLS extensions. */
-  if (!ssl_parse_clienthello_tlsext(ssl, &client_hello)) {
+  if (!ssl_parse_clienthello_tlsext(hs, &client_hello)) {
    OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
    return ssl_hs_error;
  }
@ -410,7 +410,7 @@ static enum ssl_hs_wait_t do_send_encrypted_extensions(SSL_HANDSHAKE *hs) {
  CBB cbb, body;
  if (!ssl->method->init_message(ssl, &cbb, &body,
                                 SSL3_MT_ENCRYPTED_EXTENSIONS) ||
-      !ssl_add_serverhello_tlsext(ssl, &body) ||
+      !ssl_add_serverhello_tlsext(hs, &body) ||
      !ssl_complete_message(ssl, &cbb)) {
    CBB_cleanup(&cbb);
    return ssl_hs_error;