These are connection state, so they should be reset on SSL_clear. Change-Id: I861fe52578836615d2719c9e1ff0911c798f336e Reviewed-on: https://boringssl-review.googlesource.com/27384 Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Steven Valdez <svaldez@google.com>kris/onging/CECPQ3_patch15
@@ -155,8 +155,8 @@ bool SSL_serialize_handback(const SSL *ssl, CBB *out) { | |||||
hostname_len) || | hostname_len) || | ||||
!CBB_add_asn1_octet_string(&seq, s3->tlsext_channel_id, | !CBB_add_asn1_octet_string(&seq, s3->tlsext_channel_id, | ||||
sizeof(s3->tlsext_channel_id)) || | sizeof(s3->tlsext_channel_id)) || | ||||
!CBB_add_asn1_bool(&seq, ssl->token_binding_negotiated) || | |||||
!CBB_add_asn1_uint64(&seq, ssl->negotiated_token_binding_param) || | |||||
!CBB_add_asn1_bool(&seq, ssl->s3->token_binding_negotiated) || | |||||
!CBB_add_asn1_uint64(&seq, ssl->s3->negotiated_token_binding_param) || | |||||
!CBB_add_asn1_bool(&seq, s3->hs->next_proto_neg_seen) || | !CBB_add_asn1_bool(&seq, s3->hs->next_proto_neg_seen) || | ||||
!CBB_add_asn1_bool(&seq, s3->hs->cert_request) || | !CBB_add_asn1_bool(&seq, s3->hs->cert_request) || | ||||
!CBB_add_asn1_bool(&seq, s3->hs->extended_master_secret) || | !CBB_add_asn1_bool(&seq, s3->hs->extended_master_secret) || | ||||
@@ -274,8 +274,8 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) { | |||||
s3->hostname.reset(hostname_str); | s3->hostname.reset(hostname_str); | ||||
} | } | ||||
ssl->token_binding_negotiated = token_binding_negotiated; | |||||
ssl->negotiated_token_binding_param = | |||||
s3->token_binding_negotiated = token_binding_negotiated; | |||||
s3->negotiated_token_binding_param = | |||||
static_cast<uint8_t>(negotiated_token_binding_param); | static_cast<uint8_t>(negotiated_token_binding_param); | ||||
s3->hs->next_proto_neg_seen = next_proto_neg_seen; | s3->hs->next_proto_neg_seen = next_proto_neg_seen; | ||||
s3->hs->wait = ssl_hs_flush; | s3->hs->wait = ssl_hs_flush; | ||||
@@ -740,7 +740,7 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) { | |||||
return ssl_hs_error; | return ssl_hs_error; | ||||
} | } | ||||
if (ssl->token_binding_negotiated && | |||||
if (ssl->s3->token_binding_negotiated && | |||||
(!hs->extended_master_secret || !ssl->s3->send_connection_binding)) { | (!hs->extended_master_secret || !ssl->s3->send_connection_binding)) { | ||||
OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_TB_WITHOUT_EMS_OR_RI); | OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_TB_WITHOUT_EMS_OR_RI); | ||||
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION); | ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION); | ||||
@@ -2308,6 +2308,10 @@ struct SSL3_STATE { | |||||
// key_update_count is the number of consecutive KeyUpdates received. | // key_update_count is the number of consecutive KeyUpdates received. | ||||
uint8_t key_update_count = 0; | uint8_t key_update_count = 0; | ||||
// The negotiated Token Binding key parameter. Only valid if | |||||
// |token_binding_negotiated| is set. | |||||
uint8_t negotiated_token_binding_param = 0; | |||||
// skip_early_data instructs the record layer to skip unexpected early data | // skip_early_data instructs the record layer to skip unexpected early data | ||||
// messages when 0RTT is rejected. | // messages when 0RTT is rejected. | ||||
bool skip_early_data:1; | bool skip_early_data:1; | ||||
@@ -2357,6 +2361,9 @@ struct SSL3_STATE { | |||||
// fired, were it not a draft. | // fired, were it not a draft. | ||||
bool draft_downgrade:1; | bool draft_downgrade:1; | ||||
// token_binding_negotiated is set if Token Binding was negotiated. | |||||
bool token_binding_negotiated:1; | |||||
// hs_buf is the buffer of handshake data to process. | // hs_buf is the buffer of handshake data to process. | ||||
UniquePtr<BUF_MEM> hs_buf; | UniquePtr<BUF_MEM> hs_buf; | ||||
@@ -2680,10 +2687,6 @@ struct SSLConnection { | |||||
uint8_t *token_binding_params; | uint8_t *token_binding_params; | ||||
size_t token_binding_params_len; | size_t token_binding_params_len; | ||||
// The negotiated Token Binding key parameter. Only valid if | |||||
// |token_binding_negotiated| is set. | |||||
uint8_t negotiated_token_binding_param; | |||||
// Contains the QUIC transport params that this endpoint will send. | // Contains the QUIC transport params that this endpoint will send. | ||||
uint8_t *quic_transport_params; | uint8_t *quic_transport_params; | ||||
size_t quic_transport_params_len; | size_t quic_transport_params_len; | ||||
@@ -2715,9 +2718,6 @@ struct SSLConnection { | |||||
// we'll advertise support. | // we'll advertise support. | ||||
bool tlsext_channel_id_enabled:1; | bool tlsext_channel_id_enabled:1; | ||||
// token_binding_negotiated is set if Token Binding was negotiated. | |||||
bool token_binding_negotiated:1; | |||||
// retain_only_sha256_of_client_certs is true if we should compute the SHA256 | // retain_only_sha256_of_client_certs is true if we should compute the SHA256 | ||||
// hash of the peer's certificate and then discard it to save memory and | // hash of the peer's certificate and then discard it to save memory and | ||||
// session space. Only effective on the server side. | // session space. Only effective on the server side. | ||||
@@ -177,7 +177,8 @@ SSL3_STATE::SSL3_STATE() | |||||
key_update_pending(false), | key_update_pending(false), | ||||
wpend_pending(false), | wpend_pending(false), | ||||
early_data_accepted(false), | early_data_accepted(false), | ||||
draft_downgrade(false) {} | |||||
draft_downgrade(false), | |||||
token_binding_negotiated(false) {} | |||||
SSL3_STATE::~SSL3_STATE() {} | SSL3_STATE::~SSL3_STATE() {} | ||||
@@ -2164,11 +2164,11 @@ int SSL_set_token_binding_params(SSL *ssl, const uint8_t *params, size_t len) { | |||||
} | } | ||||
int SSL_is_token_binding_negotiated(const SSL *ssl) { | int SSL_is_token_binding_negotiated(const SSL *ssl) { | ||||
return ssl->token_binding_negotiated; | |||||
return ssl->s3->token_binding_negotiated; | |||||
} | } | ||||
uint8_t SSL_get_negotiated_token_binding_param(const SSL *ssl) { | uint8_t SSL_get_negotiated_token_binding_param(const SSL *ssl) { | ||||
return ssl->negotiated_token_binding_param; | |||||
return ssl->s3->negotiated_token_binding_param; | |||||
} | } | ||||
size_t SSL_get0_certificate_types(SSL *ssl, const uint8_t **out_types) { | size_t SSL_get0_certificate_types(SSL *ssl, const uint8_t **out_types) { | ||||
@@ -2528,8 +2528,8 @@ static bool ext_token_binding_parse_serverhello(SSL_HANDSHAKE *hs, | |||||
for (size_t i = 0; i < ssl->token_binding_params_len; ++i) { | for (size_t i = 0; i < ssl->token_binding_params_len; ++i) { | ||||
if (param == ssl->token_binding_params[i]) { | if (param == ssl->token_binding_params[i]) { | ||||
ssl->negotiated_token_binding_param = param; | |||||
ssl->token_binding_negotiated = true; | |||||
ssl->s3->negotiated_token_binding_param = param; | |||||
ssl->s3->token_binding_negotiated = true; | |||||
return true; | return true; | ||||
} | } | ||||
} | } | ||||
@@ -2547,7 +2547,7 @@ static bool select_tb_param(SSL *ssl, Span<const uint8_t> peer_params) { | |||||
uint8_t tb_param = ssl->token_binding_params[i]; | uint8_t tb_param = ssl->token_binding_params[i]; | ||||
for (uint8_t peer_param : peer_params) { | for (uint8_t peer_param : peer_params) { | ||||
if (tb_param == peer_param) { | if (tb_param == peer_param) { | ||||
ssl->negotiated_token_binding_param = tb_param; | |||||
ssl->s3->negotiated_token_binding_param = tb_param; | |||||
return true; | return true; | ||||
} | } | ||||
} | } | ||||
@@ -2587,14 +2587,14 @@ static bool ext_token_binding_parse_clienthello(SSL_HANDSHAKE *hs, | |||||
return true; | return true; | ||||
} | } | ||||
ssl->token_binding_negotiated = true; | |||||
ssl->s3->token_binding_negotiated = true; | |||||
return true; | return true; | ||||
} | } | ||||
static bool ext_token_binding_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { | static bool ext_token_binding_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { | ||||
SSL *const ssl = hs->ssl; | SSL *const ssl = hs->ssl; | ||||
if (!ssl->token_binding_negotiated) { | |||||
if (!ssl->s3->token_binding_negotiated) { | |||||
return true; | return true; | ||||
} | } | ||||
@@ -2603,7 +2603,7 @@ static bool ext_token_binding_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { | |||||
!CBB_add_u16_length_prefixed(out, &contents) || | !CBB_add_u16_length_prefixed(out, &contents) || | ||||
!CBB_add_u16(&contents, hs->negotiated_token_binding_version) || | !CBB_add_u16(&contents, hs->negotiated_token_binding_version) || | ||||
!CBB_add_u8_length_prefixed(&contents, ¶ms) || | !CBB_add_u8_length_prefixed(&contents, ¶ms) || | ||||
!CBB_add_u8(¶ms, ssl->negotiated_token_binding_param) || | |||||
!CBB_add_u8(¶ms, ssl->s3->negotiated_token_binding_param) || | |||||
!CBB_flush(out)) { | !CBB_flush(out)) { | ||||
return false; | return false; | ||||
} | } | ||||
@@ -3220,7 +3220,7 @@ static int ssl_scan_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs, | |||||
static int ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs) { | static int ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs) { | ||||
SSL *const ssl = hs->ssl; | SSL *const ssl = hs->ssl; | ||||
if (ssl->token_binding_negotiated && | |||||
if (ssl->s3->token_binding_negotiated && | |||||
!(SSL_get_secure_renegotiation_support(ssl) && | !(SSL_get_secure_renegotiation_support(ssl) && | ||||
SSL_get_extms_support(ssl))) { | SSL_get_extms_support(ssl))) { | ||||
OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_TB_WITHOUT_EMS_OR_RI); | OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_TB_WITHOUT_EMS_OR_RI); | ||||
@@ -436,7 +436,7 @@ static enum ssl_hs_wait_t do_read_encrypted_extensions(SSL_HANDSHAKE *hs) { | |||||
return ssl_hs_error; | return ssl_hs_error; | ||||
} | } | ||||
if (ssl->s3->tlsext_channel_id_valid || hs->received_custom_extension || | if (ssl->s3->tlsext_channel_id_valid || hs->received_custom_extension || | ||||
ssl->token_binding_negotiated) { | |||||
ssl->s3->token_binding_negotiated) { | |||||
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION_ON_EARLY_DATA); | OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION_ON_EARLY_DATA); | ||||
return ssl_hs_error; | return ssl_hs_error; | ||||
} | } | ||||
@@ -391,7 +391,7 @@ static enum ssl_hs_wait_t do_select_session(SSL_HANDSHAKE *hs) { | |||||
// Channel ID is incompatible with 0-RTT. | // Channel ID is incompatible with 0-RTT. | ||||
!ssl->s3->tlsext_channel_id_valid && | !ssl->s3->tlsext_channel_id_valid && | ||||
// If Token Binding is negotiated, reject 0-RTT. | // If Token Binding is negotiated, reject 0-RTT. | ||||
!ssl->token_binding_negotiated && | |||||
!ssl->s3->token_binding_negotiated && | |||||
// Custom extensions is incompatible with 0-RTT. | // Custom extensions is incompatible with 0-RTT. | ||||
hs->custom_extensions.received == 0 && | hs->custom_extensions.received == 0 && | ||||
// The negotiated ALPN must match the one in the ticket. | // The negotiated ALPN must match the one in the ticket. | ||||