Move next_proto_neg_seen into SSL_HANDSHAKE.
Change-Id: I7f1d546f735ca854ac58c65b529218afda164ec0 Reviewed-on: https://boringssl-review.googlesource.com/11523 Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin
Adam Langley
parent
f5d2cd0808
commit
b74b08144e
@ -4394,9 +4394,6 @@ typedef struct ssl3_state_st {
|
||||
uint8_t previous_server_finished_len;
|
||||
int send_connection_binding;
|
||||
|
||||
/* Set if we saw the Next Protocol Negotiation extension from our peer. */
|
||||
int next_proto_neg_seen;
|
||||
|
||||
/* Next protocol negotiation. For the client, this is the protocol that we
|
||||
* sent in NextProtocol and is set when handling ServerHello extensions.
|
||||
*
|
||||
|
||||
@ -382,7 +382,7 @@ int ssl3_connect(SSL *ssl) {
|
||||
|
||||
case SSL3_ST_CW_NEXT_PROTO_A:
|
||||
case SSL3_ST_CW_NEXT_PROTO_B:
|
||||
if (ssl->s3->next_proto_neg_seen) {
|
||||
if (ssl->s3->hs->next_proto_neg_seen) {
|
||||
ret = ssl3_send_next_proto(ssl);
|
||||
if (ret <= 0) {
|
||||
goto end;
|
||||
|
||||
@ -366,7 +366,7 @@ int ssl3_accept(SSL *ssl) {
|
||||
break;
|
||||
|
||||
case SSL3_ST_SR_NEXT_PROTO_A:
|
||||
if (ssl->s3->next_proto_neg_seen) {
|
||||
if (ssl->s3->hs->next_proto_neg_seen) {
|
||||
ret = ssl3_get_next_proto(ssl);
|
||||
if (ret <= 0) {
|
||||
goto end;
|
||||
|
||||
@ -967,6 +967,9 @@ struct ssl_handshake_st {
|
||||
* Start. The client may write data at this point. */
|
||||
unsigned in_false_start:1;
|
||||
|
||||
/* next_proto_neg_seen is one of NPN was negotiated. */
|
||||
unsigned next_proto_neg_seen:1;
|
||||
|
||||
/* peer_psk_identity_hint, on the client, is the psk_identity_hint sent by the
|
||||
* server when using a TLS 1.2 PSK key exchange. */
|
||||
char *peer_psk_identity_hint;
|
||||
|
||||
@ -2697,7 +2697,8 @@ int ssl3_can_false_start(const SSL *ssl) {
|
||||
/* False Start only for TLS 1.2 with an ECDHE+AEAD cipher and ALPN or NPN. */
|
||||
return !SSL_is_dtls(ssl) &&
|
||||
SSL_version(ssl) == TLS1_2_VERSION &&
|
||||
(ssl->s3->alpn_selected || ssl->s3->next_proto_neg_seen) &&
|
||||
(ssl->s3->alpn_selected != NULL ||
|
||||
ssl->s3->next_proto_negotiated != NULL) &&
|
||||
cipher != NULL &&
|
||||
(cipher->algorithm_mkey == SSL_kECDHE ||
|
||||
cipher->algorithm_mkey == SSL_kCECPQ1) &&
|
||||
|
||||
18
ssl/t1_lib.c
18
ssl/t1_lib.c
@ -1328,10 +1328,6 @@ static int ext_ocsp_add_serverhello(SSL *ssl, CBB *out) {
|
||||
*
|
||||
* https://htmlpreview.github.io/?https://github.com/agl/technotes/blob/master/nextprotoneg.html */
|
||||
|
||||
static void ext_npn_init(SSL *ssl) {
|
||||
ssl->s3->next_proto_neg_seen = 0;
|
||||
}
|
||||
|
||||
static int ext_npn_add_clienthello(SSL *ssl, CBB *out) {
|
||||
if (ssl->s3->initial_handshake_complete ||
|
||||
ssl->ctx->next_proto_select_cb == NULL ||
|
||||
@ -1401,7 +1397,7 @@ static int ext_npn_parse_serverhello(SSL *ssl, uint8_t *out_alert,
|
||||
}
|
||||
|
||||
ssl->s3->next_proto_negotiated_len = selected_len;
|
||||
ssl->s3->next_proto_neg_seen = 1;
|
||||
ssl->s3->hs->next_proto_neg_seen = 1;
|
||||
|
||||
return 1;
|
||||
}
|
||||
@ -1427,14 +1423,14 @@ static int ext_npn_parse_clienthello(SSL *ssl, uint8_t *out_alert,
|
||||
return 1;
|
||||
}
|
||||
|
||||
ssl->s3->next_proto_neg_seen = 1;
|
||||
ssl->s3->hs->next_proto_neg_seen = 1;
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int ext_npn_add_serverhello(SSL *ssl, CBB *out) {
|
||||
/* |next_proto_neg_seen| might have been cleared when an ALPN extension was
|
||||
* parsed. */
|
||||
if (!ssl->s3->next_proto_neg_seen) {
|
||||
if (!ssl->s3->hs->next_proto_neg_seen) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -1444,7 +1440,7 @@ static int ext_npn_add_serverhello(SSL *ssl, CBB *out) {
|
||||
if (ssl->ctx->next_protos_advertised_cb(
|
||||
ssl, &npa, &npa_len, ssl->ctx->next_protos_advertised_cb_arg) !=
|
||||
SSL_TLSEXT_ERR_OK) {
|
||||
ssl->s3->next_proto_neg_seen = 0;
|
||||
ssl->s3->hs->next_proto_neg_seen = 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -1567,7 +1563,7 @@ static int ext_alpn_parse_serverhello(SSL *ssl, uint8_t *out_alert,
|
||||
assert(!ssl->s3->initial_handshake_complete);
|
||||
assert(ssl->alpn_client_proto_list != NULL);
|
||||
|
||||
if (ssl->s3->next_proto_neg_seen) {
|
||||
if (ssl->s3->hs->next_proto_neg_seen) {
|
||||
/* NPN and ALPN may not be negotiated in the same connection. */
|
||||
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
||||
OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_BOTH_NPN_AND_ALPN);
|
||||
@ -1633,7 +1629,7 @@ static int ext_alpn_parse_clienthello(SSL *ssl, uint8_t *out_alert,
|
||||
}
|
||||
|
||||
/* ALPN takes precedence over NPN. */
|
||||
ssl->s3->next_proto_neg_seen = 0;
|
||||
ssl->s3->hs->next_proto_neg_seen = 0;
|
||||
|
||||
CBS protocol_name_list;
|
||||
if (!CBS_get_u16_length_prefixed(contents, &protocol_name_list) ||
|
||||
@ -2518,7 +2514,7 @@ static const struct tls_extension kExtensions[] = {
|
||||
},
|
||||
{
|
||||
TLSEXT_TYPE_next_proto_neg,
|
||||
ext_npn_init,
|
||||
NULL,
|
||||
ext_npn_add_clienthello,
|
||||
ext_npn_parse_serverhello,
|
||||
ext_npn_parse_clienthello,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user