From b74b08144ea12adb229d9a4a7855ebfdbb7f7c8c Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 6 Oct 2016 19:43:48 -0400 Subject: [PATCH] Move next_proto_neg_seen into SSL_HANDSHAKE. Change-Id: I7f1d546f735ca854ac58c65b529218afda164ec0 Reviewed-on: https://boringssl-review.googlesource.com/11523 Reviewed-by: Adam Langley --- include/openssl/ssl.h | 3 --- ssl/handshake_client.c | 2 +- ssl/handshake_server.c | 2 +- ssl/internal.h | 3 +++ ssl/ssl_lib.c | 3 ++- ssl/t1_lib.c | 18 +++++++----------- 6 files changed, 14 insertions(+), 17 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index a81dd7aa..7b9875f1 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -4394,9 +4394,6 @@ typedef struct ssl3_state_st { uint8_t previous_server_finished_len; int send_connection_binding; - /* Set if we saw the Next Protocol Negotiation extension from our peer. */ - int next_proto_neg_seen; - /* Next protocol negotiation. For the client, this is the protocol that we * sent in NextProtocol and is set when handling ServerHello extensions. * diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c index e2b5a712..5bde5676 100644 --- a/ssl/handshake_client.c +++ b/ssl/handshake_client.c @@ -382,7 +382,7 @@ int ssl3_connect(SSL *ssl) { case SSL3_ST_CW_NEXT_PROTO_A: case SSL3_ST_CW_NEXT_PROTO_B: - if (ssl->s3->next_proto_neg_seen) { + if (ssl->s3->hs->next_proto_neg_seen) { ret = ssl3_send_next_proto(ssl); if (ret <= 0) { goto end; diff --git a/ssl/handshake_server.c b/ssl/handshake_server.c index 935c40e9..99df871e 100644 --- a/ssl/handshake_server.c +++ b/ssl/handshake_server.c @@ -366,7 +366,7 @@ int ssl3_accept(SSL *ssl) { break; case SSL3_ST_SR_NEXT_PROTO_A: - if (ssl->s3->next_proto_neg_seen) { + if (ssl->s3->hs->next_proto_neg_seen) { ret = ssl3_get_next_proto(ssl); if (ret <= 0) { goto end; diff --git a/ssl/internal.h b/ssl/internal.h index 17667752..1c0f1c91 100644 --- a/ssl/internal.h +++ b/ssl/internal.h @@ -967,6 +967,9 @@ struct ssl_handshake_st { * Start. The client may write data at this point. */ unsigned in_false_start:1; + /* next_proto_neg_seen is one of NPN was negotiated. */ + unsigned next_proto_neg_seen:1; + /* peer_psk_identity_hint, on the client, is the psk_identity_hint sent by the * server when using a TLS 1.2 PSK key exchange. */ char *peer_psk_identity_hint; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 5235b4d9..3a64debf 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2697,7 +2697,8 @@ int ssl3_can_false_start(const SSL *ssl) { /* False Start only for TLS 1.2 with an ECDHE+AEAD cipher and ALPN or NPN. */ return !SSL_is_dtls(ssl) && SSL_version(ssl) == TLS1_2_VERSION && - (ssl->s3->alpn_selected || ssl->s3->next_proto_neg_seen) && + (ssl->s3->alpn_selected != NULL || + ssl->s3->next_proto_negotiated != NULL) && cipher != NULL && (cipher->algorithm_mkey == SSL_kECDHE || cipher->algorithm_mkey == SSL_kCECPQ1) && diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index efb3347e..7adf22a0 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1328,10 +1328,6 @@ static int ext_ocsp_add_serverhello(SSL *ssl, CBB *out) { * * https://htmlpreview.github.io/?https://github.com/agl/technotes/blob/master/nextprotoneg.html */ -static void ext_npn_init(SSL *ssl) { - ssl->s3->next_proto_neg_seen = 0; -} - static int ext_npn_add_clienthello(SSL *ssl, CBB *out) { if (ssl->s3->initial_handshake_complete || ssl->ctx->next_proto_select_cb == NULL || @@ -1401,7 +1397,7 @@ static int ext_npn_parse_serverhello(SSL *ssl, uint8_t *out_alert, } ssl->s3->next_proto_negotiated_len = selected_len; - ssl->s3->next_proto_neg_seen = 1; + ssl->s3->hs->next_proto_neg_seen = 1; return 1; } @@ -1427,14 +1423,14 @@ static int ext_npn_parse_clienthello(SSL *ssl, uint8_t *out_alert, return 1; } - ssl->s3->next_proto_neg_seen = 1; + ssl->s3->hs->next_proto_neg_seen = 1; return 1; } static int ext_npn_add_serverhello(SSL *ssl, CBB *out) { /* |next_proto_neg_seen| might have been cleared when an ALPN extension was * parsed. */ - if (!ssl->s3->next_proto_neg_seen) { + if (!ssl->s3->hs->next_proto_neg_seen) { return 1; } @@ -1444,7 +1440,7 @@ static int ext_npn_add_serverhello(SSL *ssl, CBB *out) { if (ssl->ctx->next_protos_advertised_cb( ssl, &npa, &npa_len, ssl->ctx->next_protos_advertised_cb_arg) != SSL_TLSEXT_ERR_OK) { - ssl->s3->next_proto_neg_seen = 0; + ssl->s3->hs->next_proto_neg_seen = 0; return 1; } @@ -1567,7 +1563,7 @@ static int ext_alpn_parse_serverhello(SSL *ssl, uint8_t *out_alert, assert(!ssl->s3->initial_handshake_complete); assert(ssl->alpn_client_proto_list != NULL); - if (ssl->s3->next_proto_neg_seen) { + if (ssl->s3->hs->next_proto_neg_seen) { /* NPN and ALPN may not be negotiated in the same connection. */ *out_alert = SSL_AD_ILLEGAL_PARAMETER; OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_BOTH_NPN_AND_ALPN); @@ -1633,7 +1629,7 @@ static int ext_alpn_parse_clienthello(SSL *ssl, uint8_t *out_alert, } /* ALPN takes precedence over NPN. */ - ssl->s3->next_proto_neg_seen = 0; + ssl->s3->hs->next_proto_neg_seen = 0; CBS protocol_name_list; if (!CBS_get_u16_length_prefixed(contents, &protocol_name_list) || @@ -2518,7 +2514,7 @@ static const struct tls_extension kExtensions[] = { }, { TLSEXT_TYPE_next_proto_neg, - ext_npn_init, + NULL, ext_npn_add_clienthello, ext_npn_parse_serverhello, ext_npn_parse_clienthello,