Add a CBS version of SSL_early_callback_ctx_extension_get.

Save a little bit of typing at the call site.

Change-Id: I818535409b57a694e5e0ea0e9741d89f2be89375
Reviewed-on: https://boringssl-review.googlesource.com/9090
Reviewed-by: Adam Langley <agl@google.com>

ssl/handshake_server.c

@@ -679,14 +679,12 @@ static int ssl3_get_client_hello(SSL *ssl) {
    * extensions are not normally parsed until later. This detects the EMS
    * extension for the resumption decision and it's checked against the result
    * of the normal parse later in this function. */
-  const uint8_t *ems_data;
-  size_t ems_len;
+  CBS ems;
   int have_extended_master_secret =
       ssl->version != SSL3_VERSION &&
-      SSL_early_callback_ctx_extension_get(&early_ctx,
-                                           TLSEXT_TYPE_extended_master_secret,
-                                           &ems_data, &ems_len) &&
-      ems_len == 0;
+      ssl_early_callback_get_extension(&early_ctx, &ems,
+                                       TLSEXT_TYPE_extended_master_secret) &&
+      CBS_len(&ems) == 0;
 
   int has_session = 0;
   if (session != NULL) {

ssl/internal.h

@@ -1374,6 +1374,9 @@ int tls1_generate_master_secret(SSL *ssl, uint8_t *out, const uint8_t *premaster
 int ssl_early_callback_init(SSL *ssl, struct ssl_early_callback_ctx *ctx,
                             const uint8_t *in, size_t in_len);
 
+int ssl_early_callback_get_extension(const struct ssl_early_callback_ctx *ctx,
+                                     CBS *out, uint16_t extension_type);
+
 /* tls1_get_grouplist sets |*out_group_ids| and |*out_group_ids_len| to the
  * list of allowed group IDs. If |get_peer_groups| is non-zero, return the
  * peer's group list. Otherwise, return the preferred list. */

ssl/t1_lib.c

@@ -269,26 +269,21 @@ int ssl_early_callback_init(SSL *ssl, struct ssl_early_callback_ctx *ctx,
   return 1;
 }
 
-int SSL_early_callback_ctx_extension_get(
-    const struct ssl_early_callback_ctx *ctx, uint16_t extension_type,
-    const uint8_t **out_data, size_t *out_len) {
+int ssl_early_callback_get_extension(const struct ssl_early_callback_ctx *ctx,
+                                     CBS *out, uint16_t extension_type) {
   CBS extensions;
-
   CBS_init(&extensions, ctx->extensions, ctx->extensions_len);
-
   while (CBS_len(&extensions) != 0) {
+    /* Decode the next extension. */
     uint16_t type;
     CBS extension;
-
-    /* Decode the next extension. */
     if (!CBS_get_u16(&extensions, &type) ||
         !CBS_get_u16_length_prefixed(&extensions, &extension)) {
       return 0;
     }
 
     if (type == extension_type) {
-      *out_data = CBS_data(&extension);
-      *out_len = CBS_len(&extension);
+      *out = extension;
       return 1;
     }
   }
@@ -296,6 +291,19 @@ int SSL_early_callback_ctx_extension_get(
   return 0;
 }
 
+int SSL_early_callback_ctx_extension_get(
+    const struct ssl_early_callback_ctx *ctx, uint16_t extension_type,
+    const uint8_t **out_data, size_t *out_len) {
+  CBS cbs;
+  if (!ssl_early_callback_get_extension(ctx, &cbs, extension_type)) {
+    return 0;
+  }
+
+  *out_data = CBS_data(&cbs);
+  *out_len = CBS_len(&cbs);
+  return 1;
+}
+
 static const uint16_t kDefaultGroups[] = {
     SSL_CURVE_X25519,
     SSL_CURVE_SECP256R1,

ssl/tls13_server.c

@@ -71,17 +71,14 @@ static int resolve_ecdhe_secret(SSL *ssl, int *out_need_retry,
     return tls13_advance_key_schedule(ssl, kZeroes, hs->hash_len);
   }
 
-  const uint8_t *key_share_buf = NULL;
-  size_t key_share_len = 0;
   CBS key_share;
-  if (!SSL_early_callback_ctx_extension_get(early_ctx, TLSEXT_TYPE_key_share,
-                                            &key_share_buf, &key_share_len)) {
+  if (!ssl_early_callback_get_extension(early_ctx, &key_share,
+                                        TLSEXT_TYPE_key_share)) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_KEY_SHARE);
     ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_MISSING_EXTENSION);
     return ssl_hs_error;
   }
 
-  CBS_init(&key_share, key_share_buf, key_share_len);
   int found_key_share;
   uint8_t *dhe_secret;
   size_t dhe_secret_len;