Add a CBS version of SSL_early_callback_ctx_extension_get.

Save a little bit of typing at the call site.

Change-Id: I818535409b57a694e5e0ea0e9741d89f2be89375
Reviewed-on: https://boringssl-review.googlesource.com/9090
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2016-08-02 17:41:33 -04:00 committed by Adam Langley
parent 1e6f11a7ff
commit cec7344bba
4 changed files with 26 additions and 20 deletions

View File

@ -679,14 +679,12 @@ static int ssl3_get_client_hello(SSL *ssl) {
* extensions are not normally parsed until later. This detects the EMS
* extension for the resumption decision and it's checked against the result
* of the normal parse later in this function. */
const uint8_t *ems_data;
size_t ems_len;
CBS ems;
int have_extended_master_secret =
ssl->version != SSL3_VERSION &&
SSL_early_callback_ctx_extension_get(&early_ctx,
TLSEXT_TYPE_extended_master_secret,
&ems_data, &ems_len) &&
ems_len == 0;
ssl_early_callback_get_extension(&early_ctx, &ems,
TLSEXT_TYPE_extended_master_secret) &&
CBS_len(&ems) == 0;
int has_session = 0;
if (session != NULL) {

View File

@ -1374,6 +1374,9 @@ int tls1_generate_master_secret(SSL *ssl, uint8_t *out, const uint8_t *premaster
int ssl_early_callback_init(SSL *ssl, struct ssl_early_callback_ctx *ctx,
const uint8_t *in, size_t in_len);
int ssl_early_callback_get_extension(const struct ssl_early_callback_ctx *ctx,
CBS *out, uint16_t extension_type);
/* tls1_get_grouplist sets |*out_group_ids| and |*out_group_ids_len| to the
* list of allowed group IDs. If |get_peer_groups| is non-zero, return the
* peer's group list. Otherwise, return the preferred list. */

View File

@ -269,26 +269,21 @@ int ssl_early_callback_init(SSL *ssl, struct ssl_early_callback_ctx *ctx,
return 1;
}
int SSL_early_callback_ctx_extension_get(
const struct ssl_early_callback_ctx *ctx, uint16_t extension_type,
const uint8_t **out_data, size_t *out_len) {
int ssl_early_callback_get_extension(const struct ssl_early_callback_ctx *ctx,
CBS *out, uint16_t extension_type) {
CBS extensions;
CBS_init(&extensions, ctx->extensions, ctx->extensions_len);
while (CBS_len(&extensions) != 0) {
/* Decode the next extension. */
uint16_t type;
CBS extension;
/* Decode the next extension. */
if (!CBS_get_u16(&extensions, &type) ||
!CBS_get_u16_length_prefixed(&extensions, &extension)) {
return 0;
}
if (type == extension_type) {
*out_data = CBS_data(&extension);
*out_len = CBS_len(&extension);
*out = extension;
return 1;
}
}
@ -296,6 +291,19 @@ int SSL_early_callback_ctx_extension_get(
return 0;
}
int SSL_early_callback_ctx_extension_get(
const struct ssl_early_callback_ctx *ctx, uint16_t extension_type,
const uint8_t **out_data, size_t *out_len) {
CBS cbs;
if (!ssl_early_callback_get_extension(ctx, &cbs, extension_type)) {
return 0;
}
*out_data = CBS_data(&cbs);
*out_len = CBS_len(&cbs);
return 1;
}
static const uint16_t kDefaultGroups[] = {
SSL_CURVE_X25519,
SSL_CURVE_SECP256R1,

View File

@ -71,17 +71,14 @@ static int resolve_ecdhe_secret(SSL *ssl, int *out_need_retry,
return tls13_advance_key_schedule(ssl, kZeroes, hs->hash_len);
}
const uint8_t *key_share_buf = NULL;
size_t key_share_len = 0;
CBS key_share;
if (!SSL_early_callback_ctx_extension_get(early_ctx, TLSEXT_TYPE_key_share,
&key_share_buf, &key_share_len)) {
if (!ssl_early_callback_get_extension(early_ctx, &key_share,
TLSEXT_TYPE_key_share)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_KEY_SHARE);
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_MISSING_EXTENSION);
return ssl_hs_error;
}
CBS_init(&key_share, key_share_buf, key_share_len);
int found_key_share;
uint8_t *dhe_secret;
size_t dhe_secret_len;