Pass explicit parameters elsewhere.
The remaining direct accesses are in functions which expect to be called
in and out of the handshake. Accordingly, they are NULL-checked.
Change-Id: I07a7de6bdca7b6f8d09e22da11b8863ebf41389a
Reviewed-on: https://boringssl-review.googlesource.com/12343
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 0b27165..85c2789 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -322,7 +322,8 @@
}
}
-int tls1_get_shared_group(SSL *ssl, uint16_t *out_group_id) {
+int tls1_get_shared_group(SSL_HANDSHAKE *hs, uint16_t *out_group_id) {
+ SSL *const ssl = hs->ssl;
assert(ssl->server);
const uint16_t *groups, *pref, *supp;
@@ -341,11 +342,11 @@
if (ssl->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
pref = groups;
pref_len = groups_len;
- supp = ssl->s3->hs->peer_supported_group_list;
- supp_len = ssl->s3->hs->peer_supported_group_list_len;
+ supp = hs->peer_supported_group_list;
+ supp_len = hs->peer_supported_group_list_len;
} else {
- pref = ssl->s3->hs->peer_supported_group_list;
- pref_len = ssl->s3->hs->peer_supported_group_list_len;
+ pref = hs->peer_supported_group_list;
+ pref_len = hs->peer_supported_group_list_len;
supp = groups;
supp_len = groups_len;
}
@@ -1114,7 +1115,6 @@
static int ext_sigalgs_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
CBS *contents) {
- SSL *const ssl = hs->ssl;
OPENSSL_free(hs->peer_sigalgs);
hs->peer_sigalgs = NULL;
hs->num_peer_sigalgs = 0;
@@ -1127,7 +1127,7 @@
if (!CBS_get_u16_length_prefixed(contents, &supported_signature_algorithms) ||
CBS_len(contents) != 0 ||
CBS_len(&supported_signature_algorithms) == 0 ||
- !tls1_parse_peer_sigalgs(ssl, &supported_signature_algorithms)) {
+ !tls1_parse_peer_sigalgs(hs, &supported_signature_algorithms)) {
return 0;
}
@@ -1532,8 +1532,9 @@
return 1;
}
-int ssl_negotiate_alpn(SSL *ssl, uint8_t *out_alert,
+int ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
const struct ssl_early_callback_ctx *client_hello) {
+ SSL *const ssl = hs->ssl;
CBS contents;
if (ssl->ctx->alpn_select_cb == NULL ||
!ssl_early_callback_get_extension(
@@ -1544,7 +1545,7 @@
}
/* ALPN takes precedence over NPN. */
- ssl->s3->hs->next_proto_neg_seen = 0;
+ hs->next_proto_neg_seen = 0;
CBS protocol_name_list;
if (!CBS_get_u16_length_prefixed(&contents, &protocol_name_list) ||
@@ -2296,10 +2297,9 @@
uint8_t **out_secret,
size_t *out_secret_len,
uint8_t *out_alert, CBS *contents) {
- SSL *const ssl = hs->ssl;
uint16_t group_id;
CBS key_shares;
- if (!tls1_get_shared_group(ssl, &group_id)) {
+ if (!tls1_get_shared_group(hs, &group_id)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_GROUP);
*out_alert = SSL_AD_HANDSHAKE_FAILURE;
return 0;
@@ -2373,7 +2373,7 @@
SSL *const ssl = hs->ssl;
uint16_t group_id;
CBB kse_bytes, public_key;
- if (!tls1_get_shared_group(ssl, &group_id) ||
+ if (!tls1_get_shared_group(hs, &group_id) ||
!CBB_add_u16(out, TLSEXT_TYPE_key_share) ||
!CBB_add_u16_length_prefixed(out, &kse_bytes) ||
!CBB_add_u16(&kse_bytes, group_id) ||
@@ -3268,13 +3268,12 @@
return ret;
}
-int tls1_parse_peer_sigalgs(SSL *ssl, const CBS *in_sigalgs) {
+int tls1_parse_peer_sigalgs(SSL_HANDSHAKE *hs, const CBS *in_sigalgs) {
/* Extension ignored for inappropriate versions */
- if (ssl3_protocol_version(ssl) < TLS1_2_VERSION) {
+ if (ssl3_protocol_version(hs->ssl) < TLS1_2_VERSION) {
return 1;
}
- SSL_HANDSHAKE *hs = ssl->s3->hs;
OPENSSL_free(hs->peer_sigalgs);
hs->peer_sigalgs = NULL;
hs->num_peer_sigalgs = 0;
@@ -3310,9 +3309,9 @@
return 1;
}
-int tls1_choose_signature_algorithm(SSL *ssl, uint16_t *out) {
+int tls1_choose_signature_algorithm(SSL_HANDSHAKE *hs, uint16_t *out) {
+ SSL *const ssl = hs->ssl;
CERT *cert = ssl->cert;
- SSL_HANDSHAKE *hs = ssl->s3->hs;
/* Before TLS 1.2, the signature algorithm isn't negotiated as part of the
* handshake. It is fixed at MD5-SHA1 for RSA and SHA1 for ECDSA. */