/* Free everything that has been allocated and then reset back to
* the starting state. */
void
ssl3_ResetExtensionData(TLSExtensionData *xtnData)
{
/* Clean up. */
ssl3_FreeSniNameArray(xtnData);
PORT_Free(xtnData->clientSigSchemes);
SECITEM_FreeItem(&xtnData->nextProto, PR_FALSE);
tls13_DestroyKeyShares(&xtnData->remoteKeyShares);
/* Now reinit. */
ssl3_InitExtensionData(xtnData);
}
/* Handle an incoming KeyShare extension at the server and copy to
* |xtnData->remoteKeyShares| for future use. The key
* share is processed in tls13_HandleClientKeyShare(). */
SECStatus
tls13_ServerHandleKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data)
{
SECStatus rv;
PRUint32 length;
PORT_Assert(ss->sec.isServer);
PORT_Assert(PR_CLIST_IS_EMPTY(&xtnData->remoteKeyShares));
if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
return SECSuccess;
}
SSL_TRC(3, ("%d: SSL3[%d]: handle key_share extension",
SSL_GETPID(), ss->fd));
/* Redundant length because of TLS encoding (this vector consumes
* the entire extension.) */
rv = ssl3_ExtConsumeHandshakeNumber(ss, &length, 2, &data->data,
&data->len);
if (rv != SECSuccess)
goto loser;
if (length != data->len) {
/* Check for consistency */
PORT_SetError(SSL_ERROR_RX_MALFORMED_KEY_SHARE);
goto loser;
}
while (data->len) {
rv = tls13_HandleKeyShareEntry(ss, xtnData, data);
if (rv != SECSuccess)
goto loser;
}
/* Check that the client only offered one share if this is
* after HRR. */
if (ss->ssl3.hs.helloRetry) {
if (PR_PREV_LINK(&xtnData->remoteKeyShares) !=
PR_NEXT_LINK(&xtnData->remoteKeyShares)) {
PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
goto loser;
}
}
return SECSuccess;
loser:
tls13_DestroyKeyShares(&xtnData->remoteKeyShares);
return SECFailure;
}
void
ssl3_DestroyExtensionData(TLSExtensionData *xtnData)
{
ssl3_FreeSniNameArray(xtnData);
PORT_Free(xtnData->sigSchemes);
SECITEM_FreeItem(&xtnData->nextProto, PR_FALSE);
tls13_DestroyKeyShares(&xtnData->remoteKeyShares);
SECITEM_FreeItem(&xtnData->certReqContext, PR_FALSE);
SECITEM_FreeItem(&xtnData->applicationToken, PR_FALSE);
if (xtnData->certReqAuthorities.arena) {
PORT_FreeArena(xtnData->certReqAuthorities.arena, PR_FALSE);
xtnData->certReqAuthorities.arena = NULL;
}
PORT_Free(xtnData->advertised);
}
