/* Free everything that has been allocated and then reset back to * the starting state. */ void ssl3_ResetExtensionData(TLSExtensionData *xtnData) { /* Clean up. */ ssl3_FreeSniNameArray(xtnData); PORT_Free(xtnData->clientSigSchemes); SECITEM_FreeItem(&xtnData->nextProto, PR_FALSE); tls13_DestroyKeyShares(&xtnData->remoteKeyShares); /* Now reinit. */ ssl3_InitExtensionData(xtnData); }
/* Handle an incoming KeyShare extension at the server and copy to * |xtnData->remoteKeyShares| for future use. The key * share is processed in tls13_HandleClientKeyShare(). */ SECStatus tls13_ServerHandleKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data) { SECStatus rv; PRUint32 length; PORT_Assert(ss->sec.isServer); PORT_Assert(PR_CLIST_IS_EMPTY(&xtnData->remoteKeyShares)); if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) { return SECSuccess; } SSL_TRC(3, ("%d: SSL3[%d]: handle key_share extension", SSL_GETPID(), ss->fd)); /* Redundant length because of TLS encoding (this vector consumes * the entire extension.) */ rv = ssl3_ExtConsumeHandshakeNumber(ss, &length, 2, &data->data, &data->len); if (rv != SECSuccess) goto loser; if (length != data->len) { /* Check for consistency */ PORT_SetError(SSL_ERROR_RX_MALFORMED_KEY_SHARE); goto loser; } while (data->len) { rv = tls13_HandleKeyShareEntry(ss, xtnData, data); if (rv != SECSuccess) goto loser; } /* Check that the client only offered one share if this is * after HRR. */ if (ss->ssl3.hs.helloRetry) { if (PR_PREV_LINK(&xtnData->remoteKeyShares) != PR_NEXT_LINK(&xtnData->remoteKeyShares)) { PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); goto loser; } } return SECSuccess; loser: tls13_DestroyKeyShares(&xtnData->remoteKeyShares); return SECFailure; }
void ssl3_DestroyExtensionData(TLSExtensionData *xtnData) { ssl3_FreeSniNameArray(xtnData); PORT_Free(xtnData->sigSchemes); SECITEM_FreeItem(&xtnData->nextProto, PR_FALSE); tls13_DestroyKeyShares(&xtnData->remoteKeyShares); SECITEM_FreeItem(&xtnData->certReqContext, PR_FALSE); SECITEM_FreeItem(&xtnData->applicationToken, PR_FALSE); if (xtnData->certReqAuthorities.arena) { PORT_FreeArena(xtnData->certReqAuthorities.arena, PR_FALSE); xtnData->certReqAuthorities.arena = NULL; } PORT_Free(xtnData->advertised); }