generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Re-add alert variables removed during rebase

Browse Source 
Whitespace fixes

(cherry picked from commit e9add063b50e8a460d5636055156d2760c2fe29f)
Conflicts:
	ssl/s3_clnt.c
This commit is contained in:
Scott Deboy 2014-02-04 13:08:43 -08:00
parent 19a28a8aa3
commit 7612511b3b
10 changed files with 252 additions and 244 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
apps/s_client.c
View File

@ -236,22 +236,22 @@ static int server_provided_client_authz = 0;
static const unsigned char auth_ext_data[]={TLSEXT_AUTHZDATAFORMAT_dtcp}; static const unsigned char auth_ext_data[]={TLSEXT_AUTHZDATAFORMAT_dtcp};
static int suppdata_cb(SSL *s, unsigned short supp_data_type, static int suppdata_cb(SSL *s, unsigned short supp_data_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg); void *arg);
static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg); unsigned short *outlen, int *al, void *arg);
static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, unsigned short *outlen, const unsigned char **out, unsigned short *outlen,
int *al, void *arg); int *al, void *arg);
static int authz_tlsext_cb(SSL *s, unsigned short ext_type, static int authz_tlsext_cb(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg); void *arg);
#endif #endif
#ifndef OPENSSL_NO_PSK #ifndef OPENSSL_NO_PSK
@ -2435,9 +2435,9 @@ static int ocsp_resp_cb(SSL *s, void *arg)
} }
static int authz_tlsext_cb(SSL *s, unsigned short ext_type, static int authz_tlsext_cb(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
if (TLSEXT_TYPE_server_authz == ext_type) if (TLSEXT_TYPE_server_authz == ext_type)
{ {
@ -2457,8 +2457,8 @@ static int authz_tlsext_cb(SSL *s, unsigned short ext_type,
} }
static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, unsigned short *outlen, const unsigned char **out, unsigned short *outlen,
int *al, void *arg) int *al, void *arg)
{ {
if (c_auth) if (c_auth)
{ {
@ -2476,9 +2476,9 @@ static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
} }
static int suppdata_cb(SSL *s, unsigned short supp_data_type, static int suppdata_cb(SSL *s, unsigned short supp_data_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
if (supp_data_type == TLSEXT_SUPPLEMENTALDATATYPE_authz_data) if (supp_data_type == TLSEXT_SUPPLEMENTALDATATYPE_authz_data)
{ {
@ -2489,8 +2489,8 @@ static int suppdata_cb(SSL *s, unsigned short supp_data_type,
} }
static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg) unsigned short *outlen, int *al, void *arg)
{ {
if (c_auth && server_provided_client_authz && server_provided_server_authz) if (c_auth && server_provided_client_authz && server_provided_server_authz)
{ {

40
apps/s_server.c
View File

@ -330,22 +330,22 @@ static int cert_chain = 0;
#ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_TLSEXT
static int suppdata_cb(SSL *s, unsigned short supp_data_type, static int suppdata_cb(SSL *s, unsigned short supp_data_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg); void *arg);
static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg); unsigned short *outlen, int *al, void *arg);
static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, unsigned short *outlen, const unsigned char **out, unsigned short *outlen,
int *al, void *arg); int *al, void *arg);
static int authz_tlsext_cb(SSL *s, unsigned short ext_type, static int authz_tlsext_cb(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg); void *arg);
static BIO *serverinfo_in = NULL; static BIO *serverinfo_in = NULL;
static const char *s_serverinfo_file = NULL; static const char *s_serverinfo_file = NULL;
@ -3553,9 +3553,9 @@ static void free_sessions(void)
#ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_TLSEXT
static int authz_tlsext_cb(SSL *s, unsigned short ext_type, static int authz_tlsext_cb(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
if (TLSEXT_TYPE_server_authz == ext_type) if (TLSEXT_TYPE_server_authz == ext_type)
{ {
@ -3575,8 +3575,8 @@ static int authz_tlsext_cb(SSL *s, unsigned short ext_type,
} }
static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, unsigned short *outlen, const unsigned char **out, unsigned short *outlen,
int *al, void *arg) int *al, void *arg)
{ {
if (c_auth && client_provided_client_authz && client_provided_server_authz) if (c_auth && client_provided_client_authz && client_provided_server_authz)
{ {
@ -3595,9 +3595,9 @@ static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
} }
static int suppdata_cb(SSL *s, unsigned short supp_data_type, static int suppdata_cb(SSL *s, unsigned short supp_data_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
if (supp_data_type == TLSEXT_SUPPLEMENTALDATATYPE_authz_data) if (supp_data_type == TLSEXT_SUPPLEMENTALDATATYPE_authz_data)
{ {
@ -3608,8 +3608,8 @@ static int suppdata_cb(SSL *s, unsigned short supp_data_type,
} }
static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg) unsigned short *outlen, int *al, void *arg)
{ {
if (c_auth && client_provided_client_authz && client_provided_server_authz) if (c_auth && client_provided_client_authz && client_provided_server_authz)
{ {

5
ssl/s23_clnt.c
View File

@ -299,6 +299,7 @@ static int ssl23_client_hello(SSL *s)
unsigned long l; unsigned long l;
int ssl2_compat; int ssl2_compat;
int version = 0, version_major, version_minor; int version = 0, version_major, version_minor;
int al = 0;
#ifndef OPENSSL_NO_COMP #ifndef OPENSSL_NO_COMP
int j; int j;
SSL_COMP *comp; SSL_COMP *comp;
@ -553,9 +554,9 @@ static int ssl23_client_hello(SSL *s)
SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
return -1; return -1;
} }
if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL) if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL)
{ {
ssl3_send_alert(s,SSL3_AL_FATAL,al); ssl3_send_alert(s,SSL3_AL_FATAL,al);
SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
return -1; return -1;
} }

56
ssl/s3_clnt.c
View File

@ -689,6 +689,7 @@ int ssl3_client_hello(SSL *s)
unsigned char *p,*d; unsigned char *p,*d;
int i; int i;
unsigned long l; unsigned long l;
int al = 0;
#ifndef OPENSSL_NO_COMP #ifndef OPENSSL_NO_COMP
int j; int j;
SSL_COMP *comp; SSL_COMP *comp;
@ -891,9 +892,9 @@ int ssl3_client_hello(SSL *s)
SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
goto err; goto err;
} }
if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL) if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL)
{ {
ssl3_send_alert(s,SSL3_AL_FATAL,al); ssl3_send_alert(s,SSL3_AL_FATAL,al);
SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
goto err; goto err;
} }
@ -3618,7 +3619,7 @@ int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
#ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_TLSEXT
int tls1_send_client_supplemental_data(SSL *s, int *skip) int tls1_send_client_supplemental_data(SSL *s, int *skip)
{ {
int al = 0; int al = 0;
if (s->ctx->cli_supp_data_records_count) if (s->ctx->cli_supp_data_records_count)
{ {
unsigned char *p = NULL; unsigned char *p = NULL;
@ -3638,21 +3639,21 @@ int tls1_send_client_supplemental_data(SSL *s, int *skip)
if (!record->fn2) if (!record->fn2)
continue; continue;
cb_retval = record->fn2(s, record->supp_data_type, cb_retval = record->fn2(s, record->supp_data_type,
&out, &outlen, &al, &out, &outlen, &al,
record->arg); record->arg);
if (cb_retval == -1) if (cb_retval == -1)
continue; /* skip this supp data entry */ continue; /* skip this supp data entry */
if (cb_retval == 0) if (cb_retval == 0)
{ {
SSLerr(SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB); SSLerr(SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB);
goto f_err; goto f_err;
} }
if (outlen == 0 || TLSEXT_MAXLEN_supplemental_data < outlen + 4 + length) if (outlen == 0 || TLSEXT_MAXLEN_supplemental_data < outlen + 4 + length)
{ {
SSLerr(SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB); SSLerr(SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB);
return 0; return 0;
} }
//if first entry, write handshake message type /* if first entry, write handshake message type */
if (length == 0) if (length == 0)
{ {
if (!BUF_MEM_grow_clean(s->init_buf, 4)) if (!BUF_MEM_grow_clean(s->init_buf, 4))
@ -3662,9 +3663,12 @@ int tls1_send_client_supplemental_data(SSL *s, int *skip)
} }
p = (unsigned char *)s->init_buf->data; p = (unsigned char *)s->init_buf->data;
*(p++) = SSL3_MT_SUPPLEMENTAL_DATA; *(p++) = SSL3_MT_SUPPLEMENTAL_DATA;
//update message length when all callbacks complete /* update message length when all
* callbacks complete */
size_loc = p; size_loc = p;
//skip over handshake length field (3 bytes) and supp_data length field (3 bytes) /* skip over handshake length field (3
* bytes) and supp_data length field
* (3 bytes) */
p += 3 + 3; p += 3 + 3;
length += 1 +3 +3; length += 1 +3 +3;
} }
@ -3698,10 +3702,10 @@ int tls1_send_client_supplemental_data(SSL *s, int *skip)
s->init_off = 0; s->init_off = 0;
return 1; return 1;
f_err: f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al); ssl3_send_alert(s,SSL3_AL_FATAL,al);
return 0; return 0;
} }
int tls1_get_server_supplemental_data(SSL *s) int tls1_get_server_supplemental_data(SSL *s)
{ {
@ -3716,12 +3720,12 @@ int tls1_get_server_supplemental_data(SSL *s)
int cb_retval = 0; int cb_retval = 0;
n=s->method->ssl_get_message(s, n=s->method->ssl_get_message(s,
SSL3_ST_CR_SUPPLEMENTAL_DATA_A, SSL3_ST_CR_SUPPLEMENTAL_DATA_A,
SSL3_ST_CR_SUPPLEMENTAL_DATA_B, SSL3_ST_CR_SUPPLEMENTAL_DATA_B,
SSL3_MT_SUPPLEMENTAL_DATA, SSL3_MT_SUPPLEMENTAL_DATA,
/* use default limit */ /* use default limit */
TLSEXT_MAXLEN_supplemental_data, TLSEXT_MAXLEN_supplemental_data,
&ok); &ok);
if (!ok) return((int)n); if (!ok) return((int)n);
@ -3742,9 +3746,11 @@ int tls1_get_server_supplemental_data(SSL *s)
//if there is a callback for this supp data type, send it //if there is a callback for this supp data type, send it
for (i=0; i < s->ctx->cli_supp_data_records_count; i++) for (i=0; i < s->ctx->cli_supp_data_records_count; i++)
{ {
if (s->ctx->cli_supp_data_records[i].supp_data_type == supp_data_entry_type && s->ctx->cli_supp_data_records[i].fn1) if (s->ctx->cli_supp_data_records[i].supp_data_type == supp_data_entry_type &&
s->ctx->cli_supp_data_records[i].fn1)
{ {
cb_retval = s->ctx->cli_supp_data_records[i].fn1(s, supp_data_entry_type, p, supp_data_entry_len, &al, s->ctx->cli_supp_data_records[i].arg); cb_retval = s->ctx->cli_supp_data_records[i].fn1(s, supp_data_entry_type, p,
supp_data_entry_len, &al, s->ctx->cli_supp_data_records[i].arg);
if (cb_retval == 0) if (cb_retval == 0)
{ {
SSLerr(SSL_F_TLS1_GET_SERVER_SUPPLEMENTAL_DATA, ERR_R_SSL_LIB); SSLerr(SSL_F_TLS1_GET_SERVER_SUPPLEMENTAL_DATA, ERR_R_SSL_LIB);
@ -3755,8 +3761,8 @@ int tls1_get_server_supplemental_data(SSL *s)
p+=supp_data_entry_len; p+=supp_data_entry_len;
} }
return 1; return 1;
f_err: f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al); ssl3_send_alert(s,SSL3_AL_FATAL,al);
return -1; return -1;
} }
#endif #endif

12
ssl/s3_lib.c
View File

@ -3029,8 +3029,8 @@ void ssl3_free(SSL *s)
SSL_SRP_CTX_free(s); SSL_SRP_CTX_free(s);
#endif #endif
#ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_TLSEXT
if (s->s3->serverinfo_client_tlsext_custom_types != NULL) if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
#endif #endif
OPENSSL_cleanse(s->s3,sizeof *s->s3); OPENSSL_cleanse(s->s3,sizeof *s->s3);
OPENSSL_free(s->s3); OPENSSL_free(s->s3);
@ -3076,12 +3076,12 @@ void ssl3_clear(SSL *s)
} }
#endif #endif
#ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_TLSEXT
if (s->s3->serverinfo_client_tlsext_custom_types != NULL) if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
{ {
OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
s->s3->serverinfo_client_tlsext_custom_types = NULL; s->s3->serverinfo_client_tlsext_custom_types = NULL;
} }
s->s3->serverinfo_client_tlsext_custom_types_count = 0; s->s3->serverinfo_client_tlsext_custom_types_count = 0;
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
s->s3->is_probably_safari = 0; s->s3->is_probably_safari = 0;
#endif /* !OPENSSL_NO_EC */ #endif /* !OPENSSL_NO_EC */

29
ssl/s3_srvr.c
View File

@ -1500,7 +1500,8 @@ int ssl3_send_server_hello(SSL *s)
{ {
unsigned char *buf; unsigned char *buf;
unsigned char *p,*d; unsigned char *p,*d;
int i,sl,al; int i,sl;
int al = 0;
unsigned long l; unsigned long l;
if (s->state == SSL3_ST_SW_SRVR_HELLO_A) if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
@ -1569,9 +1570,9 @@ int ssl3_send_server_hello(SSL *s)
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT); SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
return -1; return -1;
} }
if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL) if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL)
{ {
ssl3_send_alert(s, SSL3_AL_FATAL, al); ssl3_send_alert(s, SSL3_AL_FATAL, al);
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
return -1; return -1;
} }
@ -3655,7 +3656,7 @@ int ssl3_get_next_proto(SSL *s)
int tls1_send_server_supplemental_data(SSL *s, int *skip) int tls1_send_server_supplemental_data(SSL *s, int *skip)
{ {
int al = 0; int al = 0;
if (s->ctx->srv_supp_data_records_count) if (s->ctx->srv_supp_data_records_count)
{ {
unsigned char *p = NULL; unsigned char *p = NULL;
@ -3675,14 +3676,14 @@ int tls1_send_server_supplemental_data(SSL *s, int *skip)
if (!record->fn1) if (!record->fn1)
continue; continue;
cb_retval = record->fn1(s, record->supp_data_type, cb_retval = record->fn1(s, record->supp_data_type,
&out, &outlen, &al, &out, &outlen, &al,
record->arg); record->arg);
if (cb_retval == -1) if (cb_retval == -1)
continue; /* skip this supp data entry */ continue; /* skip this supp data entry */
if (cb_retval == 0) if (cb_retval == 0)
{ {
SSLerr(SSL_F_TLS1_SEND_SERVER_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB); SSLerr(SSL_F_TLS1_SEND_SERVER_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB);
goto f_err; goto f_err;
} }
if (outlen == 0 || TLSEXT_MAXLEN_supplemental_data < outlen + 4 + length) if (outlen == 0 || TLSEXT_MAXLEN_supplemental_data < outlen + 4 + length)
{ {
@ -3741,8 +3742,8 @@ int tls1_send_server_supplemental_data(SSL *s, int *skip)
s->init_off = 0; s->init_off = 0;
return 1; return 1;
f_err: f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al); ssl3_send_alert(s,SSL3_AL_FATAL,al);
return 0; return 0;
} }
int tls1_get_client_supplemental_data(SSL *s) int tls1_get_client_supplemental_data(SSL *s)
@ -3758,12 +3759,12 @@ int tls1_get_client_supplemental_data(SSL *s)
size_t i = 0; size_t i = 0;
n=s->method->ssl_get_message(s, n=s->method->ssl_get_message(s,
SSL3_ST_SR_SUPPLEMENTAL_DATA_A, SSL3_ST_SR_SUPPLEMENTAL_DATA_A,
SSL3_ST_SR_SUPPLEMENTAL_DATA_B, SSL3_ST_SR_SUPPLEMENTAL_DATA_B,
SSL3_MT_SUPPLEMENTAL_DATA, SSL3_MT_SUPPLEMENTAL_DATA,
/* use default limit */ /* use default limit */
TLSEXT_MAXLEN_supplemental_data, TLSEXT_MAXLEN_supplemental_data,
&ok); &ok);
if (!ok) return((int)n); if (!ok) return((int)n);

32
ssl/ssl.h
View File

@ -406,19 +406,19 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, S
*/ */
typedef int (*custom_cli_ext_first_cb_fn)(SSL *s, unsigned short ext_type, typedef int (*custom_cli_ext_first_cb_fn)(SSL *s, unsigned short ext_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg); unsigned short *outlen, int *al, void *arg);
typedef int (*custom_cli_ext_second_cb_fn)(SSL *s, unsigned short ext_type, typedef int (*custom_cli_ext_second_cb_fn)(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg); void *arg);
typedef int (*custom_srv_ext_first_cb_fn)(SSL *s, unsigned short ext_type, typedef int (*custom_srv_ext_first_cb_fn)(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg); void *arg);
typedef int (*custom_srv_ext_second_cb_fn)(SSL *s, unsigned short ext_type, typedef int (*custom_srv_ext_second_cb_fn)(SSL *s, unsigned short ext_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg); unsigned short *outlen, int *al, void *arg);
typedef struct { typedef struct {
unsigned short ext_type; unsigned short ext_type;
@ -456,20 +456,20 @@ typedef struct {
* fatal TLS alert, if the callback returns zero. * fatal TLS alert, if the callback returns zero.
*/ */
typedef int (*srv_supp_data_first_cb_fn)(SSL *s, unsigned short supp_data_type, typedef int (*srv_supp_data_first_cb_fn)(SSL *s, unsigned short supp_data_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg); unsigned short *outlen, int *al, void *arg);
typedef int (*srv_supp_data_second_cb_fn)(SSL *s, unsigned short supp_data_type, typedef int (*srv_supp_data_second_cb_fn)(SSL *s, unsigned short supp_data_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg); void *arg);
typedef int (*cli_supp_data_first_cb_fn)(SSL *s, unsigned short supp_data_type, typedef int (*cli_supp_data_first_cb_fn)(SSL *s, unsigned short supp_data_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg); void *arg);
typedef int (*cli_supp_data_second_cb_fn)(SSL *s, unsigned short supp_data_type, typedef int (*cli_supp_data_second_cb_fn)(SSL *s, unsigned short supp_data_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg); unsigned short *outlen, int *al, void *arg);
typedef struct { typedef struct {
unsigned short supp_data_type; unsigned short supp_data_type;

90
ssl/ssl_rsa.c
View File

@ -844,71 +844,71 @@ static int serverinfo_find_extension(const unsigned char *serverinfo,
} }
static int serverinfo_srv_first_cb(SSL *s, unsigned short ext_type, static int serverinfo_srv_first_cb(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
size_t i = 0; size_t i = 0;
if (inlen != 0) if (inlen != 0)
{ {
*al = SSL_AD_DECODE_ERROR; *al = SSL_AD_DECODE_ERROR;
return 0; return 0;
} }
//if already in list, error out //if already in list, error out
for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++) for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++)
{ {
if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type) if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type)
{ {
*al = SSL_AD_DECODE_ERROR; *al = SSL_AD_DECODE_ERROR;
return 0; return 0;
} }
} }
s->s3->serverinfo_client_tlsext_custom_types_count++; s->s3->serverinfo_client_tlsext_custom_types_count++;
s->s3->serverinfo_client_tlsext_custom_types = OPENSSL_realloc( s->s3->serverinfo_client_tlsext_custom_types = OPENSSL_realloc(
s->s3->serverinfo_client_tlsext_custom_types, s->s3->serverinfo_client_tlsext_custom_types,
s->s3->serverinfo_client_tlsext_custom_types_count * 2); s->s3->serverinfo_client_tlsext_custom_types_count * 2);
if (s->s3->serverinfo_client_tlsext_custom_types == NULL) if (s->s3->serverinfo_client_tlsext_custom_types == NULL)
{ {
s->s3->serverinfo_client_tlsext_custom_types_count = 0; s->s3->serverinfo_client_tlsext_custom_types_count = 0;
*al = TLS1_AD_INTERNAL_ERROR; *al = TLS1_AD_INTERNAL_ERROR;
return 0; return 0;
} }
s->s3->serverinfo_client_tlsext_custom_types[ s->s3->serverinfo_client_tlsext_custom_types[
s->s3->serverinfo_client_tlsext_custom_types_count - 1] = ext_type; s->s3->serverinfo_client_tlsext_custom_types_count - 1] = ext_type;
return 1; return 1;
} }
static int serverinfo_srv_second_cb(SSL *s, unsigned short ext_type, static int serverinfo_srv_second_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, unsigned short *outlen, const unsigned char **out, unsigned short *outlen,
int *al, void *arg) int *al, void *arg)
{ {
const unsigned char *serverinfo = NULL; const unsigned char *serverinfo = NULL;
size_t serverinfo_length = 0; size_t serverinfo_length = 0;
size_t i = 0; size_t i = 0;
unsigned int match = 0; unsigned int match = 0;
/* Did the client send a TLS extension for this type? */ /* Did the client send a TLS extension for this type? */
for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++) for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++)
{ {
if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type) if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type)
{ {
match = 1; match = 1;
break; break;
} }
} }
if (!match) if (!match)
{ {
//extension not sent by client...don't send extension //extension not sent by client...don't send extension
return -1; return -1;
} }
/* Is there serverinfo data for the chosen server cert? */ /* Is there serverinfo data for the chosen server cert? */
if ((ssl_get_server_cert_serverinfo(s, &serverinfo, if ((ssl_get_server_cert_serverinfo(s, &serverinfo,
&serverinfo_length)) != 0) &serverinfo_length)) != 0)
{ {
/* Find the relevant extension from the serverinfo */ /* Find the relevant extension from the serverinfo */
int retval = serverinfo_find_extension(serverinfo, serverinfo_length, int retval = serverinfo_find_extension(serverinfo, serverinfo_length,
ext_type, out, outlen); ext_type, out, outlen);
if (retval == 0) if (retval == 0)
return 0; /* Error */ return 0; /* Error */
if (retval == -1) if (retval == -1)

132
ssl/ssltest.c
View File

@ -488,8 +488,8 @@ static int verify_serverinfo()
*/ */
static int custom_ext_0_cli_first_cb(SSL *s, unsigned short ext_type, static int custom_ext_0_cli_first_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg) unsigned short *outlen, int *al, void *arg)
{ {
if (ext_type != CUSTOM_EXT_TYPE_0) if (ext_type != CUSTOM_EXT_TYPE_0)
custom_ext_error = 1; custom_ext_error = 1;
@ -497,17 +497,17 @@ static int custom_ext_0_cli_first_cb(SSL *s, unsigned short ext_type,
} }
static int custom_ext_0_cli_second_cb(SSL *s, unsigned short ext_type, static int custom_ext_0_cli_second_cb(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
custom_ext_error = 1; /* Shouldn't be called */ custom_ext_error = 1; /* Shouldn't be called */
return 0; return 0;
} }
static int custom_ext_1_cli_first_cb(SSL *s, unsigned short ext_type, static int custom_ext_1_cli_first_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg) unsigned short *outlen, int *al, void *arg)
{ {
if (ext_type != CUSTOM_EXT_TYPE_1) if (ext_type != CUSTOM_EXT_TYPE_1)
custom_ext_error = 1; custom_ext_error = 1;
@ -517,17 +517,17 @@ static int custom_ext_1_cli_first_cb(SSL *s, unsigned short ext_type,
} }
static int custom_ext_1_cli_second_cb(SSL *s, unsigned short ext_type, static int custom_ext_1_cli_second_cb(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
custom_ext_error = 1; /* Shouldn't be called */ custom_ext_error = 1; /* Shouldn't be called */
return 0; return 0;
} }
static int custom_ext_2_cli_first_cb(SSL *s, unsigned short ext_type, static int custom_ext_2_cli_first_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg) unsigned short *outlen, int *al, void *arg)
{ {
if (ext_type != CUSTOM_EXT_TYPE_2) if (ext_type != CUSTOM_EXT_TYPE_2)
custom_ext_error = 1; custom_ext_error = 1;
@ -537,9 +537,9 @@ static int custom_ext_2_cli_first_cb(SSL *s, unsigned short ext_type,
} }
static int custom_ext_2_cli_second_cb(SSL *s, unsigned short ext_type, static int custom_ext_2_cli_second_cb(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
if (ext_type != CUSTOM_EXT_TYPE_2) if (ext_type != CUSTOM_EXT_TYPE_2)
custom_ext_error = 1; custom_ext_error = 1;
@ -549,8 +549,8 @@ static int custom_ext_2_cli_second_cb(SSL *s, unsigned short ext_type,
} }
static int custom_ext_3_cli_first_cb(SSL *s, unsigned short ext_type, static int custom_ext_3_cli_first_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg) unsigned short *outlen, int *al, void *arg)
{ {
if (ext_type != CUSTOM_EXT_TYPE_3) if (ext_type != CUSTOM_EXT_TYPE_3)
custom_ext_error = 1; custom_ext_error = 1;
@ -560,9 +560,9 @@ static int custom_ext_3_cli_first_cb(SSL *s, unsigned short ext_type,
} }
static int custom_ext_3_cli_second_cb(SSL *s, unsigned short ext_type, static int custom_ext_3_cli_second_cb(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
if (ext_type != CUSTOM_EXT_TYPE_3) if (ext_type != CUSTOM_EXT_TYPE_3)
custom_ext_error = 1; custom_ext_error = 1;
@ -575,9 +575,9 @@ static int custom_ext_3_cli_second_cb(SSL *s, unsigned short ext_type,
//custom_ext_0_cli_first_cb returns -1 - the server won't receive a callback for this extension //custom_ext_0_cli_first_cb returns -1 - the server won't receive a callback for this extension
static int custom_ext_0_srv_first_cb(SSL *s, unsigned short ext_type, static int custom_ext_0_srv_first_cb(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
custom_ext_error = 1; custom_ext_error = 1;
return 0; /* Shouldn't be called */ return 0; /* Shouldn't be called */
@ -585,16 +585,16 @@ static int custom_ext_0_srv_first_cb(SSL *s, unsigned short ext_type,
//'generate' callbacks are always called, even if the 'receive' callback isn't called //'generate' callbacks are always called, even if the 'receive' callback isn't called
static int custom_ext_0_srv_second_cb(SSL *s, unsigned short ext_type, static int custom_ext_0_srv_second_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg) unsigned short *outlen, int *al, void *arg)
{ {
return -1; /* Don't send an extension */ return -1; /* Don't send an extension */
} }
static int custom_ext_1_srv_first_cb(SSL *s, unsigned short ext_type, static int custom_ext_1_srv_first_cb(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
if (ext_type != CUSTOM_EXT_TYPE_1) if (ext_type != CUSTOM_EXT_TYPE_1)
custom_ext_error = 1; custom_ext_error = 1;
@ -607,16 +607,16 @@ static int custom_ext_1_srv_first_cb(SSL *s, unsigned short ext_type,
} }
static int custom_ext_1_srv_second_cb(SSL *s, unsigned short ext_type, static int custom_ext_1_srv_second_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg) unsigned short *outlen, int *al, void *arg)
{ {
return -1; /* Don't send an extension */ return -1; /* Don't send an extension */
} }
static int custom_ext_2_srv_first_cb(SSL *s, unsigned short ext_type, static int custom_ext_2_srv_first_cb(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
if (ext_type != CUSTOM_EXT_TYPE_2) if (ext_type != CUSTOM_EXT_TYPE_2)
custom_ext_error = 1; custom_ext_error = 1;
@ -629,8 +629,8 @@ static int custom_ext_2_srv_first_cb(SSL *s, unsigned short ext_type,
} }
static int custom_ext_2_srv_second_cb(SSL *s, unsigned short ext_type, static int custom_ext_2_srv_second_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg) unsigned short *outlen, int *al, void *arg)
{ {
*out = NULL; *out = NULL;
*outlen = 0; *outlen = 0;
@ -638,9 +638,9 @@ static int custom_ext_2_srv_second_cb(SSL *s, unsigned short ext_type,
} }
static int custom_ext_3_srv_first_cb(SSL *s, unsigned short ext_type, static int custom_ext_3_srv_first_cb(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
if (ext_type != CUSTOM_EXT_TYPE_3) if (ext_type != CUSTOM_EXT_TYPE_3)
custom_ext_error = 1; custom_ext_error = 1;
@ -653,8 +653,8 @@ static int custom_ext_3_srv_first_cb(SSL *s, unsigned short ext_type,
} }
static int custom_ext_3_srv_second_cb(SSL *s, unsigned short ext_type, static int custom_ext_3_srv_second_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg) unsigned short *outlen, int *al, void *arg)
{ {
*out = (const unsigned char*)custom_ext_srv_string; *out = (const unsigned char*)custom_ext_srv_string;
*outlen = strlen(custom_ext_srv_string); *outlen = strlen(custom_ext_srv_string);
@ -662,8 +662,8 @@ static int custom_ext_3_srv_second_cb(SSL *s, unsigned short ext_type,
} }
static int supp_data_0_srv_first_cb(SSL *s, unsigned short supp_data_type, static int supp_data_0_srv_first_cb(SSL *s, unsigned short supp_data_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg) unsigned short *outlen, int *al, void *arg)
{ {
*out = (const unsigned char*)supp_data_0_string; *out = (const unsigned char*)supp_data_0_string;
*outlen = strlen(supp_data_0_string); *outlen = strlen(supp_data_0_string);
@ -673,9 +673,9 @@ static int supp_data_0_srv_first_cb(SSL *s, unsigned short supp_data_type,
} }
static int supp_data_0_srv_second_cb(SSL *s, unsigned short supp_data_type, static int supp_data_0_srv_second_cb(SSL *s, unsigned short supp_data_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0) if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0)
suppdata_error = 1; suppdata_error = 1;
@ -689,34 +689,34 @@ static int supp_data_0_srv_second_cb(SSL *s, unsigned short supp_data_type,
} }
static int supp_data_1_srv_first_cb(SSL *s, unsigned short supp_data_type, static int supp_data_1_srv_first_cb(SSL *s, unsigned short supp_data_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg) unsigned short *outlen, int *al, void *arg)
{ {
return -1; return -1;
} }
static int supp_data_1_srv_second_cb(SSL *s, unsigned short supp_data_type, static int supp_data_1_srv_second_cb(SSL *s, unsigned short supp_data_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
suppdata_error = 1; suppdata_error = 1;
return 1; return 1;
} }
static int supp_data_2_srv_second_cb(SSL *s, unsigned short supp_data_type, static int supp_data_2_srv_second_cb(SSL *s, unsigned short supp_data_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
suppdata_error = 1; suppdata_error = 1;
return 1; return 1;
} }
static int supp_data_0_cli_first_cb(SSL *s, unsigned short supp_data_type, static int supp_data_0_cli_first_cb(SSL *s, unsigned short supp_data_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0) if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0)
suppdata_error = 1; suppdata_error = 1;
@ -730,8 +730,8 @@ static int supp_data_0_cli_first_cb(SSL *s, unsigned short supp_data_type,
} }
static int supp_data_0_cli_second_cb(SSL *s, unsigned short supp_data_type, static int supp_data_0_cli_second_cb(SSL *s, unsigned short supp_data_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg) unsigned short *outlen, int *al, void *arg)
{ {
*out = (const unsigned char*)supp_data_0_string; *out = (const unsigned char*)supp_data_0_string;
*outlen = strlen(supp_data_0_string); *outlen = strlen(supp_data_0_string);
@ -741,25 +741,25 @@ static int supp_data_0_cli_second_cb(SSL *s, unsigned short supp_data_type,
} }
static int supp_data_1_cli_first_cb(SSL *s, unsigned short supp_data_type, static int supp_data_1_cli_first_cb(SSL *s, unsigned short supp_data_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
suppdata_error = 1; suppdata_error = 1;
return 1; return 1;
} }
static int supp_data_1_cli_second_cb(SSL *s, unsigned short supp_data_type, static int supp_data_1_cli_second_cb(SSL *s, unsigned short supp_data_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg) unsigned short *outlen, int *al, void *arg)
{ {
return -1; return -1;
} }
static int supp_data_2_cli_first_cb(SSL *s, unsigned short supp_data_type, static int supp_data_2_cli_first_cb(SSL *s, unsigned short supp_data_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
suppdata_error = 1; suppdata_error = 1;
return 1; return 1;

58
ssl/t1_lib.c
View File

@ -1466,8 +1466,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
{ {
int cb_retval = 0; int cb_retval = 0;
cb_retval = record->fn1(s, record->ext_type, cb_retval = record->fn1(s, record->ext_type,
&out, &outlen, al, &out, &outlen, al,
record->arg); record->arg);
if (cb_retval == 0) if (cb_retval == 0)
return NULL; /* error */ return NULL; /* error */
if (cb_retval == -1) if (cb_retval == -1)
@ -1523,8 +1523,8 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
{ {
int extdatalen=0; int extdatalen=0;
unsigned char *ret = p; unsigned char *ret = p;
size_t i; size_t i;
custom_srv_ext_record *record; custom_srv_ext_record *record;
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
int next_proto_neg_seen; int next_proto_neg_seen;
#endif #endif
@ -1708,29 +1708,29 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
} }
#endif #endif
for (i = 0; i < s->ctx->custom_srv_ext_records_count; i++) for (i = 0; i < s->ctx->custom_srv_ext_records_count; i++)
{ {
record = &s->ctx->custom_srv_ext_records[i]; record = &s->ctx->custom_srv_ext_records[i];
const unsigned char *out = NULL; const unsigned char *out = NULL;
unsigned short outlen = 0; unsigned short outlen = 0;
int cb_retval = 0; int cb_retval = 0;
/* NULL callback or -1 omits extension */ /* NULL callback or -1 omits extension */
if (!record->fn2) if (!record->fn2)
break; break;
cb_retval = record->fn2(s, record->ext_type, cb_retval = record->fn2(s, record->ext_type,
&out, &outlen, al, &out, &outlen, al,
record->arg); record->arg);
if (cb_retval == 0) if (cb_retval == 0)
return NULL; /* error */ return NULL; /* error */
if (cb_retval == -1) if (cb_retval == -1)
break; /* skip this extension */ break; /* skip this extension */
if (limit < ret + 4 + outlen) if (limit < ret + 4 + outlen)
return NULL; return NULL;
s2n(record->ext_type, ret); s2n(record->ext_type, ret);
s2n(outlen, ret); s2n(outlen, ret);
memcpy(ret, out, outlen); memcpy(ret, out, outlen);
ret += outlen; ret += outlen;
} }
if (s->s3->alpn_selected) if (s->s3->alpn_selected)
@ -1924,11 +1924,11 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
#endif #endif
/* Clear observed custom extensions */ /* Clear observed custom extensions */
s->s3->serverinfo_client_tlsext_custom_types_count = 0; s->s3->serverinfo_client_tlsext_custom_types_count = 0;
if (s->s3->serverinfo_client_tlsext_custom_types != NULL) if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
{ {
OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
s->s3->serverinfo_client_tlsext_custom_types = NULL; s->s3->serverinfo_client_tlsext_custom_types = NULL;
} }
if (s->s3->alpn_selected) if (s->s3->alpn_selected)