generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update custom TLS extension and supplemental data 'generate' callbacks to support sending an alert.

Browse Source 
If multiple TLS extensions are expected but not received, the TLS extension and supplemental data 'generate' callbacks are the only chance for the receive-side to trigger a specific TLS alert during the handshake.

Removed logic which no-op'd TLS extension generate callbacks (as the generate callbacks need to always be called in order to trigger alerts), and updated the serverinfo-specific custom TLS extension callbacks to track which custom TLS extensions were received by the client, where no-ops for 'generate' callbacks are appropriate.
This commit is contained in:
Scott Deboy
2013-09-12 12:03:40 -07:00
committed by Ben Laurie
parent a51f767645
commit ac20719d99
12 changed files with 130 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
ssl/s3_srvr.c
View File

@@ -1504,7 +1504,7 @@ int ssl3_send_server_hello(SSL *s)
{
unsigned char *buf;
unsigned char *p,*d;
int i,sl;
int i,sl,al;
unsigned long l;
if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
@@ -1574,8 +1574,9 @@ int ssl3_send_server_hello(SSL *s)
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
return -1;
}
if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL)
{
ssl3_send_alert(s, SSL3_AL_FATAL, al);
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
return -1;
}
@@ -3703,6 +3704,7 @@ int ssl3_get_next_proto(SSL *s)
int tls1_send_server_supplemental_data(SSL *s, int *skip)
{
int al = 0;
if (s->ctx->srv_supp_data_records_count)
{
unsigned char *p = NULL;
@@ -3722,14 +3724,14 @@ int tls1_send_server_supplemental_data(SSL *s, int *skip)
if (!record->fn1)
continue;
cb_retval = record->fn1(s, record->supp_data_type,
&out, &outlen,
&out, &outlen, &al,
record->arg);
if (cb_retval == -1)
continue; /* skip this supp data entry */
if (cb_retval == 0)
{
SSLerr(SSL_F_TLS1_SEND_SERVER_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB);
return 0;
goto f_err;
}
if (outlen == 0 || TLSEXT_MAXLEN_supplemental_data < outlen + 4 + length)
{
@@ -3791,6 +3793,9 @@ int tls1_send_server_supplemental_data(SSL *s, int *skip)
s->init_num = 0;
s->init_off = 0;
return 1;
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
return 0;
}
int tls1_get_client_supplemental_data(SSL *s)