generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Trying cherrypick:

Browse Source 
Add support for arbitrary TLS extensions.

Contributed by Trevor Perrin.

Conflicts:

	CHANGES
	ssl/ssl.h
	ssl/ssltest.c
	test/testssl

Fix compilation due to #endif.

Cherrypicking more stuff.

Cleanup of custom extension stuff.

serverinfo rejects non-empty extensions.

Omit extension if no relevant serverinfo data.

Improve error-handling in serverinfo callback.

Cosmetic cleanups.

s_client documentation.

s_server documentation.

SSL_CTX_serverinfo documentation.

Cleaup -1 and NULL callback handling for custom extensions, add tests.

Cleanup ssl_rsa.c serverinfo code.

Whitespace cleanup.

Improve comments in ssl.h for serverinfo.

Whitespace.

Cosmetic cleanup.

Reject non-zero-len serverinfo extensions.

Whitespace.

Make it build.

Conflicts:

	test/testssl
This commit is contained in:
Trevor
2013-05-12 18:55:27 -07:00
committed by Ben Laurie
parent 28c08222c0
commit e27711cfdd
20 changed files with 1151 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
ssl/ssl_lib.c
View File

@@ -1710,6 +1710,61 @@ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned
ctx->next_proto_select_cb_arg = arg;
}
# endif
int SSL_CTX_set_custom_cli_ext(SSL_CTX *ctx, unsigned short ext_type,
custom_cli_ext_first_cb_fn fn1,
custom_cli_ext_second_cb_fn fn2, void* arg)
{
/* Check for duplicates */
size_t i;
custom_cli_ext_record* record;
for (i=0; i < ctx->custom_cli_ext_records_count; i++)
if (ext_type == ctx->custom_cli_ext_records[i].ext_type)
return 0;
ctx->custom_cli_ext_records = OPENSSL_realloc(ctx->custom_cli_ext_records,
(ctx->custom_cli_ext_records_count+1) * sizeof(custom_cli_ext_record));
if (!ctx->custom_cli_ext_records) {
ctx->custom_cli_ext_records_count = 0;
return 0;
}
ctx->custom_cli_ext_records_count++;
record = &ctx->custom_cli_ext_records[ctx->custom_cli_ext_records_count - 1];
record->ext_type = ext_type;
record->fn1 = fn1;
record->fn2 = fn2;
record->arg = arg;
return 1;
}
int SSL_CTX_set_custom_srv_ext(SSL_CTX *ctx, unsigned short ext_type,
custom_srv_ext_first_cb_fn fn1,
custom_srv_ext_second_cb_fn fn2, void* arg)
{
/* Check for duplicates */
size_t i;
custom_srv_ext_record* record;
for (i=0; i < ctx->custom_srv_ext_records_count; i++)
if (ext_type == ctx->custom_srv_ext_records[i].ext_type)
return 0;
ctx->custom_srv_ext_records = OPENSSL_realloc(ctx->custom_srv_ext_records,
(ctx->custom_srv_ext_records_count+1) * sizeof(custom_srv_ext_record));
if (!ctx->custom_srv_ext_records) {
ctx->custom_srv_ext_records_count = 0;
return 0;
}
ctx->custom_srv_ext_records_count++;
record = &ctx->custom_srv_ext_records[ctx->custom_srv_ext_records_count - 1];
record->ext_type = ext_type;
record->fn1 = fn1;
record->fn2 = fn2;
record->arg = arg;
return 1;
}
#endif
int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
@@ -1909,6 +1964,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
#ifndef OPENSSL_NO_SRP
SSL_CTX_SRP_CTX_init(ret);
#endif
ret->custom_cli_ext_records = NULL;
ret->custom_cli_ext_records_count = 0;
ret->custom_srv_ext_records = NULL;
ret->custom_srv_ext_records_count = 0;
#ifndef OPENSSL_NO_BUF_FREELISTS
ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
@@ -2047,6 +2106,10 @@ void SSL_CTX_free(SSL_CTX *a)
#ifndef OPENSSL_NO_SRP
SSL_CTX_SRP_CTX_free(a);
#endif
#ifndef OPENSSL_NO_TLSEXT
OPENSSL_free(a->custom_cli_ext_records);
OPENSSL_free(a->custom_srv_ext_records);
#endif
#ifndef OPENSSL_NO_ENGINE
if (a->client_cert_engine)
ENGINE_finish(a->client_cert_engine);
@@ -2492,6 +2555,26 @@ unsigned char *ssl_get_authz_data(SSL *s, size_t *authz_length)
return c->pkeys[i].authz;
}
int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo,
size_t *serverinfo_length)
{
CERT *c = NULL;
int i = 0;
*serverinfo_length = 0;
c = s->cert;
i = ssl_get_server_cert_index(s);
if (i == -1)
return 0;
if (c->pkeys[i].serverinfo == NULL)
return 0;
*serverinfo = c->pkeys[i].serverinfo;
*serverinfo_length = c->pkeys[i].serverinfo_length;
return 1;
}
#endif
void ssl_update_cache(SSL *s,int mode)