Re-add alert variables removed during rebase
Whitespace fixes
This commit is contained in:
Scott Deboy
Ben Laurie
parent
519531e97e
commit
e9add063b5
@ -236,22 +236,22 @@ static int server_provided_client_authz = 0;
|
||||
static const unsigned char auth_ext_data[]={TLSEXT_AUTHZDATAFORMAT_dtcp};
|
||||
|
||||
static int suppdata_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
|
||||
static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg);
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg);
|
||||
|
||||
static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out, unsigned short *outlen,
|
||||
int *al, void *arg);
|
||||
const unsigned char **out, unsigned short *outlen,
|
||||
int *al, void *arg);
|
||||
|
||||
static int authz_tlsext_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_PSK
|
||||
@ -2439,9 +2439,9 @@ static int ocsp_resp_cb(SSL *s, void *arg)
|
||||
}
|
||||
|
||||
static int authz_tlsext_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
if (TLSEXT_TYPE_server_authz == ext_type)
|
||||
server_provided_server_authz
|
||||
@ -2455,8 +2455,8 @@ static int authz_tlsext_cb(SSL *s, unsigned short ext_type,
|
||||
}
|
||||
|
||||
static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out, unsigned short *outlen,
|
||||
int *al, void *arg)
|
||||
const unsigned char **out, unsigned short *outlen,
|
||||
int *al, void *arg)
|
||||
{
|
||||
if (c_auth)
|
||||
{
|
||||
@ -2474,9 +2474,9 @@ static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
|
||||
}
|
||||
|
||||
static int suppdata_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
if (supp_data_type == TLSEXT_SUPPLEMENTALDATATYPE_authz_data)
|
||||
{
|
||||
@ -2487,8 +2487,8 @@ static int suppdata_cb(SSL *s, unsigned short supp_data_type,
|
||||
}
|
||||
|
||||
static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
{
|
||||
if (c_auth && server_provided_client_authz && server_provided_server_authz)
|
||||
{
|
||||
|
||||
@ -331,22 +331,22 @@ static int cert_chain = 0;
|
||||
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
static int suppdata_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
|
||||
static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg);
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg);
|
||||
|
||||
static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out, unsigned short *outlen,
|
||||
int *al, void *arg);
|
||||
const unsigned char **out, unsigned short *outlen,
|
||||
int *al, void *arg);
|
||||
|
||||
static int authz_tlsext_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
|
||||
static BIO *serverinfo_in = NULL;
|
||||
static const char *s_serverinfo_file = NULL;
|
||||
@ -3585,9 +3585,9 @@ static void free_sessions(void)
|
||||
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
static int authz_tlsext_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
if (TLSEXT_TYPE_server_authz == ext_type)
|
||||
client_provided_server_authz
|
||||
@ -3601,8 +3601,8 @@ static int authz_tlsext_cb(SSL *s, unsigned short ext_type,
|
||||
}
|
||||
|
||||
static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out, unsigned short *outlen,
|
||||
int *al, void *arg)
|
||||
const unsigned char **out, unsigned short *outlen,
|
||||
int *al, void *arg)
|
||||
{
|
||||
if (c_auth && client_provided_client_authz && client_provided_server_authz)
|
||||
{
|
||||
@ -3621,9 +3621,9 @@ static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
|
||||
}
|
||||
|
||||
static int suppdata_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
if (supp_data_type == TLSEXT_SUPPLEMENTALDATATYPE_authz_data)
|
||||
{
|
||||
@ -3634,8 +3634,8 @@ static int suppdata_cb(SSL *s, unsigned short supp_data_type,
|
||||
}
|
||||
|
||||
static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
{
|
||||
if (c_auth && client_provided_client_authz && client_provided_server_authz)
|
||||
{
|
||||
|
||||
@ -299,6 +299,7 @@ static int ssl23_client_hello(SSL *s)
|
||||
unsigned long l;
|
||||
int ssl2_compat;
|
||||
int version = 0, version_major, version_minor;
|
||||
int al = 0;
|
||||
#ifndef OPENSSL_NO_COMP
|
||||
int j;
|
||||
SSL_COMP *comp;
|
||||
@ -553,9 +554,9 @@ static int ssl23_client_hello(SSL *s)
|
||||
SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
|
||||
return -1;
|
||||
}
|
||||
if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL)
|
||||
if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL)
|
||||
{
|
||||
ssl3_send_alert(s,SSL3_AL_FATAL,al);
|
||||
ssl3_send_alert(s,SSL3_AL_FATAL,al);
|
||||
SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -689,6 +689,7 @@ int ssl3_client_hello(SSL *s)
|
||||
unsigned char *p,*d;
|
||||
int i;
|
||||
unsigned long l;
|
||||
int al = 0;
|
||||
#ifndef OPENSSL_NO_COMP
|
||||
int j;
|
||||
SSL_COMP *comp;
|
||||
@ -891,9 +892,9 @@ int ssl3_client_hello(SSL *s)
|
||||
SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
|
||||
goto err;
|
||||
}
|
||||
if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL)
|
||||
if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL)
|
||||
{
|
||||
ssl3_send_alert(s,SSL3_AL_FATAL,al);
|
||||
ssl3_send_alert(s,SSL3_AL_FATAL,al);
|
||||
SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
|
||||
goto err;
|
||||
}
|
||||
@ -3623,7 +3624,7 @@ int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
int tls1_send_client_supplemental_data(SSL *s, int *skip)
|
||||
{
|
||||
int al = 0;
|
||||
int al = 0;
|
||||
if (s->ctx->cli_supp_data_records_count)
|
||||
{
|
||||
unsigned char *p = NULL;
|
||||
@ -3643,20 +3644,20 @@ int tls1_send_client_supplemental_data(SSL *s, int *skip)
|
||||
if (!record->fn2)
|
||||
continue;
|
||||
cb_retval = record->fn2(s, record->supp_data_type,
|
||||
&out, &outlen, &al,
|
||||
record->arg);
|
||||
&out, &outlen, &al,
|
||||
record->arg);
|
||||
if (cb_retval == -1)
|
||||
continue; /* skip this supp data entry */
|
||||
if (cb_retval == 0)
|
||||
{
|
||||
SSLerr(SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB);
|
||||
goto f_err;
|
||||
goto f_err;
|
||||
}
|
||||
if (outlen == 0 || TLSEXT_MAXLEN_supplemental_data < outlen + 4 + length)
|
||||
{
|
||||
SSLerr(SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
/* if first entry, write handshake message type */
|
||||
if (length == 0)
|
||||
{
|
||||
@ -3668,11 +3669,11 @@ int tls1_send_client_supplemental_data(SSL *s, int *skip)
|
||||
p = (unsigned char *)s->init_buf->data;
|
||||
*(p++) = SSL3_MT_SUPPLEMENTAL_DATA;
|
||||
/* update message length when all
|
||||
* callbacks complete */
|
||||
* callbacks complete */
|
||||
size_loc = p;
|
||||
/* skip over handshake length field (3
|
||||
* bytes) and supp_data length field
|
||||
* (3 bytes) */
|
||||
* bytes) and supp_data length field
|
||||
* (3 bytes) */
|
||||
p += 3 + 3;
|
||||
length += 1 +3 +3;
|
||||
}
|
||||
@ -3706,10 +3707,10 @@ int tls1_send_client_supplemental_data(SSL *s, int *skip)
|
||||
s->init_off = 0;
|
||||
return 1;
|
||||
|
||||
f_err:
|
||||
ssl3_send_alert(s,SSL3_AL_FATAL,al);
|
||||
return 0;
|
||||
}
|
||||
f_err:
|
||||
ssl3_send_alert(s,SSL3_AL_FATAL,al);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int tls1_get_server_supplemental_data(SSL *s)
|
||||
{
|
||||
@ -3724,12 +3725,12 @@ int tls1_get_server_supplemental_data(SSL *s)
|
||||
int cb_retval = 0;
|
||||
|
||||
n=s->method->ssl_get_message(s,
|
||||
SSL3_ST_CR_SUPPLEMENTAL_DATA_A,
|
||||
SSL3_ST_CR_SUPPLEMENTAL_DATA_B,
|
||||
SSL3_MT_SUPPLEMENTAL_DATA,
|
||||
/* use default limit */
|
||||
TLSEXT_MAXLEN_supplemental_data,
|
||||
&ok);
|
||||
SSL3_ST_CR_SUPPLEMENTAL_DATA_A,
|
||||
SSL3_ST_CR_SUPPLEMENTAL_DATA_B,
|
||||
SSL3_MT_SUPPLEMENTAL_DATA,
|
||||
/* use default limit */
|
||||
TLSEXT_MAXLEN_supplemental_data,
|
||||
&ok);
|
||||
|
||||
if (!ok) return((int)n);
|
||||
|
||||
@ -3750,9 +3751,11 @@ int tls1_get_server_supplemental_data(SSL *s)
|
||||
/* if there is a callback for this supp data type, send it */
|
||||
for (i=0; i < s->ctx->cli_supp_data_records_count; i++)
|
||||
{
|
||||
if (s->ctx->cli_supp_data_records[i].supp_data_type == supp_data_entry_type && s->ctx->cli_supp_data_records[i].fn1)
|
||||
if (s->ctx->cli_supp_data_records[i].supp_data_type == supp_data_entry_type &&
|
||||
s->ctx->cli_supp_data_records[i].fn1)
|
||||
{
|
||||
cb_retval = s->ctx->cli_supp_data_records[i].fn1(s, supp_data_entry_type, p, supp_data_entry_len, &al, s->ctx->cli_supp_data_records[i].arg);
|
||||
cb_retval = s->ctx->cli_supp_data_records[i].fn1(s, supp_data_entry_type, p,
|
||||
supp_data_entry_len, &al, s->ctx->cli_supp_data_records[i].arg);
|
||||
if (cb_retval == 0)
|
||||
{
|
||||
SSLerr(SSL_F_TLS1_GET_SERVER_SUPPLEMENTAL_DATA, ERR_R_SSL_LIB);
|
||||
@ -3763,8 +3766,8 @@ int tls1_get_server_supplemental_data(SSL *s)
|
||||
p += supp_data_entry_len;
|
||||
}
|
||||
return 1;
|
||||
f_err:
|
||||
ssl3_send_alert(s,SSL3_AL_FATAL,al);
|
||||
return -1;
|
||||
f_err:
|
||||
ssl3_send_alert(s,SSL3_AL_FATAL,al);
|
||||
return -1;
|
||||
}
|
||||
#endif
|
||||
|
||||
12
ssl/s3_lib.c
12
ssl/s3_lib.c
@ -3029,8 +3029,8 @@ void ssl3_free(SSL *s)
|
||||
SSL_SRP_CTX_free(s);
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
|
||||
OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
|
||||
if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
|
||||
OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
|
||||
#endif
|
||||
OPENSSL_cleanse(s->s3,sizeof *s->s3);
|
||||
OPENSSL_free(s->s3);
|
||||
@ -3076,12 +3076,12 @@ void ssl3_clear(SSL *s)
|
||||
}
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
|
||||
if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
|
||||
{
|
||||
OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
|
||||
s->s3->serverinfo_client_tlsext_custom_types = NULL;
|
||||
OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
|
||||
s->s3->serverinfo_client_tlsext_custom_types = NULL;
|
||||
}
|
||||
s->s3->serverinfo_client_tlsext_custom_types_count = 0;
|
||||
s->s3->serverinfo_client_tlsext_custom_types_count = 0;
|
||||
#ifndef OPENSSL_NO_EC
|
||||
s->s3->is_probably_safari = 0;
|
||||
#endif /* !OPENSSL_NO_EC */
|
||||
|
||||
@ -1504,7 +1504,8 @@ int ssl3_send_server_hello(SSL *s)
|
||||
{
|
||||
unsigned char *buf;
|
||||
unsigned char *p,*d;
|
||||
int i,sl,al;
|
||||
int i,sl;
|
||||
int al = 0;
|
||||
unsigned long l;
|
||||
|
||||
if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
|
||||
@ -1574,9 +1575,9 @@ int ssl3_send_server_hello(SSL *s)
|
||||
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
|
||||
return -1;
|
||||
}
|
||||
if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL)
|
||||
if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL)
|
||||
{
|
||||
ssl3_send_alert(s, SSL3_AL_FATAL, al);
|
||||
ssl3_send_alert(s, SSL3_AL_FATAL, al);
|
||||
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
|
||||
return -1;
|
||||
}
|
||||
@ -3704,7 +3705,7 @@ int ssl3_get_next_proto(SSL *s)
|
||||
|
||||
int tls1_send_server_supplemental_data(SSL *s, int *skip)
|
||||
{
|
||||
int al = 0;
|
||||
int al = 0;
|
||||
if (s->ctx->srv_supp_data_records_count)
|
||||
{
|
||||
unsigned char *p = NULL;
|
||||
@ -3724,14 +3725,14 @@ int tls1_send_server_supplemental_data(SSL *s, int *skip)
|
||||
if (!record->fn1)
|
||||
continue;
|
||||
cb_retval = record->fn1(s, record->supp_data_type,
|
||||
&out, &outlen, &al,
|
||||
&out, &outlen, &al,
|
||||
record->arg);
|
||||
if (cb_retval == -1)
|
||||
continue; /* skip this supp data entry */
|
||||
if (cb_retval == 0)
|
||||
{
|
||||
SSLerr(SSL_F_TLS1_SEND_SERVER_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB);
|
||||
goto f_err;
|
||||
goto f_err;
|
||||
}
|
||||
if (outlen == 0 || TLSEXT_MAXLEN_supplemental_data < outlen + 4 + length)
|
||||
{
|
||||
@ -3794,8 +3795,8 @@ int tls1_send_server_supplemental_data(SSL *s, int *skip)
|
||||
s->init_off = 0;
|
||||
return 1;
|
||||
f_err:
|
||||
ssl3_send_alert(s,SSL3_AL_FATAL,al);
|
||||
return 0;
|
||||
ssl3_send_alert(s,SSL3_AL_FATAL,al);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int tls1_get_client_supplemental_data(SSL *s)
|
||||
@ -3811,12 +3812,12 @@ int tls1_get_client_supplemental_data(SSL *s)
|
||||
size_t i = 0;
|
||||
|
||||
n=s->method->ssl_get_message(s,
|
||||
SSL3_ST_SR_SUPPLEMENTAL_DATA_A,
|
||||
SSL3_ST_SR_SUPPLEMENTAL_DATA_B,
|
||||
SSL3_MT_SUPPLEMENTAL_DATA,
|
||||
/* use default limit */
|
||||
TLSEXT_MAXLEN_supplemental_data,
|
||||
&ok);
|
||||
SSL3_ST_SR_SUPPLEMENTAL_DATA_A,
|
||||
SSL3_ST_SR_SUPPLEMENTAL_DATA_B,
|
||||
SSL3_MT_SUPPLEMENTAL_DATA,
|
||||
/* use default limit */
|
||||
TLSEXT_MAXLEN_supplemental_data,
|
||||
&ok);
|
||||
|
||||
if (!ok) return((int)n);
|
||||
|
||||
|
||||
32
ssl/ssl.h
32
ssl/ssl.h
@ -410,19 +410,19 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, S
|
||||
*/
|
||||
typedef int (*custom_cli_ext_first_cb_fn)(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg);
|
||||
unsigned short *outlen, int *al, void *arg);
|
||||
typedef int (*custom_cli_ext_second_cb_fn)(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
|
||||
typedef int (*custom_srv_ext_first_cb_fn)(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
typedef int (*custom_srv_ext_second_cb_fn)(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg);
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg);
|
||||
|
||||
typedef struct {
|
||||
unsigned short ext_type;
|
||||
@ -460,20 +460,20 @@ typedef struct {
|
||||
* fatal TLS alert, if the callback returns zero.
|
||||
*/
|
||||
typedef int (*srv_supp_data_first_cb_fn)(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg);
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg);
|
||||
typedef int (*srv_supp_data_second_cb_fn)(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
|
||||
typedef int (*cli_supp_data_first_cb_fn)(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
typedef int (*cli_supp_data_second_cb_fn)(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg);
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg);
|
||||
|
||||
typedef struct {
|
||||
unsigned short supp_data_type;
|
||||
|
||||
@ -844,71 +844,71 @@ static int serverinfo_find_extension(const unsigned char *serverinfo,
|
||||
}
|
||||
|
||||
static int serverinfo_srv_first_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
size_t i = 0;
|
||||
size_t i = 0;
|
||||
if (inlen != 0)
|
||||
{
|
||||
*al = SSL_AD_DECODE_ERROR;
|
||||
return 0;
|
||||
}
|
||||
//if already in list, error out
|
||||
for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++)
|
||||
{
|
||||
if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type)
|
||||
{
|
||||
*al = SSL_AD_DECODE_ERROR;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
s->s3->serverinfo_client_tlsext_custom_types_count++;
|
||||
s->s3->serverinfo_client_tlsext_custom_types = OPENSSL_realloc(
|
||||
s->s3->serverinfo_client_tlsext_custom_types,
|
||||
s->s3->serverinfo_client_tlsext_custom_types_count * 2);
|
||||
if (s->s3->serverinfo_client_tlsext_custom_types == NULL)
|
||||
{
|
||||
s->s3->serverinfo_client_tlsext_custom_types_count = 0;
|
||||
*al = TLS1_AD_INTERNAL_ERROR;
|
||||
return 0;
|
||||
}
|
||||
s->s3->serverinfo_client_tlsext_custom_types[
|
||||
s->s3->serverinfo_client_tlsext_custom_types_count - 1] = ext_type;
|
||||
//if already in list, error out
|
||||
for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++)
|
||||
{
|
||||
if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type)
|
||||
{
|
||||
*al = SSL_AD_DECODE_ERROR;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
s->s3->serverinfo_client_tlsext_custom_types_count++;
|
||||
s->s3->serverinfo_client_tlsext_custom_types = OPENSSL_realloc(
|
||||
s->s3->serverinfo_client_tlsext_custom_types,
|
||||
s->s3->serverinfo_client_tlsext_custom_types_count * 2);
|
||||
if (s->s3->serverinfo_client_tlsext_custom_types == NULL)
|
||||
{
|
||||
s->s3->serverinfo_client_tlsext_custom_types_count = 0;
|
||||
*al = TLS1_AD_INTERNAL_ERROR;
|
||||
return 0;
|
||||
}
|
||||
s->s3->serverinfo_client_tlsext_custom_types[
|
||||
s->s3->serverinfo_client_tlsext_custom_types_count - 1] = ext_type;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int serverinfo_srv_second_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out, unsigned short *outlen,
|
||||
int *al, void *arg)
|
||||
const unsigned char **out, unsigned short *outlen,
|
||||
int *al, void *arg)
|
||||
{
|
||||
const unsigned char *serverinfo = NULL;
|
||||
size_t serverinfo_length = 0;
|
||||
size_t i = 0;
|
||||
unsigned int match = 0;
|
||||
/* Did the client send a TLS extension for this type? */
|
||||
for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++)
|
||||
{
|
||||
if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type)
|
||||
{
|
||||
match = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!match)
|
||||
{
|
||||
//extension not sent by client...don't send extension
|
||||
return -1;
|
||||
}
|
||||
size_t i = 0;
|
||||
unsigned int match = 0;
|
||||
/* Did the client send a TLS extension for this type? */
|
||||
for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++)
|
||||
{
|
||||
if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type)
|
||||
{
|
||||
match = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!match)
|
||||
{
|
||||
//extension not sent by client...don't send extension
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Is there serverinfo data for the chosen server cert? */
|
||||
if ((ssl_get_server_cert_serverinfo(s, &serverinfo,
|
||||
&serverinfo_length)) != 0)
|
||||
&serverinfo_length)) != 0)
|
||||
{
|
||||
/* Find the relevant extension from the serverinfo */
|
||||
int retval = serverinfo_find_extension(serverinfo, serverinfo_length,
|
||||
ext_type, out, outlen);
|
||||
ext_type, out, outlen);
|
||||
if (retval == 0)
|
||||
return 0; /* Error */
|
||||
if (retval == -1)
|
||||
|
||||
132
ssl/ssltest.c
132
ssl/ssltest.c
@ -563,8 +563,8 @@ static int verify_serverinfo()
|
||||
*/
|
||||
|
||||
static int custom_ext_0_cli_first_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
{
|
||||
if (ext_type != CUSTOM_EXT_TYPE_0)
|
||||
custom_ext_error = 1;
|
||||
@ -572,17 +572,17 @@ static int custom_ext_0_cli_first_cb(SSL *s, unsigned short ext_type,
|
||||
}
|
||||
|
||||
static int custom_ext_0_cli_second_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
custom_ext_error = 1; /* Shouldn't be called */
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int custom_ext_1_cli_first_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
{
|
||||
if (ext_type != CUSTOM_EXT_TYPE_1)
|
||||
custom_ext_error = 1;
|
||||
@ -592,17 +592,17 @@ static int custom_ext_1_cli_first_cb(SSL *s, unsigned short ext_type,
|
||||
}
|
||||
|
||||
static int custom_ext_1_cli_second_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
custom_ext_error = 1; /* Shouldn't be called */
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int custom_ext_2_cli_first_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
{
|
||||
if (ext_type != CUSTOM_EXT_TYPE_2)
|
||||
custom_ext_error = 1;
|
||||
@ -612,9 +612,9 @@ static int custom_ext_2_cli_first_cb(SSL *s, unsigned short ext_type,
|
||||
}
|
||||
|
||||
static int custom_ext_2_cli_second_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
if (ext_type != CUSTOM_EXT_TYPE_2)
|
||||
custom_ext_error = 1;
|
||||
@ -624,8 +624,8 @@ static int custom_ext_2_cli_second_cb(SSL *s, unsigned short ext_type,
|
||||
}
|
||||
|
||||
static int custom_ext_3_cli_first_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
{
|
||||
if (ext_type != CUSTOM_EXT_TYPE_3)
|
||||
custom_ext_error = 1;
|
||||
@ -635,9 +635,9 @@ static int custom_ext_3_cli_first_cb(SSL *s, unsigned short ext_type,
|
||||
}
|
||||
|
||||
static int custom_ext_3_cli_second_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
if (ext_type != CUSTOM_EXT_TYPE_3)
|
||||
custom_ext_error = 1;
|
||||
@ -650,9 +650,9 @@ static int custom_ext_3_cli_second_cb(SSL *s, unsigned short ext_type,
|
||||
|
||||
//custom_ext_0_cli_first_cb returns -1 - the server won't receive a callback for this extension
|
||||
static int custom_ext_0_srv_first_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
custom_ext_error = 1;
|
||||
return 0; /* Shouldn't be called */
|
||||
@ -660,16 +660,16 @@ static int custom_ext_0_srv_first_cb(SSL *s, unsigned short ext_type,
|
||||
|
||||
//'generate' callbacks are always called, even if the 'receive' callback isn't called
|
||||
static int custom_ext_0_srv_second_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
{
|
||||
return -1; /* Don't send an extension */
|
||||
}
|
||||
|
||||
static int custom_ext_1_srv_first_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
if (ext_type != CUSTOM_EXT_TYPE_1)
|
||||
custom_ext_error = 1;
|
||||
@ -682,16 +682,16 @@ static int custom_ext_1_srv_first_cb(SSL *s, unsigned short ext_type,
|
||||
}
|
||||
|
||||
static int custom_ext_1_srv_second_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
{
|
||||
return -1; /* Don't send an extension */
|
||||
}
|
||||
|
||||
static int custom_ext_2_srv_first_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
if (ext_type != CUSTOM_EXT_TYPE_2)
|
||||
custom_ext_error = 1;
|
||||
@ -704,8 +704,8 @@ static int custom_ext_2_srv_first_cb(SSL *s, unsigned short ext_type,
|
||||
}
|
||||
|
||||
static int custom_ext_2_srv_second_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
{
|
||||
*out = NULL;
|
||||
*outlen = 0;
|
||||
@ -713,9 +713,9 @@ static int custom_ext_2_srv_second_cb(SSL *s, unsigned short ext_type,
|
||||
}
|
||||
|
||||
static int custom_ext_3_srv_first_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
if (ext_type != CUSTOM_EXT_TYPE_3)
|
||||
custom_ext_error = 1;
|
||||
@ -728,8 +728,8 @@ static int custom_ext_3_srv_first_cb(SSL *s, unsigned short ext_type,
|
||||
}
|
||||
|
||||
static int custom_ext_3_srv_second_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
{
|
||||
*out = (const unsigned char*)custom_ext_srv_string;
|
||||
*outlen = strlen(custom_ext_srv_string);
|
||||
@ -737,8 +737,8 @@ static int custom_ext_3_srv_second_cb(SSL *s, unsigned short ext_type,
|
||||
}
|
||||
|
||||
static int supp_data_0_srv_first_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
{
|
||||
*out = (const unsigned char*)supp_data_0_string;
|
||||
*outlen = strlen(supp_data_0_string);
|
||||
@ -748,9 +748,9 @@ static int supp_data_0_srv_first_cb(SSL *s, unsigned short supp_data_type,
|
||||
}
|
||||
|
||||
static int supp_data_0_srv_second_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0)
|
||||
suppdata_error = 1;
|
||||
@ -764,34 +764,34 @@ static int supp_data_0_srv_second_cb(SSL *s, unsigned short supp_data_type,
|
||||
}
|
||||
|
||||
static int supp_data_1_srv_first_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
|
||||
static int supp_data_1_srv_second_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
suppdata_error = 1;
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int supp_data_2_srv_second_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
suppdata_error = 1;
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int supp_data_0_cli_first_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0)
|
||||
suppdata_error = 1;
|
||||
@ -805,8 +805,8 @@ static int supp_data_0_cli_first_cb(SSL *s, unsigned short supp_data_type,
|
||||
}
|
||||
|
||||
static int supp_data_0_cli_second_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
{
|
||||
*out = (const unsigned char*)supp_data_0_string;
|
||||
*outlen = strlen(supp_data_0_string);
|
||||
@ -816,25 +816,25 @@ static int supp_data_0_cli_second_cb(SSL *s, unsigned short supp_data_type,
|
||||
}
|
||||
|
||||
static int supp_data_1_cli_first_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
suppdata_error = 1;
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int supp_data_1_cli_second_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
|
||||
static int supp_data_2_cli_first_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
suppdata_error = 1;
|
||||
return 1;
|
||||
|
||||
60
ssl/t1_lib.c
60
ssl/t1_lib.c
@ -1453,8 +1453,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
|
||||
{
|
||||
int cb_retval = 0;
|
||||
cb_retval = record->fn1(s, record->ext_type,
|
||||
&out, &outlen, al,
|
||||
record->arg);
|
||||
&out, &outlen, al,
|
||||
record->arg);
|
||||
if (cb_retval == 0)
|
||||
return NULL; /* error */
|
||||
if (cb_retval == -1)
|
||||
@ -1513,8 +1513,8 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
|
||||
{
|
||||
int extdatalen=0;
|
||||
unsigned char *ret = p;
|
||||
size_t i;
|
||||
custom_srv_ext_record *record;
|
||||
size_t i;
|
||||
custom_srv_ext_record *record;
|
||||
#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
int next_proto_neg_seen;
|
||||
#endif
|
||||
@ -1698,29 +1698,29 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
|
||||
}
|
||||
#endif
|
||||
|
||||
for (i = 0; i < s->ctx->custom_srv_ext_records_count; i++)
|
||||
for (i = 0; i < s->ctx->custom_srv_ext_records_count; i++)
|
||||
{
|
||||
record = &s->ctx->custom_srv_ext_records[i];
|
||||
const unsigned char *out = NULL;
|
||||
unsigned short outlen = 0;
|
||||
int cb_retval = 0;
|
||||
record = &s->ctx->custom_srv_ext_records[i];
|
||||
const unsigned char *out = NULL;
|
||||
unsigned short outlen = 0;
|
||||
int cb_retval = 0;
|
||||
|
||||
/* NULL callback or -1 omits extension */
|
||||
if (!record->fn2)
|
||||
break;
|
||||
cb_retval = record->fn2(s, record->ext_type,
|
||||
&out, &outlen, al,
|
||||
record->arg);
|
||||
if (cb_retval == 0)
|
||||
return NULL; /* error */
|
||||
if (cb_retval == -1)
|
||||
break; /* skip this extension */
|
||||
if (limit < ret + 4 + outlen)
|
||||
return NULL;
|
||||
s2n(record->ext_type, ret);
|
||||
s2n(outlen, ret);
|
||||
memcpy(ret, out, outlen);
|
||||
ret += outlen;
|
||||
/* NULL callback or -1 omits extension */
|
||||
if (!record->fn2)
|
||||
break;
|
||||
cb_retval = record->fn2(s, record->ext_type,
|
||||
&out, &outlen, al,
|
||||
record->arg);
|
||||
if (cb_retval == 0)
|
||||
return NULL; /* error */
|
||||
if (cb_retval == -1)
|
||||
break; /* skip this extension */
|
||||
if (limit < ret + 4 + outlen)
|
||||
return NULL;
|
||||
s2n(record->ext_type, ret);
|
||||
s2n(outlen, ret);
|
||||
memcpy(ret, out, outlen);
|
||||
ret += outlen;
|
||||
}
|
||||
#ifdef TLSEXT_TYPE_encrypt_then_mac
|
||||
if (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC)
|
||||
@ -1935,12 +1935,12 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
|
||||
}
|
||||
|
||||
/* Clear observed custom extensions */
|
||||
s->s3->serverinfo_client_tlsext_custom_types_count = 0;
|
||||
if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
|
||||
s->s3->serverinfo_client_tlsext_custom_types_count = 0;
|
||||
if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
|
||||
{
|
||||
OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
|
||||
s->s3->serverinfo_client_tlsext_custom_types = NULL;
|
||||
}
|
||||
OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
|
||||
s->s3->serverinfo_client_tlsext_custom_types = NULL;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_HEARTBEATS
|
||||
s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user