generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Re-add alert variables removed during rebase

Browse Source 
Whitespace fixes
This commit is contained in:
Scott Deboy 2014-02-04 13:08:43 -08:00 committed by Ben Laurie
parent 519531e97e
commit e9add063b5
10 changed files with 249 additions and 244 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
apps/s_client.c
View File

@ -236,22 +236,22 @@ static int server_provided_client_authz = 0;
static const unsigned char auth_ext_data[]={TLSEXT_AUTHZDATAFORMAT_dtcp}; static const unsigned char auth_ext_data[]={TLSEXT_AUTHZDATAFORMAT_dtcp};
static int suppdata_cb(SSL *s, unsigned short supp_data_type, static int suppdata_cb(SSL *s, unsigned short supp_data_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg); void *arg);
static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg); unsigned short *outlen, int *al, void *arg);
static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, unsigned short *outlen, const unsigned char **out, unsigned short *outlen,
int *al, void *arg); int *al, void *arg);
static int authz_tlsext_cb(SSL *s, unsigned short ext_type, static int authz_tlsext_cb(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg); void *arg);
#endif #endif
#ifndef OPENSSL_NO_PSK #ifndef OPENSSL_NO_PSK
@ -2439,9 +2439,9 @@ static int ocsp_resp_cb(SSL *s, void *arg)
} }
static int authz_tlsext_cb(SSL *s, unsigned short ext_type, static int authz_tlsext_cb(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
if (TLSEXT_TYPE_server_authz == ext_type) if (TLSEXT_TYPE_server_authz == ext_type)
server_provided_server_authz server_provided_server_authz
@ -2455,8 +2455,8 @@ static int authz_tlsext_cb(SSL *s, unsigned short ext_type,
} }
static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, unsigned short *outlen, const unsigned char **out, unsigned short *outlen,
int *al, void *arg) int *al, void *arg)
{ {
if (c_auth) if (c_auth)
{ {
@ -2474,9 +2474,9 @@ static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
} }
static int suppdata_cb(SSL *s, unsigned short supp_data_type, static int suppdata_cb(SSL *s, unsigned short supp_data_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
if (supp_data_type == TLSEXT_SUPPLEMENTALDATATYPE_authz_data) if (supp_data_type == TLSEXT_SUPPLEMENTALDATATYPE_authz_data)
{ {
@ -2487,8 +2487,8 @@ static int suppdata_cb(SSL *s, unsigned short supp_data_type,
} }
static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg) unsigned short *outlen, int *al, void *arg)
{ {
if (c_auth && server_provided_client_authz && server_provided_server_authz) if (c_auth && server_provided_client_authz && server_provided_server_authz)
{ {

40
apps/s_server.c
View File

@ -331,22 +331,22 @@ static int cert_chain = 0;
#ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_TLSEXT
static int suppdata_cb(SSL *s, unsigned short supp_data_type, static int suppdata_cb(SSL *s, unsigned short supp_data_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg); void *arg);
static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg); unsigned short *outlen, int *al, void *arg);
static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, unsigned short *outlen, const unsigned char **out, unsigned short *outlen,
int *al, void *arg); int *al, void *arg);
static int authz_tlsext_cb(SSL *s, unsigned short ext_type, static int authz_tlsext_cb(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg); void *arg);
static BIO *serverinfo_in = NULL; static BIO *serverinfo_in = NULL;
static const char *s_serverinfo_file = NULL; static const char *s_serverinfo_file = NULL;
@ -3585,9 +3585,9 @@ static void free_sessions(void)
#ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_TLSEXT
static int authz_tlsext_cb(SSL *s, unsigned short ext_type, static int authz_tlsext_cb(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
if (TLSEXT_TYPE_server_authz == ext_type) if (TLSEXT_TYPE_server_authz == ext_type)
client_provided_server_authz client_provided_server_authz
@ -3601,8 +3601,8 @@ static int authz_tlsext_cb(SSL *s, unsigned short ext_type,
} }
static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, unsigned short *outlen, const unsigned char **out, unsigned short *outlen,
int *al, void *arg) int *al, void *arg)
{ {
if (c_auth && client_provided_client_authz && client_provided_server_authz) if (c_auth && client_provided_client_authz && client_provided_server_authz)
{ {
@ -3621,9 +3621,9 @@ static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
} }
static int suppdata_cb(SSL *s, unsigned short supp_data_type, static int suppdata_cb(SSL *s, unsigned short supp_data_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
if (supp_data_type == TLSEXT_SUPPLEMENTALDATATYPE_authz_data) if (supp_data_type == TLSEXT_SUPPLEMENTALDATATYPE_authz_data)
{ {
@ -3634,8 +3634,8 @@ static int suppdata_cb(SSL *s, unsigned short supp_data_type,
} }
static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg) unsigned short *outlen, int *al, void *arg)
{ {
if (c_auth && client_provided_client_authz && client_provided_server_authz) if (c_auth && client_provided_client_authz && client_provided_server_authz)
{ {

5
ssl/s23_clnt.c
View File

@ -299,6 +299,7 @@ static int ssl23_client_hello(SSL *s)
unsigned long l; unsigned long l;
int ssl2_compat; int ssl2_compat;
int version = 0, version_major, version_minor; int version = 0, version_major, version_minor;
int al = 0;
#ifndef OPENSSL_NO_COMP #ifndef OPENSSL_NO_COMP
int j; int j;
SSL_COMP *comp; SSL_COMP *comp;
@ -553,9 +554,9 @@ static int ssl23_client_hello(SSL *s)
SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
return -1; return -1;
} }
if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL) if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL)
{ {
ssl3_send_alert(s,SSL3_AL_FATAL,al); ssl3_send_alert(s,SSL3_AL_FATAL,al);
SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
return -1; return -1;
} }

53
ssl/s3_clnt.c
View File

@ -689,6 +689,7 @@ int ssl3_client_hello(SSL *s)
unsigned char *p,*d; unsigned char *p,*d;
int i; int i;
unsigned long l; unsigned long l;
int al = 0;
#ifndef OPENSSL_NO_COMP #ifndef OPENSSL_NO_COMP
int j; int j;
SSL_COMP *comp; SSL_COMP *comp;
@ -891,9 +892,9 @@ int ssl3_client_hello(SSL *s)
SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
goto err; goto err;
} }
if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL) if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL)
{ {
ssl3_send_alert(s,SSL3_AL_FATAL,al); ssl3_send_alert(s,SSL3_AL_FATAL,al);
SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
goto err; goto err;
} }
@ -3623,7 +3624,7 @@ int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
#ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_TLSEXT
int tls1_send_client_supplemental_data(SSL *s, int *skip) int tls1_send_client_supplemental_data(SSL *s, int *skip)
{ {
int al = 0; int al = 0;
if (s->ctx->cli_supp_data_records_count) if (s->ctx->cli_supp_data_records_count)
{ {
unsigned char *p = NULL; unsigned char *p = NULL;
@ -3643,20 +3644,20 @@ int tls1_send_client_supplemental_data(SSL *s, int *skip)
if (!record->fn2) if (!record->fn2)
continue; continue;
cb_retval = record->fn2(s, record->supp_data_type, cb_retval = record->fn2(s, record->supp_data_type,
&out, &outlen, &al, &out, &outlen, &al,
record->arg); record->arg);
if (cb_retval == -1) if (cb_retval == -1)
continue; /* skip this supp data entry */ continue; /* skip this supp data entry */
if (cb_retval == 0) if (cb_retval == 0)
{ {
SSLerr(SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB); SSLerr(SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB);
goto f_err; goto f_err;
} }
if (outlen == 0 || TLSEXT_MAXLEN_supplemental_data < outlen + 4 + length) if (outlen == 0 || TLSEXT_MAXLEN_supplemental_data < outlen + 4 + length)
{ {
SSLerr(SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB); SSLerr(SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB);
return 0; return 0;
} }
/* if first entry, write handshake message type */ /* if first entry, write handshake message type */
if (length == 0) if (length == 0)
{ {
@ -3668,11 +3669,11 @@ int tls1_send_client_supplemental_data(SSL *s, int *skip)
p = (unsigned char *)s->init_buf->data; p = (unsigned char *)s->init_buf->data;
*(p++) = SSL3_MT_SUPPLEMENTAL_DATA; *(p++) = SSL3_MT_SUPPLEMENTAL_DATA;
/* update message length when all /* update message length when all
* callbacks complete */ * callbacks complete */
size_loc = p; size_loc = p;
/* skip over handshake length field (3 /* skip over handshake length field (3
* bytes) and supp_data length field * bytes) and supp_data length field
* (3 bytes) */ * (3 bytes) */
p += 3 + 3; p += 3 + 3;
length += 1 +3 +3; length += 1 +3 +3;
} }
@ -3706,10 +3707,10 @@ int tls1_send_client_supplemental_data(SSL *s, int *skip)
s->init_off = 0; s->init_off = 0;
return 1; return 1;
f_err: f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al); ssl3_send_alert(s,SSL3_AL_FATAL,al);
return 0; return 0;
} }
int tls1_get_server_supplemental_data(SSL *s) int tls1_get_server_supplemental_data(SSL *s)
{ {
@ -3724,12 +3725,12 @@ int tls1_get_server_supplemental_data(SSL *s)
int cb_retval = 0; int cb_retval = 0;
n=s->method->ssl_get_message(s, n=s->method->ssl_get_message(s,
SSL3_ST_CR_SUPPLEMENTAL_DATA_A, SSL3_ST_CR_SUPPLEMENTAL_DATA_A,
SSL3_ST_CR_SUPPLEMENTAL_DATA_B, SSL3_ST_CR_SUPPLEMENTAL_DATA_B,
SSL3_MT_SUPPLEMENTAL_DATA, SSL3_MT_SUPPLEMENTAL_DATA,
/* use default limit */ /* use default limit */
TLSEXT_MAXLEN_supplemental_data, TLSEXT_MAXLEN_supplemental_data,
&ok); &ok);
if (!ok) return((int)n); if (!ok) return((int)n);
@ -3750,9 +3751,11 @@ int tls1_get_server_supplemental_data(SSL *s)
/* if there is a callback for this supp data type, send it */ /* if there is a callback for this supp data type, send it */
for (i=0; i < s->ctx->cli_supp_data_records_count; i++) for (i=0; i < s->ctx->cli_supp_data_records_count; i++)
{ {
if (s->ctx->cli_supp_data_records[i].supp_data_type == supp_data_entry_type && s->ctx->cli_supp_data_records[i].fn1) if (s->ctx->cli_supp_data_records[i].supp_data_type == supp_data_entry_type &&
s->ctx->cli_supp_data_records[i].fn1)
{ {
cb_retval = s->ctx->cli_supp_data_records[i].fn1(s, supp_data_entry_type, p, supp_data_entry_len, &al, s->ctx->cli_supp_data_records[i].arg); cb_retval = s->ctx->cli_supp_data_records[i].fn1(s, supp_data_entry_type, p,
supp_data_entry_len, &al, s->ctx->cli_supp_data_records[i].arg);
if (cb_retval == 0) if (cb_retval == 0)
{ {
SSLerr(SSL_F_TLS1_GET_SERVER_SUPPLEMENTAL_DATA, ERR_R_SSL_LIB); SSLerr(SSL_F_TLS1_GET_SERVER_SUPPLEMENTAL_DATA, ERR_R_SSL_LIB);
@ -3763,8 +3766,8 @@ int tls1_get_server_supplemental_data(SSL *s)
p += supp_data_entry_len; p += supp_data_entry_len;
} }
return 1; return 1;
f_err: f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al); ssl3_send_alert(s,SSL3_AL_FATAL,al);
return -1; return -1;
} }
#endif #endif

12
ssl/s3_lib.c
View File

@ -3029,8 +3029,8 @@ void ssl3_free(SSL *s)
SSL_SRP_CTX_free(s); SSL_SRP_CTX_free(s);
#endif #endif
#ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_TLSEXT
if (s->s3->serverinfo_client_tlsext_custom_types != NULL) if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
#endif #endif
OPENSSL_cleanse(s->s3,sizeof *s->s3); OPENSSL_cleanse(s->s3,sizeof *s->s3);
OPENSSL_free(s->s3); OPENSSL_free(s->s3);
@ -3076,12 +3076,12 @@ void ssl3_clear(SSL *s)
} }
#endif #endif
#ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_TLSEXT
if (s->s3->serverinfo_client_tlsext_custom_types != NULL) if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
{ {
OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
s->s3->serverinfo_client_tlsext_custom_types = NULL; s->s3->serverinfo_client_tlsext_custom_types = NULL;
} }
s->s3->serverinfo_client_tlsext_custom_types_count = 0; s->s3->serverinfo_client_tlsext_custom_types_count = 0;
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
s->s3->is_probably_safari = 0; s->s3->is_probably_safari = 0;
#endif /* !OPENSSL_NO_EC */ #endif /* !OPENSSL_NO_EC */

29
ssl/s3_srvr.c
View File

@ -1504,7 +1504,8 @@ int ssl3_send_server_hello(SSL *s)
{ {
unsigned char *buf; unsigned char *buf;
unsigned char *p,*d; unsigned char *p,*d;
int i,sl,al; int i,sl;
int al = 0;
unsigned long l; unsigned long l;
if (s->state == SSL3_ST_SW_SRVR_HELLO_A) if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
@ -1574,9 +1575,9 @@ int ssl3_send_server_hello(SSL *s)
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT); SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
return -1; return -1;
} }
if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL) if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL)
{ {
ssl3_send_alert(s, SSL3_AL_FATAL, al); ssl3_send_alert(s, SSL3_AL_FATAL, al);
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
return -1; return -1;
} }
@ -3704,7 +3705,7 @@ int ssl3_get_next_proto(SSL *s)
int tls1_send_server_supplemental_data(SSL *s, int *skip) int tls1_send_server_supplemental_data(SSL *s, int *skip)
{ {
int al = 0; int al = 0;
if (s->ctx->srv_supp_data_records_count) if (s->ctx->srv_supp_data_records_count)
{ {
unsigned char *p = NULL; unsigned char *p = NULL;
@ -3724,14 +3725,14 @@ int tls1_send_server_supplemental_data(SSL *s, int *skip)
if (!record->fn1) if (!record->fn1)
continue; continue;
cb_retval = record->fn1(s, record->supp_data_type, cb_retval = record->fn1(s, record->supp_data_type,
&out, &outlen, &al, &out, &outlen, &al,
record->arg); record->arg);
if (cb_retval == -1) if (cb_retval == -1)
continue; /* skip this supp data entry */ continue; /* skip this supp data entry */
if (cb_retval == 0) if (cb_retval == 0)
{ {
SSLerr(SSL_F_TLS1_SEND_SERVER_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB); SSLerr(SSL_F_TLS1_SEND_SERVER_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB);
goto f_err; goto f_err;
} }
if (outlen == 0 || TLSEXT_MAXLEN_supplemental_data < outlen + 4 + length) if (outlen == 0 || TLSEXT_MAXLEN_supplemental_data < outlen + 4 + length)
{ {
@ -3794,8 +3795,8 @@ int tls1_send_server_supplemental_data(SSL *s, int *skip)
s->init_off = 0; s->init_off = 0;
return 1; return 1;
f_err: f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al); ssl3_send_alert(s,SSL3_AL_FATAL,al);
return 0; return 0;
} }
int tls1_get_client_supplemental_data(SSL *s) int tls1_get_client_supplemental_data(SSL *s)
@ -3811,12 +3812,12 @@ int tls1_get_client_supplemental_data(SSL *s)
size_t i = 0; size_t i = 0;
n=s->method->ssl_get_message(s, n=s->method->ssl_get_message(s,
SSL3_ST_SR_SUPPLEMENTAL_DATA_A, SSL3_ST_SR_SUPPLEMENTAL_DATA_A,
SSL3_ST_SR_SUPPLEMENTAL_DATA_B, SSL3_ST_SR_SUPPLEMENTAL_DATA_B,
SSL3_MT_SUPPLEMENTAL_DATA, SSL3_MT_SUPPLEMENTAL_DATA,
/* use default limit */ /* use default limit */
TLSEXT_MAXLEN_supplemental_data, TLSEXT_MAXLEN_supplemental_data,
&ok); &ok);
if (!ok) return((int)n); if (!ok) return((int)n);

32
ssl/ssl.h
View File

@ -410,19 +410,19 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, S
*/ */
typedef int (*custom_cli_ext_first_cb_fn)(SSL *s, unsigned short ext_type, typedef int (*custom_cli_ext_first_cb_fn)(SSL *s, unsigned short ext_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg); unsigned short *outlen, int *al, void *arg);
typedef int (*custom_cli_ext_second_cb_fn)(SSL *s, unsigned short ext_type, typedef int (*custom_cli_ext_second_cb_fn)(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg); void *arg);
typedef int (*custom_srv_ext_first_cb_fn)(SSL *s, unsigned short ext_type, typedef int (*custom_srv_ext_first_cb_fn)(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg); void *arg);
typedef int (*custom_srv_ext_second_cb_fn)(SSL *s, unsigned short ext_type, typedef int (*custom_srv_ext_second_cb_fn)(SSL *s, unsigned short ext_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg); unsigned short *outlen, int *al, void *arg);
typedef struct { typedef struct {
unsigned short ext_type; unsigned short ext_type;
@ -460,20 +460,20 @@ typedef struct {
* fatal TLS alert, if the callback returns zero. * fatal TLS alert, if the callback returns zero.
*/ */
typedef int (*srv_supp_data_first_cb_fn)(SSL *s, unsigned short supp_data_type, typedef int (*srv_supp_data_first_cb_fn)(SSL *s, unsigned short supp_data_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg); unsigned short *outlen, int *al, void *arg);
typedef int (*srv_supp_data_second_cb_fn)(SSL *s, unsigned short supp_data_type, typedef int (*srv_supp_data_second_cb_fn)(SSL *s, unsigned short supp_data_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg); void *arg);
typedef int (*cli_supp_data_first_cb_fn)(SSL *s, unsigned short supp_data_type, typedef int (*cli_supp_data_first_cb_fn)(SSL *s, unsigned short supp_data_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg); void *arg);
typedef int (*cli_supp_data_second_cb_fn)(SSL *s, unsigned short supp_data_type, typedef int (*cli_supp_data_second_cb_fn)(SSL *s, unsigned short supp_data_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg); unsigned short *outlen, int *al, void *arg);
typedef struct { typedef struct {
unsigned short supp_data_type; unsigned short supp_data_type;

90
ssl/ssl_rsa.c
View File

@ -844,71 +844,71 @@ static int serverinfo_find_extension(const unsigned char *serverinfo,
} }
static int serverinfo_srv_first_cb(SSL *s, unsigned short ext_type, static int serverinfo_srv_first_cb(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
size_t i = 0; size_t i = 0;
if (inlen != 0) if (inlen != 0)
{ {
*al = SSL_AD_DECODE_ERROR; *al = SSL_AD_DECODE_ERROR;
return 0; return 0;
} }
//if already in list, error out //if already in list, error out
for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++) for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++)
{ {
if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type) if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type)
{ {
*al = SSL_AD_DECODE_ERROR; *al = SSL_AD_DECODE_ERROR;
return 0; return 0;
} }
} }
s->s3->serverinfo_client_tlsext_custom_types_count++; s->s3->serverinfo_client_tlsext_custom_types_count++;
s->s3->serverinfo_client_tlsext_custom_types = OPENSSL_realloc( s->s3->serverinfo_client_tlsext_custom_types = OPENSSL_realloc(
s->s3->serverinfo_client_tlsext_custom_types, s->s3->serverinfo_client_tlsext_custom_types,
s->s3->serverinfo_client_tlsext_custom_types_count * 2); s->s3->serverinfo_client_tlsext_custom_types_count * 2);
if (s->s3->serverinfo_client_tlsext_custom_types == NULL) if (s->s3->serverinfo_client_tlsext_custom_types == NULL)
{ {
s->s3->serverinfo_client_tlsext_custom_types_count = 0; s->s3->serverinfo_client_tlsext_custom_types_count = 0;
*al = TLS1_AD_INTERNAL_ERROR; *al = TLS1_AD_INTERNAL_ERROR;
return 0; return 0;
} }
s->s3->serverinfo_client_tlsext_custom_types[ s->s3->serverinfo_client_tlsext_custom_types[
s->s3->serverinfo_client_tlsext_custom_types_count - 1] = ext_type; s->s3->serverinfo_client_tlsext_custom_types_count - 1] = ext_type;
return 1; return 1;
} }
static int serverinfo_srv_second_cb(SSL *s, unsigned short ext_type, static int serverinfo_srv_second_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, unsigned short *outlen, const unsigned char **out, unsigned short *outlen,
int *al, void *arg) int *al, void *arg)
{ {
const unsigned char *serverinfo = NULL; const unsigned char *serverinfo = NULL;
size_t serverinfo_length = 0; size_t serverinfo_length = 0;
size_t i = 0; size_t i = 0;
unsigned int match = 0; unsigned int match = 0;
/* Did the client send a TLS extension for this type? */ /* Did the client send a TLS extension for this type? */
for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++) for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++)
{ {
if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type) if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type)
{ {
match = 1; match = 1;
break; break;
} }
} }
if (!match) if (!match)
{ {
//extension not sent by client...don't send extension //extension not sent by client...don't send extension
return -1; return -1;
} }
/* Is there serverinfo data for the chosen server cert? */ /* Is there serverinfo data for the chosen server cert? */
if ((ssl_get_server_cert_serverinfo(s, &serverinfo, if ((ssl_get_server_cert_serverinfo(s, &serverinfo,
&serverinfo_length)) != 0) &serverinfo_length)) != 0)
{ {
/* Find the relevant extension from the serverinfo */ /* Find the relevant extension from the serverinfo */
int retval = serverinfo_find_extension(serverinfo, serverinfo_length, int retval = serverinfo_find_extension(serverinfo, serverinfo_length,
ext_type, out, outlen); ext_type, out, outlen);
if (retval == 0) if (retval == 0)
return 0; /* Error */ return 0; /* Error */
if (retval == -1) if (retval == -1)

132
ssl/ssltest.c
View File

@ -563,8 +563,8 @@ static int verify_serverinfo()
*/ */
static int custom_ext_0_cli_first_cb(SSL *s, unsigned short ext_type, static int custom_ext_0_cli_first_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg) unsigned short *outlen, int *al, void *arg)
{ {
if (ext_type != CUSTOM_EXT_TYPE_0) if (ext_type != CUSTOM_EXT_TYPE_0)
custom_ext_error = 1; custom_ext_error = 1;
@ -572,17 +572,17 @@ static int custom_ext_0_cli_first_cb(SSL *s, unsigned short ext_type,
} }
static int custom_ext_0_cli_second_cb(SSL *s, unsigned short ext_type, static int custom_ext_0_cli_second_cb(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
custom_ext_error = 1; /* Shouldn't be called */ custom_ext_error = 1; /* Shouldn't be called */
return 0; return 0;
} }
static int custom_ext_1_cli_first_cb(SSL *s, unsigned short ext_type, static int custom_ext_1_cli_first_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg) unsigned short *outlen, int *al, void *arg)
{ {
if (ext_type != CUSTOM_EXT_TYPE_1) if (ext_type != CUSTOM_EXT_TYPE_1)
custom_ext_error = 1; custom_ext_error = 1;
@ -592,17 +592,17 @@ static int custom_ext_1_cli_first_cb(SSL *s, unsigned short ext_type,
} }
static int custom_ext_1_cli_second_cb(SSL *s, unsigned short ext_type, static int custom_ext_1_cli_second_cb(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
custom_ext_error = 1; /* Shouldn't be called */ custom_ext_error = 1; /* Shouldn't be called */
return 0; return 0;
} }
static int custom_ext_2_cli_first_cb(SSL *s, unsigned short ext_type, static int custom_ext_2_cli_first_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg) unsigned short *outlen, int *al, void *arg)
{ {
if (ext_type != CUSTOM_EXT_TYPE_2) if (ext_type != CUSTOM_EXT_TYPE_2)
custom_ext_error = 1; custom_ext_error = 1;
@ -612,9 +612,9 @@ static int custom_ext_2_cli_first_cb(SSL *s, unsigned short ext_type,
} }
static int custom_ext_2_cli_second_cb(SSL *s, unsigned short ext_type, static int custom_ext_2_cli_second_cb(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
if (ext_type != CUSTOM_EXT_TYPE_2) if (ext_type != CUSTOM_EXT_TYPE_2)
custom_ext_error = 1; custom_ext_error = 1;
@ -624,8 +624,8 @@ static int custom_ext_2_cli_second_cb(SSL *s, unsigned short ext_type,
} }
static int custom_ext_3_cli_first_cb(SSL *s, unsigned short ext_type, static int custom_ext_3_cli_first_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg) unsigned short *outlen, int *al, void *arg)
{ {
if (ext_type != CUSTOM_EXT_TYPE_3) if (ext_type != CUSTOM_EXT_TYPE_3)
custom_ext_error = 1; custom_ext_error = 1;
@ -635,9 +635,9 @@ static int custom_ext_3_cli_first_cb(SSL *s, unsigned short ext_type,
} }
static int custom_ext_3_cli_second_cb(SSL *s, unsigned short ext_type, static int custom_ext_3_cli_second_cb(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
if (ext_type != CUSTOM_EXT_TYPE_3) if (ext_type != CUSTOM_EXT_TYPE_3)
custom_ext_error = 1; custom_ext_error = 1;
@ -650,9 +650,9 @@ static int custom_ext_3_cli_second_cb(SSL *s, unsigned short ext_type,
//custom_ext_0_cli_first_cb returns -1 - the server won't receive a callback for this extension //custom_ext_0_cli_first_cb returns -1 - the server won't receive a callback for this extension
static int custom_ext_0_srv_first_cb(SSL *s, unsigned short ext_type, static int custom_ext_0_srv_first_cb(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
custom_ext_error = 1; custom_ext_error = 1;
return 0; /* Shouldn't be called */ return 0; /* Shouldn't be called */
@ -660,16 +660,16 @@ static int custom_ext_0_srv_first_cb(SSL *s, unsigned short ext_type,
//'generate' callbacks are always called, even if the 'receive' callback isn't called //'generate' callbacks are always called, even if the 'receive' callback isn't called
static int custom_ext_0_srv_second_cb(SSL *s, unsigned short ext_type, static int custom_ext_0_srv_second_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg) unsigned short *outlen, int *al, void *arg)
{ {
return -1; /* Don't send an extension */ return -1; /* Don't send an extension */
} }
static int custom_ext_1_srv_first_cb(SSL *s, unsigned short ext_type, static int custom_ext_1_srv_first_cb(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
if (ext_type != CUSTOM_EXT_TYPE_1) if (ext_type != CUSTOM_EXT_TYPE_1)
custom_ext_error = 1; custom_ext_error = 1;
@ -682,16 +682,16 @@ static int custom_ext_1_srv_first_cb(SSL *s, unsigned short ext_type,
} }
static int custom_ext_1_srv_second_cb(SSL *s, unsigned short ext_type, static int custom_ext_1_srv_second_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg) unsigned short *outlen, int *al, void *arg)
{ {
return -1; /* Don't send an extension */ return -1; /* Don't send an extension */
} }
static int custom_ext_2_srv_first_cb(SSL *s, unsigned short ext_type, static int custom_ext_2_srv_first_cb(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
if (ext_type != CUSTOM_EXT_TYPE_2) if (ext_type != CUSTOM_EXT_TYPE_2)
custom_ext_error = 1; custom_ext_error = 1;
@ -704,8 +704,8 @@ static int custom_ext_2_srv_first_cb(SSL *s, unsigned short ext_type,
} }
static int custom_ext_2_srv_second_cb(SSL *s, unsigned short ext_type, static int custom_ext_2_srv_second_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg) unsigned short *outlen, int *al, void *arg)
{ {
*out = NULL; *out = NULL;
*outlen = 0; *outlen = 0;
@ -713,9 +713,9 @@ static int custom_ext_2_srv_second_cb(SSL *s, unsigned short ext_type,
} }
static int custom_ext_3_srv_first_cb(SSL *s, unsigned short ext_type, static int custom_ext_3_srv_first_cb(SSL *s, unsigned short ext_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
if (ext_type != CUSTOM_EXT_TYPE_3) if (ext_type != CUSTOM_EXT_TYPE_3)
custom_ext_error = 1; custom_ext_error = 1;
@ -728,8 +728,8 @@ static int custom_ext_3_srv_first_cb(SSL *s, unsigned short ext_type,
} }
static int custom_ext_3_srv_second_cb(SSL *s, unsigned short ext_type, static int custom_ext_3_srv_second_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg) unsigned short *outlen, int *al, void *arg)
{ {
*out = (const unsigned char*)custom_ext_srv_string; *out = (const unsigned char*)custom_ext_srv_string;
*outlen = strlen(custom_ext_srv_string); *outlen = strlen(custom_ext_srv_string);
@ -737,8 +737,8 @@ static int custom_ext_3_srv_second_cb(SSL *s, unsigned short ext_type,
} }
static int supp_data_0_srv_first_cb(SSL *s, unsigned short supp_data_type, static int supp_data_0_srv_first_cb(SSL *s, unsigned short supp_data_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg) unsigned short *outlen, int *al, void *arg)
{ {
*out = (const unsigned char*)supp_data_0_string; *out = (const unsigned char*)supp_data_0_string;
*outlen = strlen(supp_data_0_string); *outlen = strlen(supp_data_0_string);
@ -748,9 +748,9 @@ static int supp_data_0_srv_first_cb(SSL *s, unsigned short supp_data_type,
} }
static int supp_data_0_srv_second_cb(SSL *s, unsigned short supp_data_type, static int supp_data_0_srv_second_cb(SSL *s, unsigned short supp_data_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0) if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0)
suppdata_error = 1; suppdata_error = 1;
@ -764,34 +764,34 @@ static int supp_data_0_srv_second_cb(SSL *s, unsigned short supp_data_type,
} }
static int supp_data_1_srv_first_cb(SSL *s, unsigned short supp_data_type, static int supp_data_1_srv_first_cb(SSL *s, unsigned short supp_data_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg) unsigned short *outlen, int *al, void *arg)
{ {
return -1; return -1;
} }
static int supp_data_1_srv_second_cb(SSL *s, unsigned short supp_data_type, static int supp_data_1_srv_second_cb(SSL *s, unsigned short supp_data_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
suppdata_error = 1; suppdata_error = 1;
return 1; return 1;
} }
static int supp_data_2_srv_second_cb(SSL *s, unsigned short supp_data_type, static int supp_data_2_srv_second_cb(SSL *s, unsigned short supp_data_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
suppdata_error = 1; suppdata_error = 1;
return 1; return 1;
} }
static int supp_data_0_cli_first_cb(SSL *s, unsigned short supp_data_type, static int supp_data_0_cli_first_cb(SSL *s, unsigned short supp_data_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0) if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0)
suppdata_error = 1; suppdata_error = 1;
@ -805,8 +805,8 @@ static int supp_data_0_cli_first_cb(SSL *s, unsigned short supp_data_type,
} }
static int supp_data_0_cli_second_cb(SSL *s, unsigned short supp_data_type, static int supp_data_0_cli_second_cb(SSL *s, unsigned short supp_data_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg) unsigned short *outlen, int *al, void *arg)
{ {
*out = (const unsigned char*)supp_data_0_string; *out = (const unsigned char*)supp_data_0_string;
*outlen = strlen(supp_data_0_string); *outlen = strlen(supp_data_0_string);
@ -816,25 +816,25 @@ static int supp_data_0_cli_second_cb(SSL *s, unsigned short supp_data_type,
} }
static int supp_data_1_cli_first_cb(SSL *s, unsigned short supp_data_type, static int supp_data_1_cli_first_cb(SSL *s, unsigned short supp_data_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
suppdata_error = 1; suppdata_error = 1;
return 1; return 1;
} }
static int supp_data_1_cli_second_cb(SSL *s, unsigned short supp_data_type, static int supp_data_1_cli_second_cb(SSL *s, unsigned short supp_data_type,
const unsigned char **out, const unsigned char **out,
unsigned short *outlen, int *al, void *arg) unsigned short *outlen, int *al, void *arg)
{ {
return -1; return -1;
} }
static int supp_data_2_cli_first_cb(SSL *s, unsigned short supp_data_type, static int supp_data_2_cli_first_cb(SSL *s, unsigned short supp_data_type,
const unsigned char *in, const unsigned char *in,
unsigned short inlen, int *al, unsigned short inlen, int *al,
void *arg) void *arg)
{ {
suppdata_error = 1; suppdata_error = 1;
return 1; return 1;

60
ssl/t1_lib.c
View File

@ -1453,8 +1453,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
{ {
int cb_retval = 0; int cb_retval = 0;
cb_retval = record->fn1(s, record->ext_type, cb_retval = record->fn1(s, record->ext_type,
&out, &outlen, al, &out, &outlen, al,
record->arg); record->arg);
if (cb_retval == 0) if (cb_retval == 0)
return NULL; /* error */ return NULL; /* error */
if (cb_retval == -1) if (cb_retval == -1)
@ -1513,8 +1513,8 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
{ {
int extdatalen=0; int extdatalen=0;
unsigned char *ret = p; unsigned char *ret = p;
size_t i; size_t i;
custom_srv_ext_record *record; custom_srv_ext_record *record;
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
int next_proto_neg_seen; int next_proto_neg_seen;
#endif #endif
@ -1698,29 +1698,29 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
} }
#endif #endif
for (i = 0; i < s->ctx->custom_srv_ext_records_count; i++) for (i = 0; i < s->ctx->custom_srv_ext_records_count; i++)
{ {
record = &s->ctx->custom_srv_ext_records[i]; record = &s->ctx->custom_srv_ext_records[i];
const unsigned char *out = NULL; const unsigned char *out = NULL;
unsigned short outlen = 0; unsigned short outlen = 0;
int cb_retval = 0; int cb_retval = 0;
/* NULL callback or -1 omits extension */ /* NULL callback or -1 omits extension */
if (!record->fn2) if (!record->fn2)
break; break;
cb_retval = record->fn2(s, record->ext_type, cb_retval = record->fn2(s, record->ext_type,
&out, &outlen, al, &out, &outlen, al,
record->arg); record->arg);
if (cb_retval == 0) if (cb_retval == 0)
return NULL; /* error */ return NULL; /* error */
if (cb_retval == -1) if (cb_retval == -1)
break; /* skip this extension */ break; /* skip this extension */
if (limit < ret + 4 + outlen) if (limit < ret + 4 + outlen)
return NULL; return NULL;
s2n(record->ext_type, ret); s2n(record->ext_type, ret);
s2n(outlen, ret); s2n(outlen, ret);
memcpy(ret, out, outlen); memcpy(ret, out, outlen);
ret += outlen; ret += outlen;
} }
#ifdef TLSEXT_TYPE_encrypt_then_mac #ifdef TLSEXT_TYPE_encrypt_then_mac
if (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC) if (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC)
@ -1935,12 +1935,12 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
} }
/* Clear observed custom extensions */ /* Clear observed custom extensions */
s->s3->serverinfo_client_tlsext_custom_types_count = 0; s->s3->serverinfo_client_tlsext_custom_types_count = 0;
if (s->s3->serverinfo_client_tlsext_custom_types != NULL) if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
{ {
OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
s->s3->serverinfo_client_tlsext_custom_types = NULL; s->s3->serverinfo_client_tlsext_custom_types = NULL;
} }
#ifndef OPENSSL_NO_HEARTBEATS #ifndef OPENSSL_NO_HEARTBEATS
s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED | s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |