Update custom TLS extension and supplemental data 'generate' callbacks to support sending an alert.

If multiple TLS extensions are expected but not received, the TLS extension and supplemental data 'generate' callbacks are the only chance for the receive-side to trigger a specific TLS alert during the handshake. Removed logic which no-op'd TLS extension generate callbacks (as the generate callbacks need to always be called in order to trigger alerts), and updated the serverinfo-specific custom TLS extension callbacks to track which custom TLS extensions were received by the client, where no-ops for 'generate' callbacks are appropriate. (cherry picked from commit ac20719d994729970eb3b775c7bffa81f0e9f960) Conflicts: ssl/t1_lib.c
author: Scott Deboy <sdeboy@secondstryke.com> 2013-09-12 12:03:40 -0700
committer: Scott Deboy <sdeboy@secondstryke.com> 2014-02-08 16:17:24 -0800
commit: fc213217e8db600093bb7976a11e738c8b4bb948 (patch)
tree: 43f435fb75a0e7b583765aa44d63933e566472ee /ssl/ssl_rsa.c
parent: 7198c5af1fe3c9d2b38fb2c3654ab83488fcf457 (diff)
1 files changed, 40 insertions, 1 deletions
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 7fcd8460a3..063eea5ecb 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -848,20 +848,59 @@ static int serverinfo_srv_first_cb(SSL *s, unsigned short ext_type,
 				   unsigned short inlen, int *al,
 				   void *arg)
 	{
+        size_t i = 0;
 	if (inlen != 0)
 		{
 		*al = SSL_AD_DECODE_ERROR;
 		return 0;
 		}
+        //if already in list, error out
+        for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++)
+                {
+                if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type)
+                        {
+                        *al = SSL_AD_DECODE_ERROR;
+                        return 0;
+                        }
+                }
+        s->s3->serverinfo_client_tlsext_custom_types_count++;
+        s->s3->serverinfo_client_tlsext_custom_types = OPENSSL_realloc(
+        s->s3->serverinfo_client_tlsext_custom_types,
+        s->s3->serverinfo_client_tlsext_custom_types_count * 2);
+        if (s->s3->serverinfo_client_tlsext_custom_types == NULL)
+                {
+                s->s3->serverinfo_client_tlsext_custom_types_count = 0;
+                *al = TLS1_AD_INTERNAL_ERROR;
+                return 0;
+                }
+        s->s3->serverinfo_client_tlsext_custom_types[
+        s->s3->serverinfo_client_tlsext_custom_types_count - 1] = ext_type;
+
 	return 1;
 	}
 
 static int serverinfo_srv_second_cb(SSL *s, unsigned short ext_type,
 			            const unsigned char **out, unsigned short *outlen, 
-			            void *arg)
+                                    int *al, void *arg)
 	{
 	const unsigned char *serverinfo = NULL;
 	size_t serverinfo_length = 0;
+        size_t i = 0;
+        unsigned int match = 0;
+        /* Did the client send a TLS extension for this type? */
+        for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++)
+                {
+                if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type)
+                        {
+                        match = 1;
+                        break;
+                        }
+                }
+        if (!match)
+        {
+                //extension not sent by client...don't send extension
+                return -1;
+        }
 
 	/* Is there serverinfo data for the chosen server cert? */
 	if ((ssl_get_server_cert_serverinfo(s, &serverinfo,
author	Scott Deboy <sdeboy@secondstryke.com>	2013-09-12 12:03:40 -0700
committer	Scott Deboy <sdeboy@secondstryke.com>	2014-02-08 16:17:24 -0800
commit	fc213217e8db600093bb7976a11e738c8b4bb948 (patch)
tree	43f435fb75a0e7b583765aa44d63933e566472ee /ssl/ssl_rsa.c
parent	7198c5af1fe3c9d2b38fb2c3654ab83488fcf457 (diff)