diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2014-08-10 12:08:08 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2014-08-28 18:09:05 +0100 |
| commit | 0a4fe37fc6248e5efadcda34015eff122e01b1db (patch) | |
| tree | ecc261ba3f2b21e6de4fb984535403c6668c0a3f /ssl/t1_lib.c | |
| parent | da67a0ae3462f6c6447ed841a9ec514077244b02 (diff) | |
Custom extension revision.
Use the same structure for client and server custom extensions.
Add utility functions in new file t1_ext.c.
Use new utility functions to handle custom server and client extensions
and remove a lot of code duplication.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit ecf4d660902dcef6e0afc51d52926f00d409ee6b)
Conflicts:
ssl/ssl_lib.c
ssl/ssl_locl.h
ssl/t1_lib.c
Diffstat (limited to 'ssl/t1_lib.c')
| -rw-r--r-- | ssl/t1_lib.c | 96 |
1 files changed, 9 insertions, 87 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 78cdc52914..3b3e0e334f 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1446,38 +1446,9 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c } /* Add custom TLS Extensions to ClientHello */ - if (s->cert->custom_cli_ext_records_count) - { - size_t i; - custom_cli_ext_record* record; - - for (i = 0; i < s->cert->custom_cli_ext_records_count; i++) - { - const unsigned char* out = NULL; - unsigned short outlen = 0; + if (!custom_ext_add(s, 0, &ret, limit, al)) + return NULL; - record = &s->cert->custom_cli_ext_records[i]; - /* NULL callback sends empty extension */ - /* -1 from callback omits extension */ - if (record->fn1) - { - int cb_retval = 0; - cb_retval = record->fn1(s, record->ext_type, - &out, &outlen, al, - record->arg); - if (cb_retval == 0) - return NULL; /* error */ - if (cb_retval == -1) - continue; /* skip this extension */ - } - if (limit < ret + 4 + outlen) - return NULL; - s2n(record->ext_type, ret); - s2n(outlen, ret); - memcpy(ret, out, outlen); - ret += outlen; - } - } /* Add padding to workaround bugs in F5 terminators. * See https://tools.ietf.org/html/draft-agl-tls-padding-03 * @@ -1520,8 +1491,6 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c int extdatalen=0; unsigned char *orig = buf; unsigned char *ret = buf; - size_t i; - custom_srv_ext_record *record; #ifndef OPENSSL_NO_NEXTPROTONEG int next_proto_neg_seen; #endif @@ -1706,32 +1675,8 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c } } #endif - - for (i = 0; i < s->cert->custom_srv_ext_records_count; i++) - { - const unsigned char *out = NULL; - unsigned short outlen = 0; - int cb_retval = 0; - - record = &s->cert->custom_srv_ext_records[i]; - - /* NULL callback or -1 omits extension */ - if (!record->fn2) - continue; - cb_retval = record->fn2(s, record->ext_type, - &out, &outlen, al, - record->arg); - if (cb_retval == 0) - return NULL; /* error */ - if (cb_retval == -1) - continue; /* skip this extension */ - if (limit < ret + 4 + outlen) - return NULL; - s2n(record->ext_type, ret); - s2n(outlen, ret); - memcpy(ret, out, outlen); - ret += outlen; - } + if (!custom_ext_add(s, 1, &ret, limit, al)) + return NULL; if (s->s3->alpn_selected) { @@ -2444,19 +2389,10 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char * so call the callback and record the extension number so that * an appropriate ServerHello may be later returned. */ - else if (!s->hit && s->cert->custom_srv_ext_records_count) + else if (!s->hit) { - custom_srv_ext_record *record; - - for (i=0; i < s->cert->custom_srv_ext_records_count; i++) - { - record = &s->cert->custom_srv_ext_records[i]; - if (type == record->ext_type) - { - if (record->fn1 && !record->fn1(s, type, data, size, al, record->arg)) - return 0; - } - } + if (!custom_ext_parse(s, 1, type, data, size, al)) + return 0; } data+=size; @@ -2782,22 +2718,8 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char /* If this extension type was not otherwise handled, but * matches a custom_cli_ext_record, then send it to the c * callback */ - else if (s->cert->custom_cli_ext_records_count) - { - size_t i; - custom_cli_ext_record* record; - - for (i = 0; i < s->cert->custom_cli_ext_records_count; i++) - { - record = &s->cert->custom_cli_ext_records[i]; - if (record->ext_type == type) - { - if (record->fn2 && !record->fn2(s, type, data, size, al, record->arg)) - return 0; - break; - } - } - } + else if (!custom_ext_parse(s, 0, type, data, size, al)) + return 0; data += size; } |