diff options
| -rw-r--r-- | apps/s_client.c | 40 | ||||
| -rw-r--r-- | apps/s_server.c | 40 | ||||
| -rw-r--r-- | ssl/s23_clnt.c | 5 | ||||
| -rw-r--r-- | ssl/s3_clnt.c | 56 | ||||
| -rw-r--r-- | ssl/s3_lib.c | 12 | ||||
| -rw-r--r-- | ssl/s3_srvr.c | 29 | ||||
| -rw-r--r-- | ssl/ssl.h | 32 | ||||
| -rw-r--r-- | ssl/ssl_rsa.c | 90 | ||||
| -rw-r--r-- | ssl/ssltest.c | 132 | ||||
| -rw-r--r-- | ssl/t1_lib.c | 62 |
10 files changed, 253 insertions, 245 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index b9feec73a5..b72676444e 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -236,22 +236,22 @@ static int server_provided_client_authz = 0; static const unsigned char auth_ext_data[]={TLSEXT_AUTHZDATAFORMAT_dtcp}; static int suppdata_cb(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg); + const unsigned char *in, + unsigned short inlen, int *al, + void *arg); static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg); + const unsigned char **out, + unsigned short *outlen, int *al, void *arg); static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, unsigned short *outlen, - int *al, void *arg); + const unsigned char **out, unsigned short *outlen, + int *al, void *arg); static int authz_tlsext_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg); + const unsigned char *in, + unsigned short inlen, int *al, + void *arg); #endif #ifndef OPENSSL_NO_PSK @@ -2435,9 +2435,9 @@ static int ocsp_resp_cb(SSL *s, void *arg) } static int authz_tlsext_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { if (TLSEXT_TYPE_server_authz == ext_type) { @@ -2457,8 +2457,8 @@ static int authz_tlsext_cb(SSL *s, unsigned short ext_type, } static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, unsigned short *outlen, - int *al, void *arg) + const unsigned char **out, unsigned short *outlen, + int *al, void *arg) { if (c_auth) { @@ -2476,9 +2476,9 @@ static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, } static int suppdata_cb(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { if (supp_data_type == TLSEXT_SUPPLEMENTALDATATYPE_authz_data) { @@ -2489,8 +2489,8 @@ static int suppdata_cb(SSL *s, unsigned short supp_data_type, } static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + const unsigned char **out, + unsigned short *outlen, int *al, void *arg) { if (c_auth && server_provided_client_authz && server_provided_server_authz) { diff --git a/apps/s_server.c b/apps/s_server.c index 9bd00431bf..66a022dad6 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -330,22 +330,22 @@ static int cert_chain = 0; #ifndef OPENSSL_NO_TLSEXT static int suppdata_cb(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg); + const unsigned char *in, + unsigned short inlen, int *al, + void *arg); static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg); + const unsigned char **out, + unsigned short *outlen, int *al, void *arg); static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, unsigned short *outlen, - int *al, void *arg); + const unsigned char **out, unsigned short *outlen, + int *al, void *arg); static int authz_tlsext_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg); + const unsigned char *in, + unsigned short inlen, int *al, + void *arg); static BIO *serverinfo_in = NULL; static const char *s_serverinfo_file = NULL; @@ -3553,9 +3553,9 @@ static void free_sessions(void) #ifndef OPENSSL_NO_TLSEXT static int authz_tlsext_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { if (TLSEXT_TYPE_server_authz == ext_type) { @@ -3575,8 +3575,8 @@ static int authz_tlsext_cb(SSL *s, unsigned short ext_type, } static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, unsigned short *outlen, - int *al, void *arg) + const unsigned char **out, unsigned short *outlen, + int *al, void *arg) { if (c_auth && client_provided_client_authz && client_provided_server_authz) { @@ -3595,9 +3595,9 @@ static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, } static int suppdata_cb(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { if (supp_data_type == TLSEXT_SUPPLEMENTALDATATYPE_authz_data) { @@ -3608,8 +3608,8 @@ static int suppdata_cb(SSL *s, unsigned short supp_data_type, } static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + const unsigned char **out, + unsigned short *outlen, int *al, void *arg) { if (c_auth && client_provided_client_authz && client_provided_server_authz) { diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 99d5dfe6d3..e95e8d0c4e 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -299,6 +299,7 @@ static int ssl23_client_hello(SSL *s) unsigned long l; int ssl2_compat; int version = 0, version_major, version_minor; + int al = 0; #ifndef OPENSSL_NO_COMP int j; SSL_COMP *comp; @@ -553,9 +554,9 @@ static int ssl23_client_hello(SSL *s) SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); return -1; } - if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL) + if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL) { - ssl3_send_alert(s,SSL3_AL_FATAL,al); + ssl3_send_alert(s,SSL3_AL_FATAL,al); SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); return -1; } diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index d39cbba49b..08531f951c 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -689,6 +689,7 @@ int ssl3_client_hello(SSL *s) unsigned char *p,*d; int i; unsigned long l; + int al = 0; #ifndef OPENSSL_NO_COMP int j; SSL_COMP *comp; @@ -891,9 +892,9 @@ int ssl3_client_hello(SSL *s) SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); goto err; } - if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL) + if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL) { - ssl3_send_alert(s,SSL3_AL_FATAL,al); + ssl3_send_alert(s,SSL3_AL_FATAL,al); SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); goto err; } @@ -3618,7 +3619,7 @@ int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) #ifndef OPENSSL_NO_TLSEXT int tls1_send_client_supplemental_data(SSL *s, int *skip) { - int al = 0; + int al = 0; if (s->ctx->cli_supp_data_records_count) { unsigned char *p = NULL; @@ -3638,21 +3639,21 @@ int tls1_send_client_supplemental_data(SSL *s, int *skip) if (!record->fn2) continue; cb_retval = record->fn2(s, record->supp_data_type, - &out, &outlen, &al, - record->arg); + &out, &outlen, &al, + record->arg); if (cb_retval == -1) continue; /* skip this supp data entry */ if (cb_retval == 0) { SSLerr(SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB); - goto f_err; + goto f_err; } if (outlen == 0 || TLSEXT_MAXLEN_supplemental_data < outlen + 4 + length) { SSLerr(SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB); return 0; - } - //if first entry, write handshake message type + } + /* if first entry, write handshake message type */ if (length == 0) { if (!BUF_MEM_grow_clean(s->init_buf, 4)) @@ -3662,9 +3663,12 @@ int tls1_send_client_supplemental_data(SSL *s, int *skip) } p = (unsigned char *)s->init_buf->data; *(p++) = SSL3_MT_SUPPLEMENTAL_DATA; - //update message length when all callbacks complete + /* update message length when all + * callbacks complete */ size_loc = p; - //skip over handshake length field (3 bytes) and supp_data length field (3 bytes) + /* skip over handshake length field (3 + * bytes) and supp_data length field + * (3 bytes) */ p += 3 + 3; length += 1 +3 +3; } @@ -3698,10 +3702,10 @@ int tls1_send_client_supplemental_data(SSL *s, int *skip) s->init_off = 0; return 1; -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - return 0; -} + f_err: + ssl3_send_alert(s,SSL3_AL_FATAL,al); + return 0; + } int tls1_get_server_supplemental_data(SSL *s) { @@ -3716,12 +3720,12 @@ int tls1_get_server_supplemental_data(SSL *s) int cb_retval = 0; n=s->method->ssl_get_message(s, - SSL3_ST_CR_SUPPLEMENTAL_DATA_A, - SSL3_ST_CR_SUPPLEMENTAL_DATA_B, - SSL3_MT_SUPPLEMENTAL_DATA, - /* use default limit */ - TLSEXT_MAXLEN_supplemental_data, - &ok); + SSL3_ST_CR_SUPPLEMENTAL_DATA_A, + SSL3_ST_CR_SUPPLEMENTAL_DATA_B, + SSL3_MT_SUPPLEMENTAL_DATA, + /* use default limit */ + TLSEXT_MAXLEN_supplemental_data, + &ok); if (!ok) return((int)n); @@ -3742,9 +3746,11 @@ int tls1_get_server_supplemental_data(SSL *s) //if there is a callback for this supp data type, send it for (i=0; i < s->ctx->cli_supp_data_records_count; i++) { - if (s->ctx->cli_supp_data_records[i].supp_data_type == supp_data_entry_type && s->ctx->cli_supp_data_records[i].fn1) + if (s->ctx->cli_supp_data_records[i].supp_data_type == supp_data_entry_type && + s->ctx->cli_supp_data_records[i].fn1) { - cb_retval = s->ctx->cli_supp_data_records[i].fn1(s, supp_data_entry_type, p, supp_data_entry_len, &al, s->ctx->cli_supp_data_records[i].arg); + cb_retval = s->ctx->cli_supp_data_records[i].fn1(s, supp_data_entry_type, p, + supp_data_entry_len, &al, s->ctx->cli_supp_data_records[i].arg); if (cb_retval == 0) { SSLerr(SSL_F_TLS1_GET_SERVER_SUPPLEMENTAL_DATA, ERR_R_SSL_LIB); @@ -3755,8 +3761,8 @@ int tls1_get_server_supplemental_data(SSL *s) p+=supp_data_entry_len; } return 1; -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - return -1; + f_err: + ssl3_send_alert(s,SSL3_AL_FATAL,al); + return -1; } #endif diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index e99b048e4c..72ef809fed 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3029,8 +3029,8 @@ void ssl3_free(SSL *s) SSL_SRP_CTX_free(s); #endif #ifndef OPENSSL_NO_TLSEXT - if (s->s3->serverinfo_client_tlsext_custom_types != NULL) - OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); + if (s->s3->serverinfo_client_tlsext_custom_types != NULL) + OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); #endif OPENSSL_cleanse(s->s3,sizeof *s->s3); OPENSSL_free(s->s3); @@ -3076,12 +3076,12 @@ void ssl3_clear(SSL *s) } #endif #ifndef OPENSSL_NO_TLSEXT - if (s->s3->serverinfo_client_tlsext_custom_types != NULL) + if (s->s3->serverinfo_client_tlsext_custom_types != NULL) { - OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); - s->s3->serverinfo_client_tlsext_custom_types = NULL; + OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); + s->s3->serverinfo_client_tlsext_custom_types = NULL; } - s->s3->serverinfo_client_tlsext_custom_types_count = 0; + s->s3->serverinfo_client_tlsext_custom_types_count = 0; #ifndef OPENSSL_NO_EC s->s3->is_probably_safari = 0; #endif /* !OPENSSL_NO_EC */ diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 15061aef30..ae3a348943 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1500,7 +1500,8 @@ int ssl3_send_server_hello(SSL *s) { unsigned char *buf; unsigned char *p,*d; - int i,sl,al; + int i,sl; + int al = 0; unsigned long l; if (s->state == SSL3_ST_SW_SRVR_HELLO_A) @@ -1569,9 +1570,9 @@ int ssl3_send_server_hello(SSL *s) SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT); return -1; } - if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL) + if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL) { - ssl3_send_alert(s, SSL3_AL_FATAL, al); + ssl3_send_alert(s, SSL3_AL_FATAL, al); SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR); return -1; } @@ -3655,7 +3656,7 @@ int ssl3_get_next_proto(SSL *s) int tls1_send_server_supplemental_data(SSL *s, int *skip) { - int al = 0; + int al = 0; if (s->ctx->srv_supp_data_records_count) { unsigned char *p = NULL; @@ -3675,14 +3676,14 @@ int tls1_send_server_supplemental_data(SSL *s, int *skip) if (!record->fn1) continue; cb_retval = record->fn1(s, record->supp_data_type, - &out, &outlen, &al, + &out, &outlen, &al, record->arg); if (cb_retval == -1) continue; /* skip this supp data entry */ if (cb_retval == 0) { SSLerr(SSL_F_TLS1_SEND_SERVER_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB); - goto f_err; + goto f_err; } if (outlen == 0 || TLSEXT_MAXLEN_supplemental_data < outlen + 4 + length) { @@ -3741,8 +3742,8 @@ int tls1_send_server_supplemental_data(SSL *s, int *skip) s->init_off = 0; return 1; f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - return 0; + ssl3_send_alert(s,SSL3_AL_FATAL,al); + return 0; } int tls1_get_client_supplemental_data(SSL *s) @@ -3758,12 +3759,12 @@ int tls1_get_client_supplemental_data(SSL *s) size_t i = 0; n=s->method->ssl_get_message(s, - SSL3_ST_SR_SUPPLEMENTAL_DATA_A, - SSL3_ST_SR_SUPPLEMENTAL_DATA_B, - SSL3_MT_SUPPLEMENTAL_DATA, - /* use default limit */ - TLSEXT_MAXLEN_supplemental_data, - &ok); + SSL3_ST_SR_SUPPLEMENTAL_DATA_A, + SSL3_ST_SR_SUPPLEMENTAL_DATA_B, + SSL3_MT_SUPPLEMENTAL_DATA, + /* use default limit */ + TLSEXT_MAXLEN_supplemental_data, + &ok); if (!ok) return((int)n); @@ -406,19 +406,19 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, S */ typedef int (*custom_cli_ext_first_cb_fn)(SSL *s, unsigned short ext_type, const unsigned char **out, - unsigned short *outlen, int *al, void *arg); + unsigned short *outlen, int *al, void *arg); typedef int (*custom_cli_ext_second_cb_fn)(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg); + const unsigned char *in, + unsigned short inlen, int *al, + void *arg); typedef int (*custom_srv_ext_first_cb_fn)(SSL *s, unsigned short ext_type, const unsigned char *in, unsigned short inlen, int *al, void *arg); typedef int (*custom_srv_ext_second_cb_fn)(SSL *s, unsigned short ext_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg); + const unsigned char **out, + unsigned short *outlen, int *al, void *arg); typedef struct { unsigned short ext_type; @@ -456,20 +456,20 @@ typedef struct { * fatal TLS alert, if the callback returns zero. */ typedef int (*srv_supp_data_first_cb_fn)(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg); + const unsigned char **out, + unsigned short *outlen, int *al, void *arg); typedef int (*srv_supp_data_second_cb_fn)(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg); + const unsigned char *in, + unsigned short inlen, int *al, + void *arg); typedef int (*cli_supp_data_first_cb_fn)(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg); + const unsigned char *in, + unsigned short inlen, int *al, + void *arg); typedef int (*cli_supp_data_second_cb_fn)(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg); + const unsigned char **out, + unsigned short *outlen, int *al, void *arg); typedef struct { unsigned short supp_data_type; diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 063eea5ecb..799210f5e2 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -844,71 +844,71 @@ static int serverinfo_find_extension(const unsigned char *serverinfo, } static int serverinfo_srv_first_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { - size_t i = 0; + size_t i = 0; if (inlen != 0) { *al = SSL_AD_DECODE_ERROR; return 0; } - //if already in list, error out - for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++) - { - if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - } - s->s3->serverinfo_client_tlsext_custom_types_count++; - s->s3->serverinfo_client_tlsext_custom_types = OPENSSL_realloc( - s->s3->serverinfo_client_tlsext_custom_types, - s->s3->serverinfo_client_tlsext_custom_types_count * 2); - if (s->s3->serverinfo_client_tlsext_custom_types == NULL) - { - s->s3->serverinfo_client_tlsext_custom_types_count = 0; - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - s->s3->serverinfo_client_tlsext_custom_types[ - s->s3->serverinfo_client_tlsext_custom_types_count - 1] = ext_type; + //if already in list, error out + for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++) + { + if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + } + s->s3->serverinfo_client_tlsext_custom_types_count++; + s->s3->serverinfo_client_tlsext_custom_types = OPENSSL_realloc( + s->s3->serverinfo_client_tlsext_custom_types, + s->s3->serverinfo_client_tlsext_custom_types_count * 2); + if (s->s3->serverinfo_client_tlsext_custom_types == NULL) + { + s->s3->serverinfo_client_tlsext_custom_types_count = 0; + *al = TLS1_AD_INTERNAL_ERROR; + return 0; + } + s->s3->serverinfo_client_tlsext_custom_types[ + s->s3->serverinfo_client_tlsext_custom_types_count - 1] = ext_type; return 1; } static int serverinfo_srv_second_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, unsigned short *outlen, - int *al, void *arg) + const unsigned char **out, unsigned short *outlen, + int *al, void *arg) { const unsigned char *serverinfo = NULL; size_t serverinfo_length = 0; - size_t i = 0; - unsigned int match = 0; - /* Did the client send a TLS extension for this type? */ - for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++) - { - if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type) - { - match = 1; - break; - } - } - if (!match) - { - //extension not sent by client...don't send extension - return -1; - } + size_t i = 0; + unsigned int match = 0; + /* Did the client send a TLS extension for this type? */ + for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++) + { + if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type) + { + match = 1; + break; + } + } + if (!match) + { + //extension not sent by client...don't send extension + return -1; + } /* Is there serverinfo data for the chosen server cert? */ if ((ssl_get_server_cert_serverinfo(s, &serverinfo, - &serverinfo_length)) != 0) + &serverinfo_length)) != 0) { /* Find the relevant extension from the serverinfo */ int retval = serverinfo_find_extension(serverinfo, serverinfo_length, - ext_type, out, outlen); + ext_type, out, outlen); if (retval == 0) return 0; /* Error */ if (retval == -1) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 2af5710f90..47715cc0f3 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -488,8 +488,8 @@ static int verify_serverinfo() */ static int custom_ext_0_cli_first_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + const unsigned char **out, + unsigned short *outlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_0) custom_ext_error = 1; @@ -497,17 +497,17 @@ static int custom_ext_0_cli_first_cb(SSL *s, unsigned short ext_type, } static int custom_ext_0_cli_second_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { custom_ext_error = 1; /* Shouldn't be called */ return 0; } static int custom_ext_1_cli_first_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + const unsigned char **out, + unsigned short *outlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_1) custom_ext_error = 1; @@ -517,17 +517,17 @@ static int custom_ext_1_cli_first_cb(SSL *s, unsigned short ext_type, } static int custom_ext_1_cli_second_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { custom_ext_error = 1; /* Shouldn't be called */ return 0; } static int custom_ext_2_cli_first_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + const unsigned char **out, + unsigned short *outlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_2) custom_ext_error = 1; @@ -537,9 +537,9 @@ static int custom_ext_2_cli_first_cb(SSL *s, unsigned short ext_type, } static int custom_ext_2_cli_second_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { if (ext_type != CUSTOM_EXT_TYPE_2) custom_ext_error = 1; @@ -549,8 +549,8 @@ static int custom_ext_2_cli_second_cb(SSL *s, unsigned short ext_type, } static int custom_ext_3_cli_first_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + const unsigned char **out, + unsigned short *outlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_3) custom_ext_error = 1; @@ -560,9 +560,9 @@ static int custom_ext_3_cli_first_cb(SSL *s, unsigned short ext_type, } static int custom_ext_3_cli_second_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { if (ext_type != CUSTOM_EXT_TYPE_3) custom_ext_error = 1; @@ -575,9 +575,9 @@ static int custom_ext_3_cli_second_cb(SSL *s, unsigned short ext_type, //custom_ext_0_cli_first_cb returns -1 - the server won't receive a callback for this extension static int custom_ext_0_srv_first_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { custom_ext_error = 1; return 0; /* Shouldn't be called */ @@ -585,16 +585,16 @@ static int custom_ext_0_srv_first_cb(SSL *s, unsigned short ext_type, //'generate' callbacks are always called, even if the 'receive' callback isn't called static int custom_ext_0_srv_second_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + const unsigned char **out, + unsigned short *outlen, int *al, void *arg) { return -1; /* Don't send an extension */ } static int custom_ext_1_srv_first_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { if (ext_type != CUSTOM_EXT_TYPE_1) custom_ext_error = 1; @@ -607,16 +607,16 @@ static int custom_ext_1_srv_first_cb(SSL *s, unsigned short ext_type, } static int custom_ext_1_srv_second_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + const unsigned char **out, + unsigned short *outlen, int *al, void *arg) { return -1; /* Don't send an extension */ } static int custom_ext_2_srv_first_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { if (ext_type != CUSTOM_EXT_TYPE_2) custom_ext_error = 1; @@ -629,8 +629,8 @@ static int custom_ext_2_srv_first_cb(SSL *s, unsigned short ext_type, } static int custom_ext_2_srv_second_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + const unsigned char **out, + unsigned short *outlen, int *al, void *arg) { *out = NULL; *outlen = 0; @@ -638,9 +638,9 @@ static int custom_ext_2_srv_second_cb(SSL *s, unsigned short ext_type, } static int custom_ext_3_srv_first_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { if (ext_type != CUSTOM_EXT_TYPE_3) custom_ext_error = 1; @@ -653,8 +653,8 @@ static int custom_ext_3_srv_first_cb(SSL *s, unsigned short ext_type, } static int custom_ext_3_srv_second_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + const unsigned char **out, + unsigned short *outlen, int *al, void *arg) { *out = (const unsigned char*)custom_ext_srv_string; *outlen = strlen(custom_ext_srv_string); @@ -662,8 +662,8 @@ static int custom_ext_3_srv_second_cb(SSL *s, unsigned short ext_type, } static int supp_data_0_srv_first_cb(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + const unsigned char **out, + unsigned short *outlen, int *al, void *arg) { *out = (const unsigned char*)supp_data_0_string; *outlen = strlen(supp_data_0_string); @@ -673,9 +673,9 @@ static int supp_data_0_srv_first_cb(SSL *s, unsigned short supp_data_type, } static int supp_data_0_srv_second_cb(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0) suppdata_error = 1; @@ -689,34 +689,34 @@ static int supp_data_0_srv_second_cb(SSL *s, unsigned short supp_data_type, } static int supp_data_1_srv_first_cb(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + const unsigned char **out, + unsigned short *outlen, int *al, void *arg) { return -1; } static int supp_data_1_srv_second_cb(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { suppdata_error = 1; return 1; } static int supp_data_2_srv_second_cb(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { suppdata_error = 1; return 1; } static int supp_data_0_cli_first_cb(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0) suppdata_error = 1; @@ -730,8 +730,8 @@ static int supp_data_0_cli_first_cb(SSL *s, unsigned short supp_data_type, } static int supp_data_0_cli_second_cb(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + const unsigned char **out, + unsigned short *outlen, int *al, void *arg) { *out = (const unsigned char*)supp_data_0_string; *outlen = strlen(supp_data_0_string); @@ -741,25 +741,25 @@ static int supp_data_0_cli_second_cb(SSL *s, unsigned short supp_data_type, } static int supp_data_1_cli_first_cb(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { suppdata_error = 1; return 1; } static int supp_data_1_cli_second_cb(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + const unsigned char **out, + unsigned short *outlen, int *al, void *arg) { return -1; } static int supp_data_2_cli_first_cb(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { suppdata_error = 1; return 1; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index f3f6f82184..019685709b 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1466,8 +1466,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha { int cb_retval = 0; cb_retval = record->fn1(s, record->ext_type, - &out, &ou |