diff options
| -rw-r--r-- | apps/s_client.c | 21 | ||||
| -rw-r--r-- | ssl/ssl.h | 34 | ||||
| -rw-r--r-- | ssl/ssl_rsa.c | 12 | ||||
| -rw-r--r-- | ssl/ssltest.c | 54 | ||||
| -rw-r--r-- | ssl/t1_ext.c | 84 |
5 files changed, 106 insertions, 99 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index bfb6e52cc5..ffd3a4b50f 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -548,9 +548,9 @@ static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, con } # endif /* ndef OPENSSL_NO_NEXTPROTONEG */ -static int serverinfo_cli_cb(SSL* s, unsigned int ext_type, - const unsigned char* in, size_t inlen, - int* al, void* arg) +static int serverinfo_cli_parse_cb(SSL* s, unsigned int ext_type, + const unsigned char* in, size_t inlen, + int* al, void* arg) { char pem_name[100]; unsigned char ext_buf[4 + 65536]; @@ -1334,16 +1334,13 @@ bad: } #endif #ifndef OPENSSL_NO_TLSEXT - if (serverinfo_types_count) + for (i = 0; i < serverinfo_types_count; i++) { - for (i = 0; i < serverinfo_types_count; i++) - { - SSL_CTX_add_client_custom_ext(ctx, - serverinfo_types[i], - NULL, NULL, NULL, - serverinfo_cli_cb, - NULL); - } + SSL_CTX_add_client_custom_ext(ctx, + serverinfo_types[i], + NULL, NULL, NULL, + serverinfo_cli_parse_cb, + NULL); } #endif @@ -389,18 +389,18 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, S /* Typedefs for handling custom extensions */ typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type, - const unsigned char **out, - size_t *outlen, int *al, - void *add_arg); + const unsigned char **out, + size_t *outlen, int *al, + void *add_arg); typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type, - const unsigned char *out, - void *add_arg); + const unsigned char *out, + void *add_arg); typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type, - const unsigned char *in, - size_t inlen, int *al, - void *parse_arg); + const unsigned char *in, + size_t inlen, int *al, + void *parse_arg); #endif @@ -1247,16 +1247,18 @@ const char *SSL_get_psk_identity(const SSL *s); /* Register callbacks to handle custom TLS Extensions for client or server. */ int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, - custom_ext_add_cb add_cb, - custom_ext_free_cb free_cb, - void *add_arg, - custom_ext_parse_cb parse_cb, void *parse_arg); + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, - custom_ext_add_cb add_cb, - custom_ext_free_cb free_cb, - void *add_arg, - custom_ext_parse_cb parse_cb, void *parse_arg); + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); int SSL_extension_supported(unsigned int ext_type); diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index d75c8245f1..943502d092 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -859,8 +859,8 @@ static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type, } static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type, - const unsigned char **out, size_t *outlen, - int *al, void *arg) + const unsigned char **out, size_t *outlen, + int *al, void *arg) { const unsigned char *serverinfo = NULL; size_t serverinfo_length = 0; @@ -906,10 +906,10 @@ static int serverinfo_process_buffer(const unsigned char *serverinfo, /* Register callbacks for extensions */ ext_type = (serverinfo[0] << 8) + serverinfo[1]; if (ctx && !SSL_CTX_add_server_custom_ext(ctx, ext_type, - serverinfo_srv_add_cb, - NULL, NULL, - serverinfo_srv_parse_cb, - NULL)) + serverinfo_srv_add_cb, + NULL, NULL, + serverinfo_srv_parse_cb, + NULL)) return 0; serverinfo += 2; diff --git a/ssl/ssltest.c b/ssl/ssltest.c index a70ac3f98a..960ed2a772 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -446,9 +446,9 @@ int custom_ext = 0; /* This set based on extension callbacks */ int custom_ext_error = 0; -static int serverinfo_cli_cb(SSL* s, unsigned int ext_type, - const unsigned char* in, size_t inlen, - int* al, void* arg) +static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type, + const unsigned char *in, size_t inlen, + int *al, void *arg) { if (ext_type == SCT_EXT_TYPE) serverinfo_sct_seen++; @@ -1466,12 +1466,12 @@ bad: if (serverinfo_sct) SSL_CTX_add_client_custom_ext(c_ctx, SCT_EXT_TYPE, - NULL, NULL, NULL, - serverinfo_cli_cb, NULL); + NULL, NULL, NULL, + serverinfo_cli_parse_cb, NULL); if (serverinfo_tack) SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE, - NULL, NULL, NULL, - serverinfo_cli_cb, NULL); + NULL, NULL, NULL, + serverinfo_cli_parse_cb, NULL); if (serverinfo_file) if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file)) @@ -1483,31 +1483,39 @@ bad: if (custom_ext) { SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0, - custom_ext_0_cli_add_cb, NULL, NULL, - custom_ext_0_cli_parse_cb, NULL); + custom_ext_0_cli_add_cb, + NULL, NULL, + custom_ext_0_cli_parse_cb, NULL); SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1, - custom_ext_1_cli_add_cb, NULL, NULL, - custom_ext_1_cli_parse_cb, NULL); + custom_ext_1_cli_add_cb, + NULL, NULL, + custom_ext_1_cli_parse_cb, NULL); SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2, - custom_ext_2_cli_add_cb, NULL, NULL, - custom_ext_2_cli_parse_cb, NULL); + custom_ext_2_cli_add_cb, + NULL, NULL, + custom_ext_2_cli_parse_cb, NULL); SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3, - custom_ext_3_cli_add_cb, NULL, NULL, - custom_ext_3_cli_parse_cb, NULL); + custom_ext_3_cli_add_cb, + NULL, NULL, + custom_ext_3_cli_parse_cb, NULL); SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0, - custom_ext_0_srv_add_cb, NULL, NULL, - custom_ext_0_srv_parse_cb, NULL); + custom_ext_0_srv_add_cb, + NULL, NULL, + custom_ext_0_srv_parse_cb, NULL); SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1, - custom_ext_1_srv_add_cb, NULL, NULL, - custom_ext_1_srv_parse_cb, NULL); + custom_ext_1_srv_add_cb, + NULL, NULL, + custom_ext_1_srv_parse_cb, NULL); SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2, - custom_ext_2_srv_add_cb, NULL, NULL, - custom_ext_2_srv_parse_cb, NULL); + custom_ext_2_srv_add_cb, + NULL, NULL, + custom_ext_2_srv_parse_cb, NULL); SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3, - custom_ext_3_srv_add_cb, NULL, NULL, - custom_ext_3_srv_parse_cb, NULL); + custom_ext_3_srv_add_cb, + NULL, NULL, + custom_ext_3_srv_parse_cb, NULL); } if (alpn_server) diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c index 615070826a..7e44bac000 100644 --- a/ssl/t1_ext.c +++ b/ssl/t1_ext.c @@ -59,10 +59,9 @@ #ifndef OPENSSL_NO_TLSEXT -/* Find a custom extension from the list */ - +/* Find a custom extension from the list. */ static custom_ext_method *custom_ext_find(custom_ext_methods *exts, - unsigned short ext_type) + unsigned int ext_type) { size_t i; custom_ext_method *meth = exts->meths; @@ -84,18 +83,16 @@ void custom_ext_init(custom_ext_methods *exts) meth->ext_flags = 0; } -/* pass received custom extension data to the application for parsing */ - +/* Pass received custom extension data to the application for parsing. */ int custom_ext_parse(SSL *s, int server, - unsigned int ext_type, - const unsigned char *ext_data, - size_t ext_size, - int *al) + unsigned int ext_type, + const unsigned char *ext_data, + size_t ext_size, + int *al) { custom_ext_methods *exts = server ? &s->cert->srv_ext : &s->cert->cli_ext; custom_ext_method *meth; meth = custom_ext_find(exts, ext_type); - /* If not found or no parse function set, return success */ /* If not found return success */ if (!meth) return 1; @@ -117,20 +114,20 @@ int custom_ext_parse(SSL *s, int server, return 0; } meth->ext_flags |= SSL_EXT_FLAG_RECEIVED; + /* If no parse function set return success */ if (!meth->parse_cb) return 1; return meth->parse_cb(s, ext_type, ext_data, ext_size, al, meth->parse_arg); } -/* request custom extension data from the application and add to the - * return buffer +/* Request custom extension data from the application and add to the + * return buffer. */ - int custom_ext_add(SSL *s, int server, - unsigned char **pret, - unsigned char *limit, - int *al) + unsigned char **pret, + unsigned char *limit, + int *al) { custom_ext_methods *exts = server ? &s->cert->srv_ext : &s->cert->cli_ext; custom_ext_method *meth; @@ -174,12 +171,12 @@ int custom_ext_add(SSL *s, int server, memcpy(ret, out, outlen); ret += outlen; } - /* We can't send duplicates: code logic should prevent this */ + /* We can't send duplicates: code logic should prevent this. */ OPENSSL_assert(!(meth->ext_flags & SSL_EXT_FLAG_SENT)); /* Indicate extension has been sent: this is both a sanity * check to ensure we don't send duplicate extensions - * and indicates to servers that an extension can be - * sent in ServerHello. + * and indicates that it is not an error if the extension + * is present in ServerHello. */ meth->ext_flags |= SSL_EXT_FLAG_SENT; if (meth->free_cb) @@ -190,7 +187,6 @@ int custom_ext_add(SSL *s, int server, } /* Copy table of custom extensions */ - int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src) { if (src->meths_count) @@ -209,16 +205,21 @@ void custom_exts_free(custom_ext_methods *exts) OPENSSL_free(exts->meths); } -/* Set callbacks for a custom extension */ +/* Set callbacks for a custom extension. */ static int custom_ext_meth_add(custom_ext_methods *exts, - unsigned int ext_type, - custom_ext_add_cb add_cb, - custom_ext_free_cb free_cb, - void *add_arg, - custom_ext_parse_cb parse_cb, void *parse_arg) + unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, void *parse_arg) { custom_ext_method *meth; - /* Don't add if extension supported internall */ + /* Check application error: if add_cb is not set free_cb will never + * be called. + */ + if (!add_cb && free_cb) + return 0; + /* Don't add if extension supported internally. */ if (SSL_extension_supported(ext_type)) return 0; /* Extension type must fit in 16 bits */ @@ -228,7 +229,7 @@ static int custom_ext_meth_add(custom_ext_methods *exts, if (custom_ext_find(exts, ext_type)) return 0; exts->meths = OPENSSL_realloc(exts->meths, - (exts->meths_count + 1) * sizeof(custom_ext_method)); + (exts->meths_count + 1) * sizeof(custom_ext_method)); if (!exts->meths) { @@ -249,35 +250,34 @@ static int custom_ext_meth_add(custom_ext_methods *exts, } /* Application level functions to add custom extension callbacks */ - int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, - custom_ext_add_cb add_cb, - custom_ext_free_cb free_cb, - void *add_arg, - custom_ext_parse_cb parse_cb, void *parse_arg) + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, void *parse_arg) { return custom_ext_meth_add(&ctx->cert->cli_ext, ext_type, - add_cb, free_cb, add_arg, - parse_cb, parse_arg); + add_cb, free_cb, add_arg, + parse_cb, parse_arg); } int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, - custom_ext_add_cb add_cb, - custom_ext_free_cb free_cb, - void *add_arg, - custom_ext_parse_cb parse_cb, void *parse_arg) + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, void *parse_arg) { return custom_ext_meth_add(&ctx->cert->srv_ext, ext_type, - add_cb, free_cb, add_arg, - parse_cb, parse_arg); + add_cb, free_cb, add_arg, + parse_cb, parse_arg); } int SSL_extension_supported(unsigned int ext_type) { - /* See if it is a supported internally */ switch(ext_type) { + /* Internally supported extensions. */ case TLSEXT_TYPE_application_layer_protocol_negotiation: case TLSEXT_TYPE_ec_point_formats: case TLSEXT_TYPE_elliptic_curves: |