Tree - source-git/openssl - CentOS Git server

source-git / openssl

Blame ssl/statem/extensions_cust.c

Blob History Raw

Packit	c4476c	`/*`
Packit	c4476c	`* Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.`
Packit	c4476c	`*`
Packit	c4476c	`* Licensed under the OpenSSL license (the "License"). You may not use`
Packit	c4476c	`* this file except in compliance with the License. You can obtain a copy`
Packit	c4476c	`* in the file LICENSE in the source distribution or at`
Packit	c4476c	`* https://www.openssl.org/source/license.html`
Packit	c4476c	`*/`
Packit	c4476c
Packit	c4476c	`/* Custom extension utility functions */`
Packit	c4476c
Packit	c4476c	`#include <openssl/ct.h>`
Packit	c4476c	`#include "../ssl_local.h"`
Packit	c4476c	`#include "internal/cryptlib.h"`
Packit	c4476c	`#include "statem_local.h"`
Packit	c4476c
Packit	c4476c	`typedef struct {`
Packit	c4476c	`void *add_arg;`
Packit	c4476c	`custom_ext_add_cb add_cb;`
Packit	c4476c	`custom_ext_free_cb free_cb;`
Packit	c4476c	`} custom_ext_add_cb_wrap;`
Packit	c4476c
Packit	c4476c	`typedef struct {`
Packit	c4476c	`void *parse_arg;`
Packit	c4476c	`custom_ext_parse_cb parse_cb;`
Packit	c4476c	`} custom_ext_parse_cb_wrap;`
Packit	c4476c
Packit	c4476c	`/*`
Packit	c4476c	`* Provide thin wrapper callbacks which convert new style arguments to old style`
Packit	c4476c	`*/`
Packit	c4476c	`static int custom_ext_add_old_cb_wrap(SSL *s, unsigned int ext_type,`
Packit	c4476c	`unsigned int context,`
Packit	c4476c	`const unsigned char **out,`
Packit	c4476c	`size_t outlen, X509 x, size_t chainidx,`
Packit	c4476c	`int al, void add_arg)`
Packit	c4476c	`{`
Packit	c4476c	`custom_ext_add_cb_wrap add_cb_wrap = (custom_ext_add_cb_wrap )add_arg;`
Packit	c4476c
Packit	c4476c	`if (add_cb_wrap->add_cb == NULL)`
Packit	c4476c	`return 1;`
Packit	c4476c
Packit	c4476c	`return add_cb_wrap->add_cb(s, ext_type, out, outlen, al,`
Packit	c4476c	`add_cb_wrap->add_arg);`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`static void custom_ext_free_old_cb_wrap(SSL *s, unsigned int ext_type,`
Packit	c4476c	`unsigned int context,`
Packit	c4476c	`const unsigned char out, void add_arg)`
Packit	c4476c	`{`
Packit	c4476c	`custom_ext_add_cb_wrap add_cb_wrap = (custom_ext_add_cb_wrap )add_arg;`
Packit	c4476c
Packit	c4476c	`if (add_cb_wrap->free_cb == NULL)`
Packit	c4476c	`return;`
Packit	c4476c
Packit	c4476c	`add_cb_wrap->free_cb(s, ext_type, out, add_cb_wrap->add_arg);`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`static int custom_ext_parse_old_cb_wrap(SSL *s, unsigned int ext_type,`
Packit	c4476c	`unsigned int context,`
Packit	c4476c	`const unsigned char *in,`
Packit	c4476c	`size_t inlen, X509 *x, size_t chainidx,`
Packit	c4476c	`int al, void parse_arg)`
Packit	c4476c	`{`
Packit	c4476c	`custom_ext_parse_cb_wrap *parse_cb_wrap =`
Packit	c4476c	`(custom_ext_parse_cb_wrap *)parse_arg;`
Packit	c4476c
Packit	c4476c	`if (parse_cb_wrap->parse_cb == NULL)`
Packit	c4476c	`return 1;`
Packit	c4476c
Packit	c4476c	`return parse_cb_wrap->parse_cb(s, ext_type, in, inlen, al,`
Packit	c4476c	`parse_cb_wrap->parse_arg);`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`/*`
Packit	c4476c	`* Find a custom extension from the list. The \|role\| param is there to`
Packit	c4476c	`* support the legacy API where custom extensions for client and server could`
Packit	c4476c	`* be set independently on the same SSL_CTX. It is set to ENDPOINT_SERVER if we`
Packit	c4476c	`* are trying to find a method relevant to the server, ENDPOINT_CLIENT for the`
Packit	c4476c	`* client, or ENDPOINT_BOTH for either`
Packit	c4476c	`*/`
Packit	c4476c	`custom_ext_method custom_ext_find(const custom_ext_methods exts,`
Packit	c4476c	`ENDPOINT role, unsigned int ext_type,`
Packit	c4476c	`size_t *idx)`
Packit	c4476c	`{`
Packit	c4476c	`size_t i;`
Packit	c4476c	`custom_ext_method *meth = exts->meths;`
Packit	c4476c
Packit	c4476c	`for (i = 0; i < exts->meths_count; i++, meth++) {`
Packit	c4476c	`if (ext_type == meth->ext_type`
Packit	c4476c	`&& (role == ENDPOINT_BOTH \|\| role == meth->role`
Packit	c4476c	`\|\| meth->role == ENDPOINT_BOTH)) {`
Packit	c4476c	`if (idx != NULL)`
Packit	c4476c	`*idx = i;`
Packit	c4476c	`return meth;`
Packit	c4476c	`}`
Packit	c4476c	`}`
Packit	c4476c	`return NULL;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`/*`
Packit	c4476c	`* Initialise custom extensions flags to indicate neither sent nor received.`
Packit	c4476c	`*/`
Packit	c4476c	`void custom_ext_init(custom_ext_methods *exts)`
Packit	c4476c	`{`
Packit	c4476c	`size_t i;`
Packit	c4476c	`custom_ext_method *meth = exts->meths;`
Packit	c4476c
Packit	c4476c	`for (i = 0; i < exts->meths_count; i++, meth++)`
Packit	c4476c	`meth->ext_flags = 0;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`/* Pass received custom extension data to the application for parsing. */`
Packit	c4476c	`int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type,`
Packit	c4476c	`const unsigned char ext_data, size_t ext_size, X509 x,`
Packit	c4476c	`size_t chainidx)`
Packit	c4476c	`{`
Packit	c4476c	`int al;`
Packit	c4476c	`custom_ext_methods *exts = &s->cert->custext;`
Packit	c4476c	`custom_ext_method *meth;`
Packit	c4476c	`ENDPOINT role = ENDPOINT_BOTH;`
Packit	c4476c
Packit	c4476c	`if ((context & (SSL_EXT_CLIENT_HELLO \| SSL_EXT_TLS1_2_SERVER_HELLO)) != 0)`
Packit	c4476c	`role = s->server ? ENDPOINT_SERVER : ENDPOINT_CLIENT;`
Packit	c4476c
Packit	c4476c	`meth = custom_ext_find(exts, role, ext_type, NULL);`
Packit	c4476c	`/* If not found return success */`
Packit	c4476c	`if (!meth)`
Packit	c4476c	`return 1;`
Packit	c4476c
Packit	c4476c	`/* Check if extension is defined for our protocol. If not, skip */`
Packit	c4476c	`if (!extension_is_relevant(s, meth->context, context))`
Packit	c4476c	`return 1;`
Packit	c4476c
Packit	c4476c	`if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO`
Packit	c4476c	`\| SSL_EXT_TLS1_3_SERVER_HELLO`
Packit	c4476c	`\| SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS)) != 0) {`
Packit	c4476c	`/*`
Packit	c4476c	`* If it's ServerHello or EncryptedExtensions we can't have any`
Packit	c4476c	`* extensions not sent in ClientHello.`
Packit	c4476c	`*/`
Packit	c4476c	`if ((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0) {`
Packit	c4476c	`SSLfatal(s, TLS1_AD_UNSUPPORTED_EXTENSION, SSL_F_CUSTOM_EXT_PARSE,`
Packit	c4476c	`SSL_R_BAD_EXTENSION);`
Packit	c4476c	`return 0;`
Packit	c4476c	`}`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`/*`
Packit	c4476c	`* Extensions received in the ClientHello are marked with the`
Packit	c4476c	`* SSL_EXT_FLAG_RECEIVED. This is so we know to add the equivalent`
Packit	c4476c	`* extensions in the ServerHello/EncryptedExtensions message`
Packit	c4476c	`*/`
Packit	c4476c	`if ((context & SSL_EXT_CLIENT_HELLO) != 0)`
Packit	c4476c	`meth->ext_flags \|= SSL_EXT_FLAG_RECEIVED;`
Packit	c4476c
Packit	c4476c	`/* If no parse function set return success */`
Packit	c4476c	`if (!meth->parse_cb)`
Packit	c4476c	`return 1;`
Packit	c4476c
Packit	c4476c	`if (meth->parse_cb(s, ext_type, context, ext_data, ext_size, x, chainidx,`
Packit	c4476c	`&al, meth->parse_arg) <= 0) {`
Packit	c4476c	`SSLfatal(s, al, SSL_F_CUSTOM_EXT_PARSE, SSL_R_BAD_EXTENSION);`
Packit	c4476c	`return 0;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`return 1;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`/*`
Packit	c4476c	`* Request custom extension data from the application and add to the return`
Packit	c4476c	`* buffer.`
Packit	c4476c	`*/`
Packit	c4476c	`int custom_ext_add(SSL s, int context, WPACKET pkt, X509 *x, size_t chainidx,`
Packit	c4476c	`int maxversion)`
Packit	c4476c	`{`
Packit	c4476c	`custom_ext_methods *exts = &s->cert->custext;`
Packit	c4476c	`custom_ext_method *meth;`
Packit	c4476c	`size_t i;`
Packit	c4476c	`int al;`
Packit	c4476c
Packit	c4476c	`for (i = 0; i < exts->meths_count; i++) {`
Packit	c4476c	`const unsigned char *out = NULL;`
Packit	c4476c	`size_t outlen = 0;`
Packit	c4476c
Packit	c4476c	`meth = exts->meths + i;`
Packit	c4476c
Packit	c4476c	`if (!should_add_extension(s, meth->context, context, maxversion))`
Packit	c4476c	`continue;`
Packit	c4476c
Packit	c4476c	`if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO`
Packit	c4476c	`\| SSL_EXT_TLS1_3_SERVER_HELLO`
Packit	c4476c	`\| SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS`
Packit	c4476c	`\| SSL_EXT_TLS1_3_CERTIFICATE`
Packit	c4476c	`\| SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST)) != 0) {`
Packit	c4476c	`/* Only send extensions present in ClientHello. */`
Packit	c4476c	`if (!(meth->ext_flags & SSL_EXT_FLAG_RECEIVED))`
Packit	c4476c	`continue;`
Packit	c4476c	`}`
Packit	c4476c	`/*`
Packit	c4476c	`* We skip it if the callback is absent - except for a ClientHello where`
Packit	c4476c	`* we add an empty extension.`
Packit	c4476c	`*/`
Packit	c4476c	`if ((context & SSL_EXT_CLIENT_HELLO) == 0 && meth->add_cb == NULL)`
Packit	c4476c	`continue;`
Packit	c4476c
Packit	c4476c	`if (meth->add_cb != NULL) {`
Packit	c4476c	`int cb_retval = meth->add_cb(s, meth->ext_type, context, &out,`
Packit	c4476c	`&outlen, x, chainidx, &al,`
Packit	c4476c	`meth->add_arg);`
Packit	c4476c
Packit	c4476c	`if (cb_retval < 0) {`
Packit	c4476c	`SSLfatal(s, al, SSL_F_CUSTOM_EXT_ADD, SSL_R_CALLBACK_FAILED);`
Packit	c4476c	`return 0; /* error */`
Packit	c4476c	`}`
Packit	c4476c	`if (cb_retval == 0)`
Packit	c4476c	`continue; /* skip this extension */`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`if (!WPACKET_put_bytes_u16(pkt, meth->ext_type)`
Packit	c4476c	`\|\| !WPACKET_start_sub_packet_u16(pkt)`
Packit	c4476c	`\|\| (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen))`
Packit	c4476c	`\|\| !WPACKET_close(pkt)) {`
Packit	c4476c	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CUSTOM_EXT_ADD,`
Packit	c4476c	`ERR_R_INTERNAL_ERROR);`
Packit	c4476c	`return 0;`
Packit	c4476c	`}`
Packit	c4476c	`if ((context & SSL_EXT_CLIENT_HELLO) != 0) {`
Packit	c4476c	`/*`
Packit	c4476c	`* We can't send duplicates: code logic should prevent this.`
Packit	c4476c	`*/`
Packit	c4476c	`if (!ossl_assert((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0)) {`
Packit	c4476c	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CUSTOM_EXT_ADD,`
Packit	c4476c	`ERR_R_INTERNAL_ERROR);`
Packit	c4476c	`return 0;`
Packit	c4476c	`}`
Packit	c4476c	`/*`
Packit	c4476c	`* Indicate extension has been sent: this is both a sanity check to`
Packit	c4476c	`* ensure we don't send duplicate extensions and indicates that it`
Packit	c4476c	`* is not an error if the extension is present in ServerHello.`
Packit	c4476c	`*/`
Packit	c4476c	`meth->ext_flags \|= SSL_EXT_FLAG_SENT;`
Packit	c4476c	`}`
Packit	c4476c	`if (meth->free_cb != NULL)`
Packit	c4476c	`meth->free_cb(s, meth->ext_type, context, out, meth->add_arg);`
Packit	c4476c	`}`
Packit	c4476c	`return 1;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`/* Copy the flags from src to dst for any extensions that exist in both */`
Packit	c4476c	`int custom_exts_copy_flags(custom_ext_methods *dst,`
Packit	c4476c	`const custom_ext_methods *src)`
Packit	c4476c	`{`
Packit	c4476c	`size_t i;`
Packit	c4476c	`custom_ext_method *methsrc = src->meths;`
Packit	c4476c
Packit	c4476c	`for (i = 0; i < src->meths_count; i++, methsrc++) {`
Packit	c4476c	`custom_ext_method *methdst = custom_ext_find(dst, methsrc->role,`
Packit	c4476c	`methsrc->ext_type, NULL);`
Packit	c4476c
Packit	c4476c	`if (methdst == NULL)`
Packit	c4476c	`continue;`
Packit	c4476c
Packit	c4476c	`methdst->ext_flags = methsrc->ext_flags;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`return 1;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`/* Copy table of custom extensions */`
Packit	c4476c	`int custom_exts_copy(custom_ext_methods dst, const custom_ext_methods src)`
Packit	c4476c	`{`
Packit	c4476c	`size_t i;`
Packit	c4476c	`int err = 0;`
Packit	c4476c
Packit	c4476c	`if (src->meths_count > 0) {`
Packit	c4476c	`dst->meths =`
Packit	c4476c	`OPENSSL_memdup(src->meths,`
Packit	c4476c	`sizeof(src->meths) src->meths_count);`
Packit	c4476c	`if (dst->meths == NULL)`
Packit	c4476c	`return 0;`
Packit	c4476c	`dst->meths_count = src->meths_count;`
Packit	c4476c
Packit	c4476c	`for (i = 0; i < src->meths_count; i++) {`
Packit	c4476c	`custom_ext_method *methsrc = src->meths + i;`
Packit	c4476c	`custom_ext_method *methdst = dst->meths + i;`
Packit	c4476c
Packit	c4476c	`if (methsrc->add_cb != custom_ext_add_old_cb_wrap)`
Packit	c4476c	`continue;`
Packit	c4476c
Packit	c4476c	`/*`
Packit	c4476c	`* We have found an old style API wrapper. We need to copy the`
Packit	c4476c	`* arguments too.`
Packit	c4476c	`*/`
Packit	c4476c
Packit	c4476c	`if (err) {`
Packit	c4476c	`methdst->add_arg = NULL;`
Packit	c4476c	`methdst->parse_arg = NULL;`
Packit	c4476c	`continue;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`methdst->add_arg = OPENSSL_memdup(methsrc->add_arg,`
Packit	c4476c	`sizeof(custom_ext_add_cb_wrap));`
Packit	c4476c	`methdst->parse_arg = OPENSSL_memdup(methsrc->parse_arg,`
Packit	c4476c	`sizeof(custom_ext_parse_cb_wrap));`
Packit	c4476c
Packit	c4476c	`if (methdst->add_arg == NULL \|\| methdst->parse_arg == NULL)`
Packit	c4476c	`err = 1;`
Packit	c4476c	`}`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`if (err) {`
Packit	c4476c	`custom_exts_free(dst);`
Packit	c4476c	`return 0;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`return 1;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`void custom_exts_free(custom_ext_methods *exts)`
Packit	c4476c	`{`
Packit	c4476c	`size_t i;`
Packit	c4476c	`custom_ext_method *meth;`
Packit	c4476c
Packit	c4476c	`for (i = 0, meth = exts->meths; i < exts->meths_count; i++, meth++) {`
Packit	c4476c	`if (meth->add_cb != custom_ext_add_old_cb_wrap)`
Packit	c4476c	`continue;`
Packit	c4476c
Packit	c4476c	`/* Old style API wrapper. Need to free the arguments too */`
Packit	c4476c	`OPENSSL_free(meth->add_arg);`
Packit	c4476c	`OPENSSL_free(meth->parse_arg);`
Packit	c4476c	`}`
Packit	c4476c	`OPENSSL_free(exts->meths);`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`/* Return true if a client custom extension exists, false otherwise */`
Packit	c4476c	`int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type)`
Packit	c4476c	`{`
Packit	c4476c	`return custom_ext_find(&ctx->cert->custext, ENDPOINT_CLIENT, ext_type,`
Packit	c4476c	`NULL) != NULL;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`static int add_custom_ext_intern(SSL_CTX *ctx, ENDPOINT role,`
Packit	c4476c	`unsigned int ext_type,`
Packit	c4476c	`unsigned int context,`
Packit	c4476c	`SSL_custom_ext_add_cb_ex add_cb,`
Packit	c4476c	`SSL_custom_ext_free_cb_ex free_cb,`
Packit	c4476c	`void *add_arg,`
Packit	c4476c	`SSL_custom_ext_parse_cb_ex parse_cb,`
Packit	c4476c	`void *parse_arg)`
Packit	c4476c	`{`
Packit	c4476c	`custom_ext_methods *exts = &ctx->cert->custext;`
Packit	c4476c	`custom_ext_method meth, tmp;`
Packit	c4476c
Packit	c4476c	`/*`
Packit	c4476c	`* Check application error: if add_cb is not set free_cb will never be`
Packit	c4476c	`* called.`
Packit	c4476c	`*/`
Packit	c4476c	`if (add_cb == NULL && free_cb != NULL)`
Packit	c4476c	`return 0;`
Packit	c4476c
Packit	c4476c	`#ifndef OPENSSL_NO_CT`
Packit	c4476c	`/*`
Packit	c4476c	`* We don't want applications registering callbacks for SCT extensions`
Packit	c4476c	`* whilst simultaneously using the built-in SCT validation features, as`
Packit	c4476c	`* these two things may not play well together.`
Packit	c4476c	`*/`
Packit	c4476c	`if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp`
Packit	c4476c	`&& (context & SSL_EXT_CLIENT_HELLO) != 0`
Packit	c4476c	`&& SSL_CTX_ct_is_enabled(ctx))`
Packit	c4476c	`return 0;`
Packit	c4476c	`#endif`
Packit	c4476c
Packit	c4476c	`/*`
Packit	c4476c	`* Don't add if extension supported internally, but make exception`
Packit	c4476c	`* for extension types that previously were not supported, but now are.`
Packit	c4476c	`*/`
Packit	c4476c	`if (SSL_extension_supported(ext_type)`
Packit	c4476c	`&& ext_type != TLSEXT_TYPE_signed_certificate_timestamp)`
Packit	c4476c	`return 0;`
Packit	c4476c
Packit	c4476c	`/* Extension type must fit in 16 bits */`
Packit	c4476c	`if (ext_type > 0xffff)`
Packit	c4476c	`return 0;`
Packit	c4476c	`/* Search for duplicate */`
Packit	c4476c	`if (custom_ext_find(exts, role, ext_type, NULL))`
Packit	c4476c	`return 0;`
Packit	c4476c	`tmp = OPENSSL_realloc(exts->meths,`
Packit	c4476c	`(exts->meths_count + 1) * sizeof(custom_ext_method));`
Packit	c4476c	`if (tmp == NULL)`
Packit	c4476c	`return 0;`
Packit	c4476c
Packit	c4476c	`exts->meths = tmp;`
Packit	c4476c	`meth = exts->meths + exts->meths_count;`
Packit	c4476c	`memset(meth, 0, sizeof(*meth));`
Packit	c4476c	`meth->role = role;`
Packit	c4476c	`meth->context = context;`
Packit	c4476c	`meth->parse_cb = parse_cb;`
Packit	c4476c	`meth->add_cb = add_cb;`
Packit	c4476c	`meth->free_cb = free_cb;`
Packit	c4476c	`meth->ext_type = ext_type;`
Packit	c4476c	`meth->add_arg = add_arg;`
Packit	c4476c	`meth->parse_arg = parse_arg;`
Packit	c4476c	`exts->meths_count++;`
Packit	c4476c	`return 1;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`static int add_old_custom_ext(SSL_CTX *ctx, ENDPOINT role,`
Packit	c4476c	`unsigned int ext_type,`
Packit	c4476c	`unsigned int context,`
Packit	c4476c	`custom_ext_add_cb add_cb,`
Packit	c4476c	`custom_ext_free_cb free_cb,`
Packit	c4476c	`void *add_arg,`
Packit	c4476c	`custom_ext_parse_cb parse_cb, void *parse_arg)`
Packit	c4476c	`{`
Packit	c4476c	`custom_ext_add_cb_wrap *add_cb_wrap`
Packit	c4476c	`= OPENSSL_malloc(sizeof(*add_cb_wrap));`
Packit	c4476c	`custom_ext_parse_cb_wrap *parse_cb_wrap`
Packit	c4476c	`= OPENSSL_malloc(sizeof(*parse_cb_wrap));`
Packit	c4476c	`int ret;`
Packit	c4476c
Packit	c4476c	`if (add_cb_wrap == NULL \|\| parse_cb_wrap == NULL) {`
Packit	c4476c	`OPENSSL_free(add_cb_wrap);`
Packit	c4476c	`OPENSSL_free(parse_cb_wrap);`
Packit	c4476c	`return 0;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`add_cb_wrap->add_arg = add_arg;`
Packit	c4476c	`add_cb_wrap->add_cb = add_cb;`
Packit	c4476c	`add_cb_wrap->free_cb = free_cb;`
Packit	c4476c	`parse_cb_wrap->parse_arg = parse_arg;`
Packit	c4476c	`parse_cb_wrap->parse_cb = parse_cb;`
Packit	c4476c
Packit	c4476c	`ret = add_custom_ext_intern(ctx, role, ext_type,`
Packit	c4476c	`context,`
Packit	c4476c	`custom_ext_add_old_cb_wrap,`
Packit	c4476c	`custom_ext_free_old_cb_wrap,`
Packit	c4476c	`add_cb_wrap,`
Packit	c4476c	`custom_ext_parse_old_cb_wrap,`
Packit	c4476c	`parse_cb_wrap);`
Packit	c4476c
Packit	c4476c	`if (!ret) {`
Packit	c4476c	`OPENSSL_free(add_cb_wrap);`
Packit	c4476c	`OPENSSL_free(parse_cb_wrap);`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`return ret;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`/* Application level functions to add the old custom extension callbacks */`
Packit	c4476c	`int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,`
Packit	c4476c	`custom_ext_add_cb add_cb,`
Packit	c4476c	`custom_ext_free_cb free_cb,`
Packit	c4476c	`void *add_arg,`
Packit	c4476c	`custom_ext_parse_cb parse_cb, void *parse_arg)`
Packit	c4476c	`{`
Packit	c4476c	`return add_old_custom_ext(ctx, ENDPOINT_CLIENT, ext_type,`
Packit	c4476c	`SSL_EXT_TLS1_2_AND_BELOW_ONLY`
Packit	c4476c	`\| SSL_EXT_CLIENT_HELLO`
Packit	c4476c	`\| SSL_EXT_TLS1_2_SERVER_HELLO`
Packit	c4476c	`\| SSL_EXT_IGNORE_ON_RESUMPTION,`
Packit	c4476c	`add_cb, free_cb, add_arg, parse_cb, parse_arg);`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,`
Packit	c4476c	`custom_ext_add_cb add_cb,`
Packit	c4476c	`custom_ext_free_cb free_cb,`
Packit	c4476c	`void *add_arg,`
Packit	c4476c	`custom_ext_parse_cb parse_cb, void *parse_arg)`
Packit	c4476c	`{`
Packit	c4476c	`return add_old_custom_ext(ctx, ENDPOINT_SERVER, ext_type,`
Packit	c4476c	`SSL_EXT_TLS1_2_AND_BELOW_ONLY`
Packit	c4476c	`\| SSL_EXT_CLIENT_HELLO`
Packit	c4476c	`\| SSL_EXT_TLS1_2_SERVER_HELLO`
Packit	c4476c	`\| SSL_EXT_IGNORE_ON_RESUMPTION,`
Packit	c4476c	`add_cb, free_cb, add_arg, parse_cb, parse_arg);`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type,`
Packit	c4476c	`unsigned int context,`
Packit	c4476c	`SSL_custom_ext_add_cb_ex add_cb,`
Packit	c4476c	`SSL_custom_ext_free_cb_ex free_cb,`
Packit	c4476c	`void *add_arg,`
Packit	c4476c	`SSL_custom_ext_parse_cb_ex parse_cb, void *parse_arg)`
Packit	c4476c	`{`
Packit	c4476c	`return add_custom_ext_intern(ctx, ENDPOINT_BOTH, ext_type, context, add_cb,`
Packit	c4476c	`free_cb, add_arg, parse_cb, parse_arg);`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`int SSL_extension_supported(unsigned int ext_type)`
Packit	c4476c	`{`
Packit	c4476c	`switch (ext_type) {`
Packit	c4476c	`/* Internally supported extensions. */`
Packit	c4476c	`case TLSEXT_TYPE_application_layer_protocol_negotiation:`
Packit	c4476c	`#ifndef OPENSSL_NO_EC`
Packit	c4476c	`case TLSEXT_TYPE_ec_point_formats:`
Packit	c4476c	`case TLSEXT_TYPE_supported_groups:`
Packit	c4476c	`case TLSEXT_TYPE_key_share:`
Packit	c4476c	`#endif`
Packit	c4476c	`#ifndef OPENSSL_NO_NEXTPROTONEG`
Packit	c4476c	`case TLSEXT_TYPE_next_proto_neg:`
Packit	c4476c	`#endif`
Packit	c4476c	`case TLSEXT_TYPE_padding:`
Packit	c4476c	`case TLSEXT_TYPE_renegotiate:`
Packit	c4476c	`case TLSEXT_TYPE_max_fragment_length:`
Packit	c4476c	`case TLSEXT_TYPE_server_name:`
Packit	c4476c	`case TLSEXT_TYPE_session_ticket:`
Packit	c4476c	`case TLSEXT_TYPE_signature_algorithms:`
Packit	c4476c	`#ifndef OPENSSL_NO_SRP`
Packit	c4476c	`case TLSEXT_TYPE_srp:`
Packit	c4476c	`#endif`
Packit	c4476c	`#ifndef OPENSSL_NO_OCSP`
Packit	c4476c	`case TLSEXT_TYPE_status_request:`
Packit	c4476c	`#endif`
Packit	c4476c	`#ifndef OPENSSL_NO_CT`
Packit	c4476c	`case TLSEXT_TYPE_signed_certificate_timestamp:`
Packit	c4476c	`#endif`
Packit	c4476c	`#ifndef OPENSSL_NO_SRTP`
Packit	c4476c	`case TLSEXT_TYPE_use_srtp:`
Packit	c4476c	`#endif`
Packit	c4476c	`case TLSEXT_TYPE_encrypt_then_mac:`
Packit	c4476c	`case TLSEXT_TYPE_supported_versions:`
Packit	c4476c	`case TLSEXT_TYPE_extended_master_secret:`
Packit	c4476c	`case TLSEXT_TYPE_psk_kex_modes:`
Packit	c4476c	`case TLSEXT_TYPE_cookie:`
Packit	c4476c	`case TLSEXT_TYPE_early_data:`
Packit	c4476c	`case TLSEXT_TYPE_certificate_authorities:`
Packit	c4476c	`case TLSEXT_TYPE_psk:`
Packit	c4476c	`case TLSEXT_TYPE_post_handshake_auth:`
Packit	c4476c	`return 1;`
Packit	c4476c	`default:`
Packit	c4476c	`return 0;`
Packit	c4476c	`}`
Packit	c4476c	`}`

source-git / openssl

Source Code

Blame ssl/statem/extensions_cust.c