Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
btwise
openssl
提交
b948ee27
O
openssl
项目概览
btwise
/
openssl
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
O
openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
b948ee27
编写于
7月 04, 2014
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Remove all RFC5878 code.
Remove RFC5878 code. It is no longer needed for CT and has numerous bugs
上级
a23a6e85
变更
18
隐藏空白更改
内联
并排
Showing
18 changed file
with
8 addition
and
1054 deletion
+8
-1054
CHANGES
CHANGES
+0
-7
apps/s_cb.c
apps/s_cb.c
+0
-3
apps/s_client.c
apps/s_client.c
+0
-121
apps/s_server.c
apps/s_server.c
+0
-130
crypto/symhacks.h
crypto/symhacks.h
+0
-9
doc/apps/s_client.pod
doc/apps/s_client.pod
+0
-11
doc/apps/s_server.pod
doc/apps/s_server.pod
+1
-13
ssl/s23_clnt.c
ssl/s23_clnt.c
+0
-2
ssl/s3_clnt.c
ssl/s3_clnt.c
+5
-193
ssl/s3_srvr.c
ssl/s3_srvr.c
+2
-186
ssl/ssl.h
ssl/ssl.h
+0
-95
ssl/ssl3.h
ssl/ssl3.h
+0
-19
ssl/ssl_err.c
ssl/ssl_err.c
+0
-14
ssl/ssl_lib.c
ssl/ssl_lib.c
+0
-65
ssl/ssl_locl.h
ssl/ssl_locl.h
+0
-7
ssl/ssl_stat.c
ssl/ssl_stat.c
+0
-8
ssl/ssltest.c
ssl/ssltest.c
+0
-158
ssl/tls1.h
ssl/tls1.h
+0
-13
未找到文件。
CHANGES
浏览文件 @
b948ee27
...
...
@@ -60,10 +60,6 @@
[Steve Henson]
*) Add callbacks supporting generation and retrieval of supplemental
data entries.
[Scott Deboy <sdeboy@apache.org>, Trevor Perrin and Ben Laurie]
*) Add EVP support for key wrapping algorithms, to avoid problems with
existing code the flag EVP_CIPHER_CTX_WRAP_ALLOW has to be set in
the EVP_CIPHER_CTX or an error is returned. Add AES and DES3 wrap
...
...
@@ -528,9 +524,6 @@
*) Support for linux-x32, ILP32 environment in x86_64 framework.
[Andy Polyakov]
*) RFC 5878 (TLS Authorization Extensions) support.
[Emilia Kasper, Adam Langley, Ben Laurie (Google)]
*) Experimental multi-implementation support for FIPS capable OpenSSL.
When in FIPS mode the approved implementations are used as normal,
when not in FIPS mode the internal unapproved versions are used instead.
...
...
apps/s_cb.c
浏览文件 @
b948ee27
...
...
@@ -881,9 +881,6 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
case
20
:
str_details1
=
", Finished"
;
break
;
case
23
:
str_details1
=
", SupplementalData"
;
break
;
}
}
}
...
...
apps/s_client.c
浏览文件 @
b948ee27
...
...
@@ -214,8 +214,6 @@ static void sc_usage(void);
static
void
print_stuff
(
BIO
*
berr
,
SSL
*
con
,
int
full
);
#ifndef OPENSSL_NO_TLSEXT
static
int
ocsp_resp_cb
(
SSL
*
s
,
void
*
arg
);
static
int
c_auth
=
0
;
static
int
c_auth_require_reneg
=
0
;
#endif
static
BIO
*
bio_c_out
=
NULL
;
static
BIO
*
bio_c_msg
=
NULL
;
...
...
@@ -223,37 +221,6 @@ static int c_quiet=0;
static
int
c_ign_eof
=
0
;
static
int
c_brief
=
0
;
#ifndef OPENSSL_NO_TLSEXT
static
unsigned
char
*
generated_supp_data
=
NULL
;
static
const
unsigned
char
*
most_recent_supplemental_data
=
NULL
;
static
size_t
most_recent_supplemental_data_length
=
0
;
static
int
server_provided_server_authz
=
0
;
static
int
server_provided_client_authz
=
0
;
static
const
unsigned
char
auth_ext_data
[]
=
{
TLSEXT_AUTHZDATAFORMAT_dtcp
};
static
int
suppdata_cb
(
SSL
*
s
,
unsigned
short
supp_data_type
,
const
unsigned
char
*
in
,
unsigned
short
inlen
,
int
*
al
,
void
*
arg
);
static
int
auth_suppdata_generate_cb
(
SSL
*
s
,
unsigned
short
supp_data_type
,
const
unsigned
char
**
out
,
unsigned
short
*
outlen
,
int
*
al
,
void
*
arg
);
static
int
authz_tlsext_generate_cb
(
SSL
*
s
,
unsigned
short
ext_type
,
const
unsigned
char
**
out
,
unsigned
short
*
outlen
,
int
*
al
,
void
*
arg
);
static
int
authz_tlsext_cb
(
SSL
*
s
,
unsigned
short
ext_type
,
const
unsigned
char
*
in
,
unsigned
short
inlen
,
int
*
al
,
void
*
arg
);
#endif
#ifndef OPENSSL_NO_PSK
/* Default PSK identity and key */
static
char
*
psk_identity
=
"Client_identity"
;
...
...
@@ -396,8 +363,6 @@ static void sc_usage(void)
BIO_printf
(
bio_err
,
" -status - request certificate status from server
\n
"
);
BIO_printf
(
bio_err
,
" -no_ticket - disable use of RFC4507bis session tickets
\n
"
);
BIO_printf
(
bio_err
,
" -serverinfo types - send empty ClientHello extensions (comma-separated numbers)
\n
"
);
BIO_printf
(
bio_err
,
" -auth - send and receive RFC 5878 TLS auth extensions and supplemental data
\n
"
);
BIO_printf
(
bio_err
,
" -auth_require_reneg - Do not send TLS auth extensions until renegotiation
\n
"
);
# ifndef OPENSSL_NO_NEXTPROTONEG
BIO_printf
(
bio_err
,
" -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)
\n
"
);
# endif
...
...
@@ -863,10 +828,6 @@ static char *jpake_secret = NULL;
c_tlsextdebug
=
1
;
else
if
(
strcmp
(
*
argv
,
"-status"
)
==
0
)
c_status_req
=
1
;
else
if
(
strcmp
(
*
argv
,
"-auth"
)
==
0
)
c_auth
=
1
;
else
if
(
strcmp
(
*
argv
,
"-auth_require_reneg"
)
==
0
)
c_auth_require_reneg
=
1
;
#endif
#ifdef WATT32
else
if
(
strcmp
(
*
argv
,
"-wdebug"
)
==
0
)
...
...
@@ -1453,12 +1414,6 @@ bad:
}
#endif
if
(
c_auth
)
{
SSL_CTX_set_custom_cli_ext
(
ctx
,
TLSEXT_TYPE_client_authz
,
authz_tlsext_generate_cb
,
authz_tlsext_cb
,
bio_err
);
SSL_CTX_set_custom_cli_ext
(
ctx
,
TLSEXT_TYPE_server_authz
,
authz_tlsext_generate_cb
,
authz_tlsext_cb
,
bio_err
);
SSL_CTX_set_cli_supp_data
(
ctx
,
TLSEXT_SUPPLEMENTALDATATYPE_authz_data
,
suppdata_cb
,
auth_suppdata_generate_cb
,
bio_err
);
}
#endif
con
=
SSL_new
(
ctx
);
...
...
@@ -1807,12 +1762,6 @@ SSL_set_tlsext_status_ids(con, ids);
"CONNECTION ESTABLISHED
\n
"
);
print_ssl_summary
(
bio_err
,
con
);
}
/*handshake is complete - free the generated supp data allocated in the callback */
if
(
generated_supp_data
)
{
OPENSSL_free
(
generated_supp_data
);
generated_supp_data
=
NULL
;
}
print_stuff
(
bio_c_out
,
con
,
full_log
);
if
(
full_log
>
0
)
full_log
--
;
...
...
@@ -2463,74 +2412,4 @@ static int ocsp_resp_cb(SSL *s, void *arg)
return
1
;
}
static
int
authz_tlsext_cb
(
SSL
*
s
,
unsigned
short
ext_type
,
const
unsigned
char
*
in
,
unsigned
short
inlen
,
int
*
al
,
void
*
arg
)
{
if
(
TLSEXT_TYPE_server_authz
==
ext_type
)
server_provided_server_authz
=
(
memchr
(
in
,
TLSEXT_AUTHZDATAFORMAT_dtcp
,
inlen
)
!=
NULL
);
if
(
TLSEXT_TYPE_client_authz
==
ext_type
)
server_provided_client_authz
=
(
memchr
(
in
,
TLSEXT_AUTHZDATAFORMAT_dtcp
,
inlen
)
!=
NULL
);
return
1
;
}
static
int
authz_tlsext_generate_cb
(
SSL
*
s
,
unsigned
short
ext_type
,
const
unsigned
char
**
out
,
unsigned
short
*
outlen
,
int
*
al
,
void
*
arg
)
{
if
(
c_auth
)
{
/*if auth_require_reneg flag is set, only send extensions if
renegotiation has occurred */
if
(
!
c_auth_require_reneg
||
(
c_auth_require_reneg
&&
SSL_num_renegotiations
(
s
)))
{
*
out
=
auth_ext_data
;
*
outlen
=
1
;
return
1
;
}
}
/* no auth extension to send */
return
-
1
;
}
static
int
suppdata_cb
(
SSL
*
s
,
unsigned
short
supp_data_type
,
const
unsigned
char
*
in
,
unsigned
short
inlen
,
int
*
al
,
void
*
arg
)
{
if
(
supp_data_type
==
TLSEXT_SUPPLEMENTALDATATYPE_authz_data
)
{
most_recent_supplemental_data
=
in
;
most_recent_supplemental_data_length
=
inlen
;
}
return
1
;
}
static
int
auth_suppdata_generate_cb
(
SSL
*
s
,
unsigned
short
supp_data_type
,
const
unsigned
char
**
out
,
unsigned
short
*
outlen
,
int
*
al
,
void
*
arg
)
{
if
(
c_auth
&&
server_provided_client_authz
&&
server_provided_server_authz
)
{
/*if auth_require_reneg flag is set, only send supplemental data if
renegotiation has occurred */
if
(
!
c_auth_require_reneg
||
(
c_auth_require_reneg
&&
SSL_num_renegotiations
(
s
)))
{
generated_supp_data
=
OPENSSL_malloc
(
10
);
memcpy
(
generated_supp_data
,
"5432154321"
,
10
);
*
out
=
generated_supp_data
;
*
outlen
=
10
;
return
1
;
}
}
/* no supplemental data to send */
return
-
1
;
}
#endif
apps/s_server.c
浏览文件 @
b948ee27
...
...
@@ -224,20 +224,6 @@ static DH *load_dh_param(const char *dhfile);
static
void
s_server_init
(
void
);
#endif
#ifndef OPENSSL_NO_TLSEXT
static
const
unsigned
char
auth_ext_data
[]
=
{
TLSEXT_AUTHZDATAFORMAT_dtcp
};
static
unsigned
char
*
generated_supp_data
=
NULL
;
static
const
unsigned
char
*
most_recent_supplemental_data
=
NULL
;
static
size_t
most_recent_supplemental_data_length
=
0
;
static
int
client_provided_server_authz
=
0
;
static
int
client_provided_client_authz
=
0
;
#endif
/* static int load_CA(SSL_CTX *ctx, char *file);*/
#undef BUFSIZZ
...
...
@@ -302,29 +288,9 @@ static int cert_chain = 0;
#endif
#ifndef OPENSSL_NO_TLSEXT
static
int
suppdata_cb
(
SSL
*
s
,
unsigned
short
supp_data_type
,
const
unsigned
char
*
in
,
unsigned
short
inlen
,
int
*
al
,
void
*
arg
);
static
int
auth_suppdata_generate_cb
(
SSL
*
s
,
unsigned
short
supp_data_type
,
const
unsigned
char
**
out
,
unsigned
short
*
outlen
,
int
*
al
,
void
*
arg
);
static
int
authz_tlsext_generate_cb
(
SSL
*
s
,
unsigned
short
ext_type
,
const
unsigned
char
**
out
,
unsigned
short
*
outlen
,
int
*
al
,
void
*
arg
);
static
int
authz_tlsext_cb
(
SSL
*
s
,
unsigned
short
ext_type
,
const
unsigned
char
*
in
,
unsigned
short
inlen
,
int
*
al
,
void
*
arg
);
static
BIO
*
serverinfo_in
=
NULL
;
static
const
char
*
s_serverinfo_file
=
NULL
;
static
int
c_auth
=
0
;
static
int
c_auth_require_reneg
=
0
;
#endif
#ifndef OPENSSL_NO_PSK
...
...
@@ -490,8 +456,6 @@ static void sv_usage(void)
BIO_printf
(
bio_err
,
" -naccept arg - terminate after 'arg' connections
\n
"
);
#ifndef OPENSSL_NO_TLSEXT
BIO_printf
(
bio_err
,
" -serverinfo arg - PEM serverinfo file for certificate
\n
"
);
BIO_printf
(
bio_err
,
" -auth - send and receive RFC 5878 TLS auth extensions and supplemental data
\n
"
);
BIO_printf
(
bio_err
,
" -auth_require_reneg - Do not send TLS auth extensions until renegotiation
\n
"
);
#endif
BIO_printf
(
bio_err
,
" -no_resumption_on_reneg - set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag
\n
"
);
BIO_printf
(
bio_err
,
" -crl_check - check the peer certificate has not been revoked by its CA.
\n
"
\
...
...
@@ -1178,15 +1142,7 @@ int MAIN(int argc, char *argv[])
if
(
--
argc
<
1
)
goto
bad
;
s_serverinfo_file
=
*
(
++
argv
);
}
else
if
(
strcmp
(
*
argv
,
"-auth"
)
==
0
)
{
c_auth
=
1
;
}
#endif
else
if
(
strcmp
(
*
argv
,
"-auth_require_reneg"
)
==
0
)
{
c_auth_require_reneg
=
1
;
}
else
if
(
strcmp
(
*
argv
,
"-certform"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
...
...
@@ -1997,12 +1953,6 @@ bad:
ERR_print_errors
(
bio_err
);
goto
end
;
}
if
(
c_auth
)
{
SSL_CTX_set_custom_srv_ext
(
ctx
,
TLSEXT_TYPE_client_authz
,
authz_tlsext_cb
,
authz_tlsext_generate_cb
,
bio_err
);
SSL_CTX_set_custom_srv_ext
(
ctx
,
TLSEXT_TYPE_server_authz
,
authz_tlsext_cb
,
authz_tlsext_generate_cb
,
bio_err
);
SSL_CTX_set_srv_supp_data
(
ctx
,
TLSEXT_SUPPLEMENTALDATATYPE_authz_data
,
auth_suppdata_generate_cb
,
suppdata_cb
,
bio_err
);
}
#endif
#ifndef OPENSSL_NO_TLSEXT
if
(
ctx2
&&
!
set_cert_key_stuff
(
ctx2
,
s_cert2
,
s_key2
,
NULL
,
build_chain
))
...
...
@@ -2722,12 +2672,6 @@ static int init_ssl_connection(SSL *con)
i
=
SSL_accept
(
con
);
}
#endif
/*handshake is complete - free the generated supp data allocated in the callback */
if
(
generated_supp_data
)
{
OPENSSL_free
(
generated_supp_data
);
generated_supp_data
=
NULL
;
}
if
(
i
<=
0
)
{
...
...
@@ -3615,77 +3559,3 @@ static void free_sessions(void)
}
first
=
NULL
;
}
#ifndef OPENSSL_NO_TLSEXT
static
int
authz_tlsext_cb
(
SSL
*
s
,
unsigned
short
ext_type
,
const
unsigned
char
*
in
,
unsigned
short
inlen
,
int
*
al
,
void
*
arg
)
{
if
(
TLSEXT_TYPE_server_authz
==
ext_type
)
client_provided_server_authz
=
memchr
(
in
,
TLSEXT_AUTHZDATAFORMAT_dtcp
,
inlen
)
!=
NULL
;
if
(
TLSEXT_TYPE_client_authz
==
ext_type
)
client_provided_client_authz
=
memchr
(
in
,
TLSEXT_AUTHZDATAFORMAT_dtcp
,
inlen
)
!=
NULL
;
return
1
;
}
static
int
authz_tlsext_generate_cb
(
SSL
*
s
,
unsigned
short
ext_type
,
const
unsigned
char
**
out
,
unsigned
short
*
outlen
,
int
*
al
,
void
*
arg
)
{
if
(
c_auth
&&
client_provided_client_authz
&&
client_provided_server_authz
)
{
/*if auth_require_reneg flag is set, only send extensions if
renegotiation has occurred */
if
(
!
c_auth_require_reneg
||
(
c_auth_require_reneg
&&
SSL_num_renegotiations
(
s
)))
{
*
out
=
auth_ext_data
;
*
outlen
=
1
;
return
1
;
}
}
/* no auth extension to send */
return
-
1
;
}
static
int
suppdata_cb
(
SSL
*
s
,
unsigned
short
supp_data_type
,
const
unsigned
char
*
in
,
unsigned
short
inlen
,
int
*
al
,
void
*
arg
)
{
if
(
supp_data_type
==
TLSEXT_SUPPLEMENTALDATATYPE_authz_data
)
{
most_recent_supplemental_data
=
in
;
most_recent_supplemental_data_length
=
inlen
;
}
return
1
;
}
static
int
auth_suppdata_generate_cb
(
SSL
*
s
,
unsigned
short
supp_data_type
,
const
unsigned
char
**
out
,
unsigned
short
*
outlen
,
int
*
al
,
void
*
arg
)
{
if
(
c_auth
&&
client_provided_client_authz
&&
client_provided_server_authz
)
{
/*if auth_require_reneg flag is set, only send supplemental data if
renegotiation has occurred */
if
(
!
c_auth_require_reneg
||
(
c_auth_require_reneg
&&
SSL_num_renegotiations
(
s
)))
{
generated_supp_data
=
OPENSSL_malloc
(
10
);
memcpy
(
generated_supp_data
,
"1234512345"
,
10
);
*
out
=
generated_supp_data
;
*
outlen
=
10
;
return
1
;
}
}
/* no supplemental data to send */
return
-
1
;
}
#endif
crypto/symhacks.h
浏览文件 @
b948ee27
...
...
@@ -210,15 +210,6 @@
#undef SSL_set_not_resumable_session_callback
#define SSL_set_not_resumable_session_callback SSL_set_not_resumbl_sess_cb
#undef tls1_send_server_supplemental_data
#define tls1_send_server_supplemental_data tls1_send_server_suppl_data
#undef tls1_send_client_supplemental_data
#define tls1_send_client_supplemental_data tls1_send_client_suppl_data
#undef tls1_get_server_supplemental_data
#define tls1_get_server_supplemental_data tls1_get_server_suppl_data
#undef tls1_get_client_supplemental_data
#define tls1_get_client_supplemental_data tls1_get_client_suppl_data
/* Hack some long ENGINE names */
#undef ENGINE_get_default_BN_mod_exp_crt
#define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt
...
...
doc/apps/s_client.pod
浏览文件 @
b948ee27
...
...
@@ -76,8 +76,6 @@ B<openssl> B<s_client>
[B<-sess_in filename>]
[B<-rand file(s)>]
[B<-serverinfo types>]
[B<-auth>]
[B<-auth_require_reneg>]
=head1 DESCRIPTION
...
...
@@ -329,15 +327,6 @@ a list of comma-separated TLS Extension Types (numbers between 0 and
The server's response (if any) will be encoded and displayed as a PEM
file.
=item B<-auth>
send RFC 5878 client and server authorization extensions in the Client Hello as well as
supplemental data if the server also sent the authorization extensions in the Server Hello.
=item B<-auth_require_reneg>
only send RFC 5878 client and server authorization extensions during renegotiation.
=back
=head1 CONNECTED COMMANDS
...
...
doc/apps/s_server.pod
浏览文件 @
b948ee27
...
...
@@ -83,8 +83,6 @@ B<openssl> B<s_server>
[B<-id_prefix arg>]
[B<-rand file(s)>]
[B<-serverinfo file>]
[B<-auth>]
[B<-auth_require_reneg>]
[B<-no_resumption_on_reneg>]
=head1 DESCRIPTION
...
...
@@ -362,19 +360,9 @@ followed by "length" bytes of extension data). If the client sends
an empty TLS ClientHello extension matching the type, the corresponding
ServerHello extension will be returned.
=item B<-auth>
send RFC 5878 client and server authorization extensions in the Client Hello as well as
supplemental data if the server also sent the authorization extensions in the Server Hello.
=item B<-auth_require_reneg>
only send RFC 5878 client and server authorization extensions during renegotiation.
=item B<-no_resumption_on_reneg>
set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Required in order to receive supplemental data
during renegotiation if auth and auth_require_reneg are set.
set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag.
=back
...
...
ssl/s23_clnt.c
浏览文件 @
b948ee27
...
...
@@ -370,8 +370,6 @@ static int ssl23_client_hello(SSL *s)
#endif
if
(
s
->
ctx
->
custom_cli_ext_records_count
!=
0
)
ssl2_compat
=
0
;
if
(
s
->
ctx
->
cli_supp_data_records_count
!=
0
)
ssl2_compat
=
0
;
}
#endif
...
...
ssl/s3_clnt.c
浏览文件 @
b948ee27
...
...
@@ -318,26 +318,11 @@ int ssl3_connect(SSL *s)
}
s
->
init_num
=
0
;
break
;
#ifndef OPENSSL_NO_TLSEXT
case
SSL3_ST_CR_SUPPLEMENTAL_DATA_A
:
case
SSL3_ST_CR_SUPPLEMENTAL_DATA_B
:
ret
=
tls1_get_server_supplemental_data
(
s
);
if
(
ret
<=
0
)
goto
end
;
s
->
state
=
SSL3_ST_CR_CERT_A
;
s
->
init_num
=
0
;
break
;
#endif
case
SSL3_ST_CR_CERT_A
:
case
SSL3_ST_CR_CERT_B
:
#ifndef OPENSSL_NO_TLSEXT
ret
=
ssl3_check_finished
(
s
);
if
(
ret
<=
0
)
goto
end
;
if
(
ret
==
3
)
{
s
->
state
=
SSL3_ST_CR_SUPPLEMENTAL_DATA_A
;
s
->
init_num
=
0
;
break
;
}
if
(
ret
==
2
)
{
s
->
hit
=
1
;
...
...
@@ -416,14 +401,10 @@ int ssl3_connect(SSL *s)
}
}
#endif
#ifndef OPENSSL_NO_TLSEXT
s
->
state
=
SSL3_ST_CW_SUPPLEMENTAL_DATA_A
;
#else
if
(
s
->
s3
->
tmp
.
cert_req
)
s
->
state
=
SSL3_ST_CW_CERT_A
;
else
s
->
state
=
SSL3_ST_CW_KEY_EXCH_A
;
#endif
s
->
init_num
=
0
;
break
;
...
...
@@ -530,19 +511,6 @@ int ssl3_connect(SSL *s)
break
;
#endif
#ifndef OPENSSL_NO_TLSEXT
case
SSL3_ST_CW_SUPPLEMENTAL_DATA_A
:
case
SSL3_ST_CW_SUPPLEMENTAL_DATA_B
:
ret
=
tls1_send_client_supplemental_data
(
s
,
&
skip
);
if
(
ret
<=
0
)
goto
end
;
if
(
s
->
s3
->
tmp
.
cert_req
)
s
->
state
=
SSL3_ST_CW_CERT_A
;
else
s
->
state
=
SSL3_ST_CW_KEY_EXCH_A
;
s
->
init_num
=
0
;
break
;
#endif
case
SSL3_ST_CW_FINISHED_A
:
case
SSL3_ST_CW_FINISHED_B
:
ret
=
ssl3_send_finished
(
s
,
...
...
@@ -3611,10 +3579,11 @@ int ssl3_check_finished(SSL *s)
int
ok
;
long
n
;
/* Read the message to see if it is supplemental data,
* regardless if there is a session ticket this function is
* called when we really expect a Certificate message, so
* permit appropriate message length */
/* If we have no ticket it cannot be a resumed session. */
if
(
!
s
->
session
->
tlsext_tick
)
return
1
;
/* this function is called when we really expect a Certificate
* message, so permit appropriate message length */
n
=
s
->
method
->
ssl_get_message
(
s
,
SSL3_ST_CR_CERT_A
,
SSL3_ST_CR_CERT_B
,
...
...
@@ -3624,11 +3593,6 @@ int ssl3_check_finished(SSL *s)
if
(
!
ok
)
return
((
int
)
n
);
s
->
s3
->
tmp
.
reuse_message
=
1
;
if
(
s
->
s3
->
tmp
.
message_type
==
SSL3_MT_SUPPLEMENTAL_DATA
)
return
3
;
/* If we have no ticket it cannot be a resumed session. */
if
(
!
s
->
session
->
tlsext_tick
)
return
1
;
if
((
s
->
s3
->
tmp
.
message_type
==
SSL3_MT_FINISHED
)
||
(
s
->
s3
->
tmp
.
message_type
==
SSL3_MT_NEWSESSION_TICKET
))
return
2
;
...
...
@@ -3654,155 +3618,3 @@ int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
i
=
s
->
ctx
->
client_cert_cb
(
s
,
px509
,
ppkey
);
return
i
;
}
#ifndef OPENSSL_NO_TLSEXT
int
tls1_send_client_supplemental_data
(
SSL
*
s
,
int
*
skip
)
{
int
al
=
0
;
if
(
s
->
ctx
->
cli_supp_data_records_count
)
{
unsigned
char
*
p
=
NULL
;
unsigned
char
*
size_loc
=
NULL
;
cli_supp_data_record
*
record
=
NULL
;
size_t
length
=
0
;
size_t
i
=
0
;
for
(
i
=
0
;
i
<
s
->
ctx
->
cli_supp_data_records_count
;
i
++
)
{
const
unsigned
char
*
out
=
NULL
;
unsigned
short
outlen
=
0
;
int
cb_retval
=
0
;
record
=
&
s
->
ctx
->
cli_supp_data_records
[
i
];
/* NULL callback or -1 omits supp data entry*/
if
(
!
record
->
fn2
)
continue
;
cb_retval
=
record
->
fn2
(
s
,
record
->
supp_data_type
,
&
out
,
&
outlen
,
&
al
,
record
->
arg
);
if
(
cb_retval
==
-
1
)
continue
;
/* skip this supp data entry */
if
(
cb_retval
==
0
)
{
SSLerr
(
SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA
,
ERR_R_BUF_LIB
);
goto
f_err
;
}
if
(
outlen
==
0
||
TLSEXT_MAXLEN_supplemental_data
<
outlen
+
4
+
length
)
{
SSLerr
(
SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA
,
ERR_R_BUF_LIB
);
return
0
;
}
/* if first entry, write handshake message type */
if
(
length
==
0
)
{
if
(
!
BUF_MEM_grow_clean
(
s
->
init_buf
,
4
))
{
SSLerr
(
SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA
,
ERR_R_BUF_LIB
);
return
0
;
}
p
=
(
unsigned
char
*
)
s
->
init_buf
->
data
;
*
(
p
++
)
=
SSL3_MT_SUPPLEMENTAL_DATA
;
/* update message length when all
* callbacks complete */
size_loc
=
p
;
/* skip over handshake length field (3
* bytes) and supp_data length field
* (3 bytes) */
p
+=
3
+
3
;
length
+=
1
+
3
+
3
;
}
if
(
!
BUF_MEM_grow
(
s
->
init_buf
,
outlen
+
4
))
{
SSLerr
(
SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA
,
ERR_R_BUF_LIB
);
return
0
;
}
s2n
(
record
->
supp_data_type
,
p
);
s2n
(
outlen
,
p
);
memcpy
(
p
,
out
,
outlen
);
length
+=
(
outlen
+
4
);
p
+=
outlen
;
}
if
(
length
>
0
)
{
/* write handshake length */
l2n3
(
length
-
4
,
size_loc
);
/* supp_data length */
l2n3
(
length
-
7
,
size_loc
);
s
->
state
=
SSL3_ST_CW_SUPPLEMENTAL_DATA_B
;
s
->
init_num
=
length
;
s
->
init_off
=
0
;
return
ssl3_do_write
(
s
,
SSL3_RT_HANDSHAKE
);
}
}
/* no supp data message sent */
*
skip
=
1
;
s
->
init_num
=
0
;
s
->
init_off
=
0
;
return
1
;
f_err:
ssl3_send_alert
(
s
,
SSL3_AL_FATAL
,
al
);
return
0
;
}
int
tls1_get_server_supplemental_data
(
SSL
*
s
)
{
int
al
=
0
;
int
ok
;
long
n
;
const
unsigned
char
*
p
,
*
d
;
unsigned
short
supp_data_entry_type
=
0
;
unsigned
short
supp_data_entry_len
=
0
;
unsigned
long
supp_data_len
=
0
;
size_t
i
;
int
cb_retval
=
0
;
n
=
s
->
method
->
ssl_get_message
(
s
,
SSL3_ST_CR_SUPPLEMENTAL_DATA_A
,
SSL3_ST_CR_SUPPLEMENTAL_DATA_B
,
SSL3_MT_SUPPLEMENTAL_DATA
,
/* use default limit */
TLSEXT_MAXLEN_supplemental_data
,
&
ok
);
if
(
!
ok
)
return
((
int
)
n
);
p
=
(
unsigned
char
*
)
s
->
init_msg
;
d
=
p
;
/* The message cannot be empty */
if
(
n
<
3
)
{
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_TLS1_GET_SERVER_SUPPLEMENTAL_DATA
,
SSL_R_LENGTH_MISMATCH
);
goto
f_err
;
}
n2l3
(
p
,
supp_data_len
);
while
(
p
<
d
+
supp_data_len
)
{
n2s
(
p
,
supp_data_entry_type
);
n2s
(
p
,
supp_data_entry_len
);
/* if there is a callback for this supp data type, send it */
for
(
i
=
0
;
i
<
s
->
ctx
->
cli_supp_data_records_count
;
i
++
)
{
if
(
s
->
ctx
->
cli_supp_data_records
[
i
].
supp_data_type
==
supp_data_entry_type
&&
s
->
ctx
->
cli_supp_data_records
[
i
].
fn1
)
{
cb_retval
=
s
->
ctx
->
cli_supp_data_records
[
i
].
fn1
(
s
,
supp_data_entry_type
,
p
,
supp_data_entry_len
,
&
al
,
s
->
ctx
->
cli_supp_data_records
[
i
].
arg
);
if
(
cb_retval
==
0
)
{
SSLerr
(
SSL_F_TLS1_GET_SERVER_SUPPLEMENTAL_DATA
,
ERR_R_SSL_LIB
);
goto
f_err
;
}
}
}
p
+=
supp_data_entry_len
;
}
return
1
;
f_err:
ssl3_send_alert
(
s
,
SSL3_AL_FATAL
,
al
);
return
-
1
;
}
#endif
ssl/s3_srvr.c
浏览文件 @
b948ee27
...
...
@@ -409,24 +409,9 @@ int ssl3_accept(SSL *s)
s
->
state
=
SSL3_ST_SW_CHANGE_A
;
#endif
else
#ifndef OPENSSL_NO_TLSEXT
s
->
state
=
SSL3_ST_SW_SUPPLEMENTAL_DATA_A
;
#else
s
->
state
=
SSL3_ST_SW_CERT_A
;
#endif
s
->
init_num
=
0
;
break
;
#ifndef OPENSSL_NO_TLSEXT
case
SSL3_ST_SW_SUPPLEMENTAL_DATA_A
:
case
SSL3_ST_SW_SUPPLEMENTAL_DATA_B
:
ret
=
tls1_send_server_supplemental_data
(
s
,
&
skip
);
if
(
ret
<=
0
)
goto
end
;
s
->
state
=
SSL3_ST_SW_CERT_A
;
s
->
state
=
SSL3_ST_SW_CERT_A
;
s
->
init_num
=
0
;
break
;
#endif
case
SSL3_ST_SW_CERT_A
:
case
SSL3_ST_SW_CERT_B
:
...
...
@@ -596,16 +581,7 @@ int ssl3_accept(SSL *s)
s
->
state
=
s
->
s3
->
tmp
.
next_state
;
break
;
#ifndef OPENSSL_NO_TLSEXT
case
SSL3_ST_SR_SUPPLEMENTAL_DATA_A
:
case
SSL3_ST_SR_SUPPLEMENTAL_DATA_B
:
ret
=
tls1_get_client_supplemental_data
(
s
);
if
(
ret
<=
0
)
goto
end
;
s
->
s3
->
tmp
.
next_state
=
SSL3_ST_SR_CERT_A
;
s
->
state
=
SSL3_ST_SW_FLUSH
;
s
->
init_num
=
0
;
break
;
#endif
case
SSL3_ST_SR_CERT_A
:
case
SSL3_ST_SR_CERT_B
:
/* Check for second client hello (MS SGC) */
...
...
@@ -614,10 +590,6 @@ int ssl3_accept(SSL *s)
goto
end
;
if
(
ret
==
2
)
s
->
state
=
SSL3_ST_SR_CLNT_HELLO_C
;
#ifndef OPENSSL_NO_TLSEXT
else
if
(
ret
==
3
)
s
->
state
=
SSL3_ST_SR_SUPPLEMENTAL_DATA_A
;
#endif
else
{
if
(
s
->
s3
->
tmp
.
cert_request
)
{
...
...
@@ -913,10 +885,6 @@ int ssl3_check_client_hello(SSL *s)
&
ok
);
if
(
!
ok
)
return
((
int
)
n
);
s
->
s3
->
tmp
.
reuse_message
=
1
;
#ifndef OPENSSL_NO_TLSEXT
if
(
s
->
s3
->
tmp
.
message_type
==
SSL3_MT_SUPPLEMENTAL_DATA
)
return
3
;
#endif
if
(
s
->
s3
->
tmp
.
message_type
==
SSL3_MT_CLIENT_HELLO
)
{
/* We only allow the client to restart the handshake once per
...
...
@@ -3755,156 +3723,4 @@ int ssl3_get_next_proto(SSL *s)
}
# endif
int
tls1_send_server_supplemental_data
(
SSL
*
s
,
int
*
skip
)
{
int
al
=
0
;
if
(
s
->
ctx
->
srv_supp_data_records_count
)
{
unsigned
char
*
p
=
NULL
;
unsigned
char
*
size_loc
=
NULL
;
srv_supp_data_record
*
record
=
NULL
;
size_t
length
=
0
;
size_t
i
=
0
;
for
(
i
=
0
;
i
<
s
->
ctx
->
srv_supp_data_records_count
;
i
++
)
{
const
unsigned
char
*
out
=
NULL
;
unsigned
short
outlen
=
0
;
int
cb_retval
=
0
;
record
=
&
s
->
ctx
->
srv_supp_data_records
[
i
];
/* NULL callback or -1 omits supp data entry */
if
(
!
record
->
fn1
)
continue
;
cb_retval
=
record
->
fn1
(
s
,
record
->
supp_data_type
,
&
out
,
&
outlen
,
&
al
,
record
->
arg
);
if
(
cb_retval
==
-
1
)
continue
;
/* skip this supp data entry */
if
(
cb_retval
==
0
)
{
SSLerr
(
SSL_F_TLS1_SEND_SERVER_SUPPLEMENTAL_DATA
,
ERR_R_BUF_LIB
);
goto
f_err
;
}
if
(
outlen
==
0
||
TLSEXT_MAXLEN_supplemental_data
<
outlen
+
4
+
length
)
{
SSLerr
(
SSL_F_TLS1_SEND_SERVER_SUPPLEMENTAL_DATA
,
ERR_R_BUF_LIB
);
return
0
;
}
/* write supp data entry...
* if first entry, write handshake message type
* jump back to write length at end */
if
(
length
==
0
)
{
/* 1 byte message type + 3 bytes for
* message length */
if
(
!
BUF_MEM_grow_clean
(
s
->
init_buf
,
4
))
{
SSLerr
(
SSL_F_TLS1_SEND_SERVER_SUPPLEMENTAL_DATA
,
ERR_R_BUF_LIB
);
return
0
;
}
p
=
(
unsigned
char
*
)
s
->
init_buf
->
data
;
*
(
p
++
)
=
SSL3_MT_SUPPLEMENTAL_DATA
;
/* hold on to length field to update later */
size_loc
=
p
;
/* skip over handshake length field (3
* bytes) and supp_data length field
* (3 bytes) */
p
+=
3
+
3
;
length
+=
1
+
3
+
3
;
}
/* 2 byte supp data type + 2 byte length + outlen */
if
(
!
BUF_MEM_grow
(
s
->
init_buf
,
outlen
+
4
))
{
SSLerr
(
SSL_F_TLS1_SEND_SERVER_SUPPLEMENTAL_DATA
,
ERR_R_BUF_LIB
);
return
0
;
}
s2n
(
record
->
supp_data_type
,
p
);
s2n
(
outlen
,
p
);
memcpy
(
p
,
out
,
outlen
);
/* update length to supp data type (2 bytes) +
* supp data length (2 bytes) + supp data */
length
+=
(
outlen
+
4
);
p
+=
outlen
;
}
if
(
length
>
0
)
{
/* write handshake length */
l2n3
(
length
-
4
,
size_loc
);
/* supp_data length */
l2n3
(
length
-
7
,
size_loc
);
s
->
state
=
SSL3_ST_SW_SUPPLEMENTAL_DATA_B
;
s
->
init_num
=
length
;
s
->
init_off
=
0
;
return
ssl3_do_write
(
s
,
SSL3_RT_HANDSHAKE
);
}
}
/* no supp data message sent */
*
skip
=
1
;
s
->
init_num
=
0
;
s
->
init_off
=
0
;
return
1
;
f_err:
ssl3_send_alert
(
s
,
SSL3_AL_FATAL
,
al
);
return
0
;
}
int
tls1_get_client_supplemental_data
(
SSL
*
s
)
{
int
al
=
0
;
int
cb_retval
=
0
;
int
ok
;
long
n
;
const
unsigned
char
*
p
,
*
d
;
unsigned
short
supp_data_entry_type
=
0
;
unsigned
short
supp_data_entry_len
=
0
;
unsigned
long
supp_data_len
=
0
;
size_t
i
=
0
;
n
=
s
->
method
->
ssl_get_message
(
s
,
SSL3_ST_SR_SUPPLEMENTAL_DATA_A
,
SSL3_ST_SR_SUPPLEMENTAL_DATA_B
,
SSL3_MT_SUPPLEMENTAL_DATA
,
/* use default limit */
TLSEXT_MAXLEN_supplemental_data
,
&
ok
);
if
(
!
ok
)
return
((
int
)
n
);
p
=
(
unsigned
char
*
)
s
->
init_msg
;
d
=
p
;
/* The message cannot be empty */
if
(
n
<
3
)
{
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_TLS1_GET_CLIENT_SUPPLEMENTAL_DATA
,
SSL_R_LENGTH_MISMATCH
);
goto
f_err
;
}
n2l3
(
p
,
supp_data_len
);
while
(
p
<
d
+
supp_data_len
)
{
n2s
(
p
,
supp_data_entry_type
);
n2s
(
p
,
supp_data_entry_len
);
/* if there is a callback for this supp data type, send it */
for
(
i
=
0
;
i
<
s
->
ctx
->
srv_supp_data_records_count
;
i
++
)
{
if
(
s
->
ctx
->
srv_supp_data_records
[
i
].
supp_data_type
==
supp_data_entry_type
&&
s
->
ctx
->
srv_supp_data_records
[
i
].
fn2
)
{
cb_retval
=
s
->
ctx
->
srv_supp_data_records
[
i
].
fn2
(
s
,
supp_data_entry_type
,
p
,
supp_data_entry_len
,
&
al
,
s
->
ctx
->
srv_supp_data_records
[
i
].
arg
);
if
(
cb_retval
==
0
)
{
SSLerr
(
SSL_F_TLS1_GET_CLIENT_SUPPLEMENTAL_DATA
,
ERR_R_SSL_LIB
);
goto
f_err
;
}
}
}
p
+=
supp_data_entry_len
;
}
return
1
;
f_err:
ssl3_send_alert
(
s
,
SSL3_AL_FATAL
,
al
);
return
-
1
;
}
#endif
ssl/ssl.h
浏览文件 @
b948ee27
...
...
@@ -439,57 +439,6 @@ typedef struct {
void
*
arg
;
}
custom_srv_ext_record
;
/* Callbacks and structures for handling Supplemental Data:
* srv_supp_data_first_cb_fn - server sends Supplemental Data
* srv_supp_data_second_cb_fn - server receives Supplemental Data
* cli_supp_data_first_cb_fn - client receives Supplemental Data
* cli_supp_data_second_cb_fn - client sends Supplemental Data
*
* All these functions return nonzero on success. Zero will terminate
* the handshake (and return a specific TLS Fatal alert, if the function
* declaration has an "al" parameter). -1 for the "sending" functions
* will result in no supplemental data entry being added to the
* supplemental data message for the provided supplemental data type.
*
* "supp_data_type" is a Supplemental Data Type from 0-65535.
* "in" is a pointer to TLS "supplemental_data_entry" being provided to the cb.
* "out" is used by the callback to return a pointer to "supplemental data"
* which OpenSSL will later copy into the TLS handshake. The contents
* of this buffer should not be changed until the handshake is complete.
* "inlen" and "outlen" are Supplemental Data lengths from 0-65535.
* "al" is a TLS "AlertDescription" from 0-255 which WILL be sent as a
* fatal TLS alert, if the callback returns zero.
*/
typedef
int
(
*
srv_supp_data_first_cb_fn
)(
SSL
*
s
,
unsigned
short
supp_data_type
,
const
unsigned
char
**
out
,
unsigned
short
*
outlen
,
int
*
al
,
void
*
arg
);
typedef
int
(
*
srv_supp_data_second_cb_fn
)(
SSL
*
s
,
unsigned
short
supp_data_type
,
const
unsigned
char
*
in
,
unsigned
short
inlen
,
int
*
al
,
void
*
arg
);
typedef
int
(
*
cli_supp_data_first_cb_fn
)(
SSL
*
s
,
unsigned
short
supp_data_type
,
const
unsigned
char
*
in
,
unsigned
short
inlen
,
int
*
al
,
void
*
arg
);
typedef
int
(
*
cli_supp_data_second_cb_fn
)(
SSL
*
s
,
unsigned
short
supp_data_type
,
const
unsigned
char
**
out
,
unsigned
short
*
outlen
,
int
*
al
,
void
*
arg
);
typedef
struct
{
unsigned
short
supp_data_type
;
srv_supp_data_first_cb_fn
fn1
;
srv_supp_data_second_cb_fn
fn2
;
void
*
arg
;
}
srv_supp_data_record
;
typedef
struct
{
unsigned
short
supp_data_type
;
cli_supp_data_first_cb_fn
fn1
;
cli_supp_data_second_cb_fn
fn2
;
void
*
arg
;
}
cli_supp_data_record
;
#endif
#ifndef OPENSSL_NO_SSL_INTERN
...
...
@@ -1216,12 +1165,6 @@ struct ssl_ctx_st
size_t
custom_cli_ext_records_count
;
custom_srv_ext_record
*
custom_srv_ext_records
;
size_t
custom_srv_ext_records_count
;
/* Arrays containing the callbacks for Supplemental Data. */
cli_supp_data_record
*
cli_supp_data_records
;
size_t
cli_supp_data_records_count
;
srv_supp_data_record
*
srv_supp_data_records
;
size_t
srv_supp_data_records_count
;
};
#endif
...
...
@@ -1369,30 +1312,6 @@ int SSL_CTX_set_custom_srv_ext(SSL_CTX *ctx, unsigned short ext_type,
custom_srv_ext_first_cb_fn
fn1
,
custom_srv_ext_second_cb_fn
fn2
,
void
*
arg
);
/* Register callbacks to handle Supplemental Data as client or server.
*
* For SSL_CTX_set_srv_supp_data, a NULL srv_supp_data_first_cb_fn results in no supplemental data
* being sent by the server for that TLS extension.
* A NULL srv_supp_data_second_cb_fn results in no supplemental data
* being received by the server for that TLS extension.
*
* For SSL_CTX_set_cli_supp_data, a NULL cli_supp_data_first_cb_fn results in no supplemental data
* being received by the client for that TLS extension.
* A NULL cli_supp_data_second_cb_fn results in no supplemental data
* being sent by the client for that TLS extension.
*
* Returns nonzero on success. You cannot register twice for the same supp_data_type.
*/
int
SSL_CTX_set_srv_supp_data
(
SSL_CTX
*
ctx
,
unsigned
short
supp_data_type
,
srv_supp_data_first_cb_fn
fn1
,
srv_supp_data_second_cb_fn
fn2
,
void
*
arg
);
int
SSL_CTX_set_cli_supp_data
(
SSL_CTX
*
ctx
,
unsigned
short
supp_data_type
,
cli_supp_data_first_cb_fn
fn1
,
cli_supp_data_second_cb_fn
fn2
,
void
*
arg
);
#endif
#define SSL_NOTHING 1
...
...
@@ -2660,8 +2579,6 @@ void ERR_load_SSL_strings(void);
/* Error codes for the SSL functions. */
/* Function codes. */
#define SSL_F_AUTHZ_FIND_DATA 330
#define SSL_F_AUTHZ_VALIDATE 323
#define SSL_F_CHECK_SUITEB_CIPHER_LIST 331
#define SSL_F_CLIENT_CERTIFICATE 100
#define SSL_F_CLIENT_FINISHED 167
...
...
@@ -2705,7 +2622,6 @@ void ERR_load_SSL_strings(void);
#define SSL_F_GET_SERVER_HELLO 109
#define SSL_F_GET_SERVER_VERIFY 110
#define SSL_F_I2D_SSL_SESSION 111
#define SSL_F_READ_AUTHZ 329
#define SSL_F_READ_N 112
#define SSL_F_REQUEST_CERTIFICATE 113
#define SSL_F_SERVER_FINISH 239
...
...
@@ -2813,7 +2729,6 @@ void ERR_load_SSL_strings(void);
#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219
#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
#define SSL_F_SSL_CTX_SET_TRUST 229
#define SSL_F_SSL_CTX_USE_AUTHZ 324
#define SSL_F_SSL_CTX_USE_CERTIFICATE 171
#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172
#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220
...
...
@@ -2855,7 +2770,6 @@ void ERR_load_SSL_strings(void);
#define SSL_F_SSL_SESSION_PRINT_FP 190
#define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312
#define SSL_F_SSL_SESS_CERT_NEW 225
#define SSL_F_SSL_SET_AUTHZ 325
#define SSL_F_SSL_SET_CERT 191
#define SSL_F_SSL_SET_CIPHER_LIST 271
#define SSL_F_SSL_SET_FD 192
...
...
@@ -2872,7 +2786,6 @@ void ERR_load_SSL_strings(void);
#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243
#define SSL_F_SSL_UNDEFINED_FUNCTION 197
#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244
#define SSL_F_SSL_USE_AUTHZ 328
#define SSL_F_SSL_USE_CERTIFICATE 198
#define SSL_F_SSL_USE_CERTIFICATE_ASN1 199
#define SSL_F_SSL_USE_CERTIFICATE_FILE 200
...
...
@@ -2891,21 +2804,16 @@ void ERR_load_SSL_strings(void);
#define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274
#define SSL_F_TLS1_ENC 210
#define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314
#define SSL_F_TLS1_GET_CLIENT_SUPPLEMENTAL_DATA 335
#define SSL_F_TLS1_GET_SERVER_SUPPLEMENTAL_DATA 326
#define SSL_F_TLS1_HEARTBEAT 315
#define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275
#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276
#define SSL_F_TLS1_PRF 284
#define SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA 338
#define SSL_F_TLS1_SEND_SERVER_SUPPLEMENTAL_DATA 327
#define SSL_F_TLS1_SETUP_KEY_BLOCK 211
#define SSL_F_WRITE_PENDING 212
/* Reason codes. */
#define SSL_R_APP_DATA_IN_HANDSHAKE 100
#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
#define SSL_R_AUTHZ_DATA_TOO_LARGE 375
#define SSL_R_BAD_ALERT_RECORD 101
#define SSL_R_BAD_AUTHENTICATION_TYPE 102
#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103
...
...
@@ -3003,7 +2911,6 @@ void ERR_load_SSL_strings(void);
#define SSL_R_ILLEGAL_SUITEB_DIGEST 380
#define SSL_R_INCONSISTENT_COMPRESSION 340
#define SSL_R_INVALID_AUDIT_PROOF 371
#define SSL_R_INVALID_AUTHZ_DATA 374
#define SSL_R_INVALID_CHALLENGE_LENGTH 158
#define SSL_R_INVALID_COMMAND 280
#define SSL_R_INVALID_COMPRESSION_ALGORITHM 341
...
...
@@ -3195,7 +3102,6 @@ void ERR_load_SSL_strings(void);
#define SSL_R_UNEXPECTED_RECORD 245
#define SSL_R_UNINITIALIZED 276
#define SSL_R_UNKNOWN_ALERT_TYPE 246
#define SSL_R_UNKNOWN_AUTHZ_DATA_TYPE 372
#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247
#define SSL_R_UNKNOWN_CIPHER_RETURNED 248
#define SSL_R_UNKNOWN_CIPHER_TYPE 249
...
...
@@ -3207,7 +3113,6 @@ void ERR_load_SSL_strings(void);
#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253
#define SSL_R_UNKNOWN_SSL_VERSION 254
#define SSL_R_UNKNOWN_STATE 255
#define SSL_R_UNKNOWN_SUPPLEMENTAL_DATA_TYPE 373
#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338
#define SSL_R_UNSUPPORTED_CIPHER 256
#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
...
...
ssl/ssl3.h
浏览文件 @
b948ee27
...
...
@@ -637,10 +637,6 @@ typedef struct ssl3_state_st
#define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT)
#define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT)
#define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT)
#ifndef OPENSSL_NO_TLSEXT
#define SSL3_ST_CR_SUPPLEMENTAL_DATA_A (0x212|SSL_ST_CONNECT)
#define SSL3_ST_CR_SUPPLEMENTAL_DATA_B (0x213|SSL_ST_CONNECT)
#endif
/* write to server */
#define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT)
#define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT)
...
...
@@ -656,10 +652,6 @@ typedef struct ssl3_state_st
#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT)
#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT)
#endif
#ifndef OPENSSL_NO_TLSEXT
#define SSL3_ST_CW_SUPPLEMENTAL_DATA_A (0x222|SSL_ST_CONNECT)
#define SSL3_ST_CW_SUPPLEMENTAL_DATA_B (0x223|SSL_ST_CONNECT)
#endif
#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
/* read from server */
...
...
@@ -685,10 +677,6 @@ typedef struct ssl3_state_st
#define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CLNT_HELLO_D (0x115|SSL_ST_ACCEPT)
#ifndef OPENSSL_NO_TLSEXT
#define SSL3_ST_SR_SUPPLEMENTAL_DATA_A (0x212|SSL_ST_ACCEPT)
#define SSL3_ST_SR_SUPPLEMENTAL_DATA_B (0x213|SSL_ST_ACCEPT)
#endif
/* write to client */
#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)
#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)
...
...
@@ -729,10 +717,6 @@ typedef struct ssl3_state_st
#define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT)
#define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT)
#define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT)
#ifndef OPENSSL_NO_TLSEXT
#define SSL3_ST_SW_SUPPLEMENTAL_DATA_A (0x222|SSL_ST_ACCEPT)
#define SSL3_ST_SW_SUPPLEMENTAL_DATA_B (0x223|SSL_ST_ACCEPT)
#endif
#define SSL3_MT_HELLO_REQUEST 0
#define SSL3_MT_CLIENT_HELLO 1
...
...
@@ -746,9 +730,6 @@ typedef struct ssl3_state_st
#define SSL3_MT_CLIENT_KEY_EXCHANGE 16
#define SSL3_MT_FINISHED 20
#define SSL3_MT_CERTIFICATE_STATUS 22
#ifndef OPENSSL_NO_TLSEXT
#define SSL3_MT_SUPPLEMENTAL_DATA 23
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
#define SSL3_MT_NEXT_PROTO 67
#endif
...
...
ssl/ssl_err.c
浏览文件 @
b948ee27
...
...
@@ -70,8 +70,6 @@
static
ERR_STRING_DATA
SSL_str_functs
[]
=
{
{
ERR_FUNC
(
SSL_F_AUTHZ_FIND_DATA
),
"AUTHZ_FIND_DATA"
},
{
ERR_FUNC
(
SSL_F_AUTHZ_VALIDATE
),
"AUTHZ_VALIDATE"
},
{
ERR_FUNC
(
SSL_F_CHECK_SUITEB_CIPHER_LIST
),
"CHECK_SUITEB_CIPHER_LIST"
},
{
ERR_FUNC
(
SSL_F_CLIENT_CERTIFICATE
),
"CLIENT_CERTIFICATE"
},
{
ERR_FUNC
(
SSL_F_CLIENT_FINISHED
),
"CLIENT_FINISHED"
},
...
...
@@ -115,7 +113,6 @@ static ERR_STRING_DATA SSL_str_functs[]=
{
ERR_FUNC
(
SSL_F_GET_SERVER_HELLO
),
"GET_SERVER_HELLO"
},
{
ERR_FUNC
(
SSL_F_GET_SERVER_VERIFY
),
"GET_SERVER_VERIFY"
},
{
ERR_FUNC
(
SSL_F_I2D_SSL_SESSION
),
"i2d_SSL_SESSION"
},
{
ERR_FUNC
(
SSL_F_READ_AUTHZ
),
"READ_AUTHZ"
},
{
ERR_FUNC
(
SSL_F_READ_N
),
"READ_N"
},
{
ERR_FUNC
(
SSL_F_REQUEST_CERTIFICATE
),
"REQUEST_CERTIFICATE"
},
{
ERR_FUNC
(
SSL_F_SERVER_FINISH
),
"SERVER_FINISH"
},
...
...
@@ -223,7 +220,6 @@ static ERR_STRING_DATA SSL_str_functs[]=
{
ERR_FUNC
(
SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT
),
"SSL_CTX_set_session_id_context"
},
{
ERR_FUNC
(
SSL_F_SSL_CTX_SET_SSL_VERSION
),
"SSL_CTX_set_ssl_version"
},
{
ERR_FUNC
(
SSL_F_SSL_CTX_SET_TRUST
),
"SSL_CTX_set_trust"
},
{
ERR_FUNC
(
SSL_F_SSL_CTX_USE_AUTHZ
),
"SSL_CTX_USE_AUTHZ"
},
{
ERR_FUNC
(
SSL_F_SSL_CTX_USE_CERTIFICATE
),
"SSL_CTX_use_certificate"
},
{
ERR_FUNC
(
SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1
),
"SSL_CTX_use_certificate_ASN1"
},
{
ERR_FUNC
(
SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE
),
"SSL_CTX_use_certificate_chain_file"
},
...
...
@@ -265,7 +261,6 @@ static ERR_STRING_DATA SSL_str_functs[]=
{
ERR_FUNC
(
SSL_F_SSL_SESSION_PRINT_FP
),
"SSL_SESSION_print_fp"
},
{
ERR_FUNC
(
SSL_F_SSL_SESSION_SET1_ID_CONTEXT
),
"SSL_SESSION_set1_id_context"
},
{
ERR_FUNC
(
SSL_F_SSL_SESS_CERT_NEW
),
"ssl_sess_cert_new"
},
{
ERR_FUNC
(
SSL_F_SSL_SET_AUTHZ
),
"SSL_SET_AUTHZ"
},
{
ERR_FUNC
(
SSL_F_SSL_SET_CERT
),
"SSL_SET_CERT"
},
{
ERR_FUNC
(
SSL_F_SSL_SET_CIPHER_LIST
),
"SSL_set_cipher_list"
},
{
ERR_FUNC
(
SSL_F_SSL_SET_FD
),
"SSL_set_fd"
},
...
...
@@ -282,7 +277,6 @@ static ERR_STRING_DATA SSL_str_functs[]=
{
ERR_FUNC
(
SSL_F_SSL_UNDEFINED_CONST_FUNCTION
),
"ssl_undefined_const_function"
},
{
ERR_FUNC
(
SSL_F_SSL_UNDEFINED_FUNCTION
),
"ssl_undefined_function"
},
{
ERR_FUNC
(
SSL_F_SSL_UNDEFINED_VOID_FUNCTION
),
"ssl_undefined_void_function"
},
{
ERR_FUNC
(
SSL_F_SSL_USE_AUTHZ
),
"SSL_USE_AUTHZ"
},
{
ERR_FUNC
(
SSL_F_SSL_USE_CERTIFICATE
),
"SSL_use_certificate"
},
{
ERR_FUNC
(
SSL_F_SSL_USE_CERTIFICATE_ASN1
),
"SSL_use_certificate_ASN1"
},
{
ERR_FUNC
(
SSL_F_SSL_USE_CERTIFICATE_FILE
),
"SSL_use_certificate_file"
},
...
...
@@ -301,14 +295,10 @@ static ERR_STRING_DATA SSL_str_functs[]=
{
ERR_FUNC
(
SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT
),
"TLS1_CHECK_SERVERHELLO_TLSEXT"
},
{
ERR_FUNC
(
SSL_F_TLS1_ENC
),
"tls1_enc"
},
{
ERR_FUNC
(
SSL_F_TLS1_EXPORT_KEYING_MATERIAL
),
"tls1_export_keying_material"
},
{
ERR_FUNC
(
SSL_F_TLS1_GET_CLIENT_SUPPLEMENTAL_DATA
),
"tls1_get_client_supplemental_data"
},
{
ERR_FUNC
(
SSL_F_TLS1_GET_SERVER_SUPPLEMENTAL_DATA
),
"tls1_get_server_supplemental_data"
},
{
ERR_FUNC
(
SSL_F_TLS1_HEARTBEAT
),
"tls1_heartbeat"
},
{
ERR_FUNC
(
SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT
),
"TLS1_PREPARE_CLIENTHELLO_TLSEXT"
},
{
ERR_FUNC
(
SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT
),
"TLS1_PREPARE_SERVERHELLO_TLSEXT"
},
{
ERR_FUNC
(
SSL_F_TLS1_PRF
),
"tls1_prf"
},
{
ERR_FUNC
(
SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA
),
"tls1_send_client_supplemental_data"
},
{
ERR_FUNC
(
SSL_F_TLS1_SEND_SERVER_SUPPLEMENTAL_DATA
),
"tls1_send_server_supplemental_data"
},
{
ERR_FUNC
(
SSL_F_TLS1_SETUP_KEY_BLOCK
),
"tls1_setup_key_block"
},
{
ERR_FUNC
(
SSL_F_WRITE_PENDING
),
"WRITE_PENDING"
},
{
0
,
NULL
}
...
...
@@ -318,7 +308,6 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{
{
ERR_REASON
(
SSL_R_APP_DATA_IN_HANDSHAKE
)
,
"app data in handshake"
},
{
ERR_REASON
(
SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT
),
"attempt to reuse session in different context"
},
{
ERR_REASON
(
SSL_R_AUTHZ_DATA_TOO_LARGE
)
,
"authz data too large"
},
{
ERR_REASON
(
SSL_R_BAD_ALERT_RECORD
)
,
"bad alert record"
},
{
ERR_REASON
(
SSL_R_BAD_AUTHENTICATION_TYPE
),
"bad authentication type"
},
{
ERR_REASON
(
SSL_R_BAD_CHANGE_CIPHER_SPEC
),
"bad change cipher spec"
},
...
...
@@ -416,7 +405,6 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{
ERR_REASON
(
SSL_R_ILLEGAL_SUITEB_DIGEST
)
,
"illegal Suite B digest"
},
{
ERR_REASON
(
SSL_R_INCONSISTENT_COMPRESSION
),
"inconsistent compression"
},
{
ERR_REASON
(
SSL_R_INVALID_AUDIT_PROOF
)
,
"invalid audit proof"
},
{
ERR_REASON
(
SSL_R_INVALID_AUTHZ_DATA
)
,
"invalid authz data"
},
{
ERR_REASON
(
SSL_R_INVALID_CHALLENGE_LENGTH
),
"invalid challenge length"
},
{
ERR_REASON
(
SSL_R_INVALID_COMMAND
)
,
"invalid command"
},
{
ERR_REASON
(
SSL_R_INVALID_COMPRESSION_ALGORITHM
),
"invalid compression algorithm"
},
...
...
@@ -608,7 +596,6 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{
ERR_REASON
(
SSL_R_UNEXPECTED_RECORD
)
,
"unexpected record"
},
{
ERR_REASON
(
SSL_R_UNINITIALIZED
)
,
"uninitialized"
},
{
ERR_REASON
(
SSL_R_UNKNOWN_ALERT_TYPE
)
,
"unknown alert type"
},
{
ERR_REASON
(
SSL_R_UNKNOWN_AUTHZ_DATA_TYPE
),
"unknown authz data type"
},
{
ERR_REASON
(
SSL_R_UNKNOWN_CERTIFICATE_TYPE
),
"unknown certificate type"
},
{
ERR_REASON
(
SSL_R_UNKNOWN_CIPHER_RETURNED
),
"unknown cipher returned"
},
{
ERR_REASON
(
SSL_R_UNKNOWN_CIPHER_TYPE
)
,
"unknown cipher type"
},
...
...
@@ -620,7 +607,6 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{
ERR_REASON
(
SSL_R_UNKNOWN_REMOTE_ERROR_TYPE
),
"unknown remote error type"
},
{
ERR_REASON
(
SSL_R_UNKNOWN_SSL_VERSION
)
,
"unknown ssl version"
},
{
ERR_REASON
(
SSL_R_UNKNOWN_STATE
)
,
"unknown state"
},
{
ERR_REASON
(
SSL_R_UNKNOWN_SUPPLEMENTAL_DATA_TYPE
),
"unknown supplemental data type"
},
{
ERR_REASON
(
SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED
),
"unsafe legacy renegotiation disabled"
},
{
ERR_REASON
(
SSL_R_UNSUPPORTED_CIPHER
)
,
"unsupported cipher"
},
{
ERR_REASON
(
SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM
),
"unsupported compression algorithm"
},
...
...
ssl/ssl_lib.c
浏览文件 @
b948ee27
...
...
@@ -1879,65 +1879,6 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
*
len
=
ssl
->
s3
->
alpn_selected_len
;
}
int
SSL_CTX_set_cli_supp_data
(
SSL_CTX
*
ctx
,
unsigned
short
supp_data_type
,
cli_supp_data_first_cb_fn
fn1
,
cli_supp_data_second_cb_fn
fn2
,
void
*
arg
)
{
size_t
i
;
cli_supp_data_record
*
record
;
/* Check for duplicates */
for
(
i
=
0
;
i
<
ctx
->
cli_supp_data_records_count
;
i
++
)
if
(
supp_data_type
==
ctx
->
cli_supp_data_records
[
i
].
supp_data_type
)
return
0
;
ctx
->
cli_supp_data_records
=
OPENSSL_realloc
(
ctx
->
cli_supp_data_records
,
(
ctx
->
cli_supp_data_records_count
+
1
)
*
sizeof
(
cli_supp_data_record
));
if
(
!
ctx
->
cli_supp_data_records
)
{
ctx
->
cli_supp_data_records_count
=
0
;
return
0
;
}
ctx
->
cli_supp_data_records_count
++
;
record
=
&
ctx
->
cli_supp_data_records
[
ctx
->
cli_supp_data_records_count
-
1
];
record
->
supp_data_type
=
supp_data_type
;
record
->
fn1
=
fn1
;
record
->
fn2
=
fn2
;
record
->
arg
=
arg
;
return
1
;
}
int
SSL_CTX_set_srv_supp_data
(
SSL_CTX
*
ctx
,
unsigned
short
supp_data_type
,
srv_supp_data_first_cb_fn
fn1
,
srv_supp_data_second_cb_fn
fn2
,
void
*
arg
)
{
size_t
i
;
srv_supp_data_record
*
record
;
/* Check for duplicates */
for
(
i
=
0
;
i
<
ctx
->
srv_supp_data_records_count
;
i
++
)
if
(
supp_data_type
==
ctx
->
srv_supp_data_records
[
i
].
supp_data_type
)
return
0
;
ctx
->
srv_supp_data_records
=
OPENSSL_realloc
(
ctx
->
srv_supp_data_records
,
(
ctx
->
srv_supp_data_records_count
+
1
)
*
sizeof
(
srv_supp_data_record
));
if
(
!
ctx
->
srv_supp_data_records
)
{
ctx
->
srv_supp_data_records_count
=
0
;
return
0
;
}
ctx
->
srv_supp_data_records_count
++
;
record
=
&
ctx
->
srv_supp_data_records
[
ctx
->
srv_supp_data_records_count
-
1
];
record
->
supp_data_type
=
supp_data_type
;
record
->
fn1
=
fn1
;
record
->
fn2
=
fn2
;
record
->
arg
=
arg
;
return
1
;
}
#endif
/* !OPENSSL_NO_TLSEXT */
int
SSL_export_keying_material
(
SSL
*
s
,
unsigned
char
*
out
,
size_t
olen
,
...
...
@@ -2141,10 +2082,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
ret
->
custom_cli_ext_records_count
=
0
;
ret
->
custom_srv_ext_records
=
NULL
;
ret
->
custom_srv_ext_records_count
=
0
;
ret
->
cli_supp_data_records
=
NULL
;
ret
->
cli_supp_data_records_count
=
0
;
ret
->
srv_supp_data_records
=
NULL
;
ret
->
srv_supp_data_records_count
=
0
;
#ifndef OPENSSL_NO_BUF_FREELISTS
ret
->
freelist_max_len
=
SSL_MAX_BUF_FREELIST_LEN_DEFAULT
;
ret
->
rbuf_freelist
=
OPENSSL_malloc
(
sizeof
(
SSL3_BUF_FREELIST
));
...
...
@@ -2286,8 +2223,6 @@ void SSL_CTX_free(SSL_CTX *a)
#ifndef OPENSSL_NO_TLSEXT
OPENSSL_free
(
a
->
custom_cli_ext_records
);
OPENSSL_free
(
a
->
custom_srv_ext_records
);
OPENSSL_free
(
a
->
cli_supp_data_records
);
OPENSSL_free
(
a
->
srv_supp_data_records
);
#endif
#ifndef OPENSSL_NO_ENGINE
if
(
a
->
client_cert_engine
)
...
...
ssl/ssl_locl.h
浏览文件 @
b948ee27
...
...
@@ -1292,13 +1292,6 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d,
int
ssl_prepare_clienthello_tlsext
(
SSL
*
s
);
int
ssl_prepare_serverhello_tlsext
(
SSL
*
s
);
/* server only */
int
tls1_send_server_supplemental_data
(
SSL
*
s
,
int
*
skip
);
int
tls1_get_client_supplemental_data
(
SSL
*
s
);
/* client only */
int
tls1_send_client_supplemental_data
(
SSL
*
s
,
int
*
skip
);
int
tls1_get_server_supplemental_data
(
SSL
*
s
);
#ifndef OPENSSL_NO_HEARTBEATS
int
tls1_heartbeat
(
SSL
*
s
);
int
dtls1_heartbeat
(
SSL
*
s
);
...
...
ssl/ssl_stat.c
浏览文件 @
b948ee27
...
...
@@ -210,14 +210,6 @@ case SSL3_ST_SR_KEY_EXCH_A: str="SSLv3 read client key exchange A"; break;
case
SSL3_ST_SR_KEY_EXCH_B
:
str
=
"SSLv3 read client key exchange B"
;
break
;
case
SSL3_ST_SR_CERT_VRFY_A
:
str
=
"SSLv3 read certificate verify A"
;
break
;
case
SSL3_ST_SR_CERT_VRFY_B
:
str
=
"SSLv3 read certificate verify B"
;
break
;
case
SSL3_ST_CW_SUPPLEMENTAL_DATA_A
:
str
=
"SSLv3 client write supplemental data A"
;
break
;
case
SSL3_ST_CW_SUPPLEMENTAL_DATA_B
:
str
=
"SSLv3 client write supplemental data B"
;
break
;
case
SSL3_ST_SW_SUPPLEMENTAL_DATA_A
:
str
=
"SSLv3 server write supplemental data A"
;
break
;
case
SSL3_ST_SW_SUPPLEMENTAL_DATA_B
:
str
=
"SSLv3 client write supplemental data B"
;
break
;
case
SSL3_ST_CR_SUPPLEMENTAL_DATA_A
:
str
=
"SSLv3 client read supplemental data A"
;
break
;
case
SSL3_ST_CR_SUPPLEMENTAL_DATA_B
:
str
=
"SSLv3 client read supplemental data B"
;
break
;
case
SSL3_ST_SR_SUPPLEMENTAL_DATA_A
:
str
=
"SSLv3 server read supplemental data A"
;
break
;
case
SSL3_ST_SR_SUPPLEMENTAL_DATA_B
:
str
=
"SSLv3 client read supplemental data B"
;
break
;
#endif
/* SSLv2/v3 compatibility states */
...
...
ssl/ssltest.c
浏览文件 @
b948ee27
...
...
@@ -521,16 +521,6 @@ int custom_ext = 0;
/* This set based on extension callbacks */
int
custom_ext_error
=
0
;
/* Not IETF assigned supplemental data types */
#define CUSTOM_SUPP_DATA_TYPE_0 100
#define CUSTOM_SUPP_DATA_TYPE_1 101
#define CUSTOM_SUPP_DATA_TYPE_2 102
const
char
supp_data_0_string
[]
=
"00000"
;
int
suppdata
=
0
;
int
suppdata_error
=
0
;
static
int
serverinfo_cli_cb
(
SSL
*
s
,
unsigned
short
ext_type
,
const
unsigned
char
*
in
,
unsigned
short
inlen
,
int
*
al
,
void
*
arg
)
...
...
@@ -733,110 +723,6 @@ static int custom_ext_3_srv_second_cb(SSL *s, unsigned short ext_type,
return
1
;
/* Send "defg" */
}
static
int
supp_data_0_srv_first_cb
(
SSL
*
s
,
unsigned
short
supp_data_type
,
const
unsigned
char
**
out
,
unsigned
short
*
outlen
,
int
*
al
,
void
*
arg
)
{
*
out
=
(
const
unsigned
char
*
)
supp_data_0_string
;
*
outlen
=
strlen
(
supp_data_0_string
);
if
(
arg
!=
s
)
suppdata_error
=
1
;
return
1
;
}
static
int
supp_data_0_srv_second_cb
(
SSL
*
s
,
unsigned
short
supp_data_type
,
const
unsigned
char
*
in
,
unsigned
short
inlen
,
int
*
al
,
void
*
arg
)
{
if
(
supp_data_type
!=
CUSTOM_SUPP_DATA_TYPE_0
)
suppdata_error
=
1
;
if
(
inlen
!=
strlen
(
supp_data_0_string
))
suppdata_error
=
1
;
if
(
memcmp
(
in
,
supp_data_0_string
,
inlen
)
!=
0
)
suppdata_error
=
1
;
if
(
arg
!=
s
)
suppdata_error
=
1
;
return
1
;
}
static
int
supp_data_1_srv_first_cb
(
SSL
*
s
,
unsigned
short
supp_data_type
,
const
unsigned
char
**
out
,
unsigned
short
*
outlen
,
int
*
al
,
void
*
arg
)
{
return
-
1
;
}
static
int
supp_data_1_srv_second_cb
(
SSL
*
s
,
unsigned
short
supp_data_type
,
const
unsigned
char
*
in
,
unsigned
short
inlen
,
int
*
al
,
void
*
arg
)
{
suppdata_error
=
1
;
return
1
;
}
static
int
supp_data_2_srv_second_cb
(
SSL
*
s
,
unsigned
short
supp_data_type
,
const
unsigned
char
*
in
,
unsigned
short
inlen
,
int
*
al
,
void
*
arg
)
{
suppdata_error
=
1
;
return
1
;
}
static
int
supp_data_0_cli_first_cb
(
SSL
*
s
,
unsigned
short
supp_data_type
,
const
unsigned
char
*
in
,
unsigned
short
inlen
,
int
*
al
,
void
*
arg
)
{
if
(
supp_data_type
!=
CUSTOM_SUPP_DATA_TYPE_0
)
suppdata_error
=
1
;
if
(
inlen
!=
strlen
(
supp_data_0_string
))
suppdata_error
=
1
;
if
(
memcmp
(
in
,
supp_data_0_string
,
inlen
)
!=
0
)
suppdata_error
=
1
;
if
(
arg
!=
s
)
suppdata_error
=
1
;
return
1
;
}
static
int
supp_data_0_cli_second_cb
(
SSL
*
s
,
unsigned
short
supp_data_type
,
const
unsigned
char
**
out
,
unsigned
short
*
outlen
,
int
*
al
,
void
*
arg
)
{
*
out
=
(
const
unsigned
char
*
)
supp_data_0_string
;
*
outlen
=
strlen
(
supp_data_0_string
);
if
(
arg
!=
s
)
suppdata_error
=
1
;
return
1
;
}
static
int
supp_data_1_cli_first_cb
(
SSL
*
s
,
unsigned
short
supp_data_type
,
const
unsigned
char
*
in
,
unsigned
short
inlen
,
int
*
al
,
void
*
arg
)
{
suppdata_error
=
1
;
return
1
;
}
static
int
supp_data_1_cli_second_cb
(
SSL
*
s
,
unsigned
short
supp_data_type
,
const
unsigned
char
**
out
,
unsigned
short
*
outlen
,
int
*
al
,
void
*
arg
)
{
return
-
1
;
}
static
int
supp_data_2_cli_first_cb
(
SSL
*
s
,
unsigned
short
supp_data_type
,
const
unsigned
char
*
in
,
unsigned
short
inlen
,
int
*
al
,
void
*
arg
)
{
suppdata_error
=
1
;
return
1
;
}
static
char
*
cipher
=
NULL
;
static
int
verbose
=
0
;
static
int
debug
=
0
;
...
...
@@ -923,7 +809,6 @@ static void sv_usage(void)
fprintf
(
stderr
,
" -alpn_client <string> - have client side offer ALPN
\n
"
);
fprintf
(
stderr
,
" -alpn_server <string> - have server side offer ALPN
\n
"
);
fprintf
(
stderr
,
" -alpn_expected <string> - the ALPN protocol that should be negotiated
\n
"
);
fprintf
(
stderr
,
"-suppdata - exercise supplemental data callbacks
\n
"
);
}
static
void
print_details
(
SSL
*
c_ssl
,
const
char
*
prefix
)
...
...
@@ -1368,10 +1253,6 @@ int main(int argc, char *argv[])
if
(
--
argc
<
1
)
goto
bad
;
alpn_expected
=
*
(
++
argv
);
}
else
if
(
strcmp
(
*
argv
,
"-suppdata"
)
==
0
)
{
suppdata
=
1
;
}
else
{
fprintf
(
stderr
,
"unknown option %s
\n
"
,
*
argv
);
...
...
@@ -1766,40 +1647,6 @@ bad:
c_ssl
=
SSL_new
(
c_ctx
);
s_ssl
=
SSL_new
(
s_ctx
);
if
(
suppdata
)
{
/* TEST CASES */
/* client and server both send and receive, verify
* additional arg passed back */
SSL_CTX_set_srv_supp_data
(
s_ctx
,
CUSTOM_SUPP_DATA_TYPE_0
,
supp_data_0_srv_first_cb
,
supp_data_0_srv_second_cb
,
s_ssl
);
SSL_CTX_set_cli_supp_data
(
c_ctx
,
CUSTOM_SUPP_DATA_TYPE_0
,
supp_data_0_cli_first_cb
,
supp_data_0_cli_second_cb
,
c_ssl
);
/* -1 response from sending server/client doesn't
* receive, -1 response from sending client/server
* doesn't receive */
SSL_CTX_set_srv_supp_data
(
s_ctx
,
CUSTOM_SUPP_DATA_TYPE_1
,
supp_data_1_srv_first_cb
,
supp_data_1_srv_second_cb
,
NULL
);
SSL_CTX_set_cli_supp_data
(
c_ctx
,
CUSTOM_SUPP_DATA_TYPE_1
,
supp_data_1_cli_first_cb
,
supp_data_1_cli_second_cb
,
NULL
);
/* null sending server/client doesn't receive, null
sending client/server doesn't receive */
SSL_CTX_set_srv_supp_data
(
s_ctx
,
CUSTOM_SUPP_DATA_TYPE_2
,
/*supp_data_2_srv_first_cb*/
NULL
,
supp_data_2_srv_second_cb
,
NULL
);
SSL_CTX_set_cli_supp_data
(
c_ctx
,
CUSTOM_SUPP_DATA_TYPE_2
,
supp_data_2_cli_first_cb
,
/*supp_data_2_cli_second_cb*/
NULL
,
NULL
);
/* alerts set to non-zero and zero return values not tested */
}
#ifndef OPENSSL_NO_KRB5
if
(
c_ssl
&&
c_ssl
->
kssl_ctx
)
{
...
...
@@ -2586,11 +2433,6 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count)
goto
err
;
}
#endif
if
(
suppdata_error
<
0
)
{
ret
=
1
;
goto
err
;
}
if
(
verify_serverinfo
()
<
0
)
{
ret
=
1
;
...
...
ssl/tls1.h
浏览文件 @
b948ee27
...
...
@@ -211,11 +211,9 @@ extern "C" {
#define TLSEXT_TYPE_status_request 5
/* ExtensionType values from RFC4681 */
#define TLSEXT_TYPE_user_mapping 6
/* ExtensionType values from RFC5878 */
#define TLSEXT_TYPE_client_authz 7
#define TLSEXT_TYPE_server_authz 8
/* ExtensionType values from RFC6091 */
#define TLSEXT_TYPE_cert_type 9
...
...
@@ -312,17 +310,6 @@ extern "C" {
#define TLSEXT_MAXLEN_host_name 255
/* From RFC 5878 */
#define TLSEXT_SUPPLEMENTALDATATYPE_authz_data 16386
/* DTCP Authorization Type
* https://www.iana.org/assignments/tls-parameters/tls-parameters.xml#authorization-data-rules
* http://tools.ietf.org/id/draft-dthakore-tls-authz-04.txt
*/
#define TLSEXT_AUTHZDATAFORMAT_dtcp 66
#define TLSEXT_MAXLEN_supplemental_data 1024*16
/* Let's limit to 16k */
const
char
*
SSL_get_servername
(
const
SSL
*
s
,
const
int
type
);
int
SSL_get_servername_type
(
const
SSL
*
s
);
/* SSL_export_keying_material exports a value derived from the master secret,
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录