提交 8cbfcc70 编写于 作者: R Rich Salz

Use typedefs for PSK, NPN, ALPN callback functions

Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)
上级 aff8c126
......@@ -656,25 +656,30 @@ void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
unsigned int
cookie_len));
# ifndef OPENSSL_NO_NEXTPROTONEG
# define SSL_CTX_set_npn_select_cb SSL_CTX_set_next_proto_select_cb
# define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb
# define SSL_get0_npn_negotiated SSL_get0_next_proto_negotiated
typedef int (*SSL_CTX_npn_advertised_cb_func)(SSL *ssl,
const unsigned char **out,
unsigned int *outlen,
void *arg);
void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
int (*cb) (SSL *ssl,
const unsigned char **out,
unsigned int *outlen,
void *arg),
void *arg);
SSL_CTX_npn_advertised_cb_func cb,
void *arg);
# define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb
typedef int (*SSL_CTX_npn_select_cb_func)(SSL *s,
unsigned char **out,
unsigned char *outlen,
const unsigned char *in,
unsigned int inlen,
void *arg);
void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
int (*cb) (SSL *ssl,
unsigned char **out,
unsigned char *outlen,
const unsigned char *in,
unsigned int inlen,
void *arg),
SSL_CTX_npn_select_cb_func cb,
void *arg);
# define SSL_CTX_set_npn_select_cb SSL_CTX_set_next_proto_select_cb
void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
unsigned *len);
# define SSL_get0_npn_negotiated SSL_get0_next_proto_negotiated
# endif
__owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
......@@ -690,13 +695,15 @@ __owur int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
unsigned int protos_len);
__owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
unsigned int protos_len);
void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
int (*cb) (SSL *ssl,
typedef int (*SSL_CTX_alpn_select_cb_func)(SSL *ssl,
const unsigned char **out,
unsigned char *outlen,
const unsigned char *in,
unsigned int inlen,
void *arg), void *arg);
void *arg);
void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
SSL_CTX_alpn_select_cb_func cb,
void *arg);
void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
unsigned int *len);
......@@ -707,64 +714,22 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
*/
# define PSK_MAX_IDENTITY_LEN 128
# define PSK_MAX_PSK_LEN 256
void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
unsigned int (*psk_client_callback) (SSL
*ssl,
const
char
*hint,
char
*identity,
unsigned
int
max_identity_len,
unsigned
char
*psk,
unsigned
int
max_psk_len));
void SSL_set_psk_client_callback(SSL *ssl,
unsigned int (*psk_client_callback) (SSL
*ssl,
const
char
*hint,
char
*identity,
unsigned
int
max_identity_len,
unsigned
char
*psk,
unsigned
int
max_psk_len));
void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
unsigned int (*psk_server_callback) (SSL
*ssl,
const
char
*identity,
unsigned
char
*psk,
unsigned
int
max_psk_len));
void SSL_set_psk_server_callback(SSL *ssl,
unsigned int (*psk_server_callback) (SSL
*ssl,
const
char
*identity,
unsigned
char
*psk,
unsigned
int
max_psk_len));
typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl,
const char *hint,
char *identity,
unsigned int max_identity_len,
unsigned char *psk,
unsigned int max_psk_len);
void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb);
void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb);
typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl,
const char *identity,
unsigned char *psk,
unsigned int max_psk_len);
void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb);
void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb);
__owur int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
__owur int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
const char *SSL_get_psk_identity_hint(const SSL *s);
......
......@@ -2267,10 +2267,7 @@ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
* ServerHello.
*/
void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx,
int (*cb) (SSL *ssl,
const unsigned char **out,
unsigned int *outlen,
void *arg),
SSL_CTX_npn_advertised_cb_func cb,
void *arg)
{
ctx->ext.npn_advertised_cb = cb;
......@@ -2288,11 +2285,7 @@ void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx,
* a value other than SSL_TLSEXT_ERR_OK.
*/
void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx,
int (*cb) (SSL *s, unsigned char **out,
unsigned char *outlen,
const unsigned char *in,
unsigned int inlen,
void *arg),
SSL_CTX_npn_select_cb_func cb,
void *arg)
{
ctx->ext.npn_select_cb = cb;
......@@ -2344,12 +2337,8 @@ int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
* from the client's list of offered protocols.
*/
void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
int (*cb) (SSL *ssl,
const unsigned char **out,
unsigned char *outlen,
const unsigned char *in,
unsigned int inlen,
void *arg), void *arg)
SSL_CTX_alpn_select_cb_func cb,
void *arg)
{
ctx->ext.alpn_select_cb = cb;
ctx->ext.alpn_select_cb_arg = arg;
......@@ -3726,46 +3715,22 @@ const char *SSL_get_psk_identity(const SSL *s)
return (s->session->psk_identity);
}
void SSL_set_psk_client_callback(SSL *s,
unsigned int (*cb) (SSL *ssl,
const char *hint,
char *identity,
unsigned int
max_identity_len,
unsigned char *psk,
unsigned int max_psk_len))
void SSL_set_psk_client_callback(SSL *s, SSL_psk_client_cb_func cb)
{
s->psk_client_callback = cb;
}
void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
unsigned int (*cb) (SSL *ssl,
const char *hint,
char *identity,
unsigned int
max_identity_len,
unsigned char *psk,
unsigned int
max_psk_len))
void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb)
{
ctx->psk_client_callback = cb;
}
void SSL_set_psk_server_callback(SSL *s,
unsigned int (*cb) (SSL *ssl,
const char *identity,
unsigned char *psk,
unsigned int max_psk_len))
void SSL_set_psk_server_callback(SSL *s, SSL_psk_server_cb_func cb)
{
s->psk_server_callback = cb;
}
void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
unsigned int (*cb) (SSL *ssl,
const char *identity,
unsigned char *psk,
unsigned int
max_psk_len))
void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb)
{
ctx->psk_server_callback = cb;
}
......
......@@ -843,30 +843,20 @@ struct ssl_ctx_st {
* For a server, this contains a callback function by which the set of
* advertised protocols can be provided.
*/
int (*npn_advertised_cb) (SSL *s, const unsigned char **buf,
unsigned int *len, void *arg);
SSL_CTX_npn_advertised_cb_func npn_advertised_cb;
void *npn_advertised_cb_arg;
/*
* For a client, this contains a callback function that selects the next
* protocol from the list provided by the server.
*/
int (*npn_select_cb) (SSL *s, unsigned char **out,
unsigned char *outlen,
const unsigned char *in,
unsigned int inlen, void *arg);
SSL_CTX_npn_select_cb_func npn_select_cb;
void *npn_select_cb_arg;
# endif
} ext;
# ifndef OPENSSL_NO_PSK
unsigned int (*psk_client_callback) (SSL *ssl, const char *hint,
char *identity,
unsigned int max_identity_len,
unsigned char *psk,
unsigned int max_psk_len);
unsigned int (*psk_server_callback) (SSL *ssl, const char *identity,
unsigned char *psk,
unsigned int max_psk_len);
SSL_psk_client_cb_func psk_client_callback;
SSL_psk_server_cb_func psk_server_callback;
# endif
# ifndef OPENSSL_NO_SRP
......@@ -1002,14 +992,8 @@ struct ssl_st {
/* actual code */
int error_code;
# ifndef OPENSSL_NO_PSK
unsigned int (*psk_client_callback) (SSL *ssl, const char *hint,
char *identity,
unsigned int max_identity_len,
unsigned char *psk,
unsigned int max_psk_len);
unsigned int (*psk_server_callback) (SSL *ssl, const char *identity,
unsigned char *psk,
unsigned int max_psk_len);
SSL_psk_client_cb_func psk_client_callback;
SSL_psk_server_cb_func psk_server_callback;
# endif
SSL_CTX *ctx;
/* Verified chain of peer */
......
......@@ -799,31 +799,13 @@ static int init_status_request(SSL *s, unsigned int context)
* Ensure we get sensible values passed to tlsext_status_cb in the event
* that we don't receive a status message
*/
OPENSSL_free(s->tlsext_ocsp_resp);
s->ext.ocsp_resp = NULL;
s->ext.ocsp_resplen = 0;
OPENSSL_free(s->ext.ocsp.resp);
s->ext.ocsp.resp = NULL;
s->ext.ocsp.resp_len = 0;
}
return 1;
}
static int final_status_request(SSL *s, unsigned int context, int sent,
int *al)
{
if (s->server)
return 1;
/*
* Ensure we get sensible values passed to ext.status_cb in the event
* that we don't receive a status message
*/
OPENSSL_free(s->ext.ocsp.resp);
s->ext.ocsp.resp = NULL;
s->ext.ocsp.resp_len = 0;
>>>>>>> Move extension data into sub-structs
return 1;
}
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
......
......@@ -2204,18 +2204,18 @@ int tls_process_cert_status_body(SSL *s, PACKET *pkt, int *al)
SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS_BODY, SSL_R_LENGTH_MISMATCH);
return 0;
}
s->tlsext_ocsp_resp = OPENSSL_malloc(resplen);
if (s->ext.ocsp_resp == NULL) {
s->ext.ocsp.resp = OPENSSL_malloc(resplen);
if (s->ext.ocsp.resp == NULL) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS_BODY, ERR_R_MALLOC_FAILURE);
return 0;
}
if (!PACKET_copy_bytes(pkt, s->ext.ocsp_resp, resplen)) {
if (!PACKET_copy_bytes(pkt, s->ext.ocsp.resp, resplen)) {
*al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS_BODY, SSL_R_LENGTH_MISMATCH);
return 0;
}
s->ext.ocsp_resplen = resplen;
s->ext.ocsp.resp_len = resplen;
return 1;
}
......
......@@ -3465,10 +3465,9 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
*/
int tls_construct_cert_status_body(SSL *s, WPACKET *pkt)
{
<<<<<<< 3b72dcd5fb4d2c756a830dba1fc34f4a7ae61b73
if (!WPACKET_put_bytes_u8(pkt, s->tlsext_status_type)
|| !WPACKET_sub_memcpy_u24(pkt, s->tlsext_ocsp_resp,
s->tlsext_ocsp_resplen)) {
if (!WPACKET_put_bytes_u8(pkt, s->ext.status_type)
|| !WPACKET_sub_memcpy_u24(pkt, s->ext.ocsp.resp,
s->ext.ocsp.resp_len)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY, ERR_R_INTERNAL_ERROR);
return 0;
}
......@@ -3479,12 +3478,6 @@ int tls_construct_cert_status_body(SSL *s, WPACKET *pkt)
int tls_construct_cert_status(SSL *s, WPACKET *pkt)
{
if (!tls_construct_cert_status_body(s, pkt)) {
=======
if (!WPACKET_put_bytes_u8(pkt, s->ext.status_type)
|| !WPACKET_sub_memcpy_u24(pkt, s->ext.ocsp.resp,
s->ext.ocsp.resp_len)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CERT_STATUS, ERR_R_INTERNAL_ERROR);
>>>>>>> Move extension data into sub-structs
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return 0;
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册