diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 18d36922e39a1042b615bb2fb224daac2a77a403..9dc4a3f18358c7fdf38765e39b2245034bfda40c 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -656,25 +656,30 @@ void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, unsigned int cookie_len)); # ifndef OPENSSL_NO_NEXTPROTONEG -# define SSL_CTX_set_npn_select_cb SSL_CTX_set_next_proto_select_cb -# define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb -# define SSL_get0_npn_negotiated SSL_get0_next_proto_negotiated + +typedef int (*SSL_CTX_npn_advertised_cb_func)(SSL *ssl, + const unsigned char **out, + unsigned int *outlen, + void *arg); void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, - int (*cb) (SSL *ssl, - const unsigned char **out, - unsigned int *outlen, - void *arg), - void *arg); + SSL_CTX_npn_advertised_cb_func cb, + void *arg); +# define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb + +typedef int (*SSL_CTX_npn_select_cb_func)(SSL *s, + unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg); void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, - int (*cb) (SSL *ssl, - unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, - void *arg), + SSL_CTX_npn_select_cb_func cb, void *arg); +# define SSL_CTX_set_npn_select_cb SSL_CTX_set_next_proto_select_cb + void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len); +# define SSL_get0_npn_negotiated SSL_get0_next_proto_negotiated # endif __owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, @@ -690,13 +695,15 @@ __owur int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, unsigned int protos_len); __owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, unsigned int protos_len); -void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, - int (*cb) (SSL *ssl, +typedef int (*SSL_CTX_alpn_select_cb_func)(SSL *ssl, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, - void *arg), void *arg); + void *arg); +void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, + SSL_CTX_alpn_select_cb_func cb, + void *arg); void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, unsigned int *len); @@ -707,64 +714,22 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, */ # define PSK_MAX_IDENTITY_LEN 128 # define PSK_MAX_PSK_LEN 256 -void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, - unsigned int (*psk_client_callback) (SSL - *ssl, - const - char - *hint, - char - *identity, - unsigned - int - max_identity_len, - unsigned - char - *psk, - unsigned - int - max_psk_len)); -void SSL_set_psk_client_callback(SSL *ssl, - unsigned int (*psk_client_callback) (SSL - *ssl, - const - char - *hint, - char - *identity, - unsigned - int - max_identity_len, - unsigned - char - *psk, - unsigned - int - max_psk_len)); -void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, - unsigned int (*psk_server_callback) (SSL - *ssl, - const - char - *identity, - unsigned - char - *psk, - unsigned - int - max_psk_len)); -void SSL_set_psk_server_callback(SSL *ssl, - unsigned int (*psk_server_callback) (SSL - *ssl, - const - char - *identity, - unsigned - char - *psk, - unsigned - int - max_psk_len)); +typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl, + const char *hint, + char *identity, + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len); +void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb); +void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb); + +typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl, + const char *identity, + unsigned char *psk, + unsigned int max_psk_len); +void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb); +void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb); + __owur int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); __owur int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); const char *SSL_get_psk_identity_hint(const SSL *s); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index ddc2ff78e7d0209230c074a3402e05fcc5f38d34..58873456c8134693e1f0eb7a89138f7e7cea50b8 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2267,10 +2267,7 @@ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, * ServerHello. */ void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx, - int (*cb) (SSL *ssl, - const unsigned char **out, - unsigned int *outlen, - void *arg), + SSL_CTX_npn_advertised_cb_func cb, void *arg) { ctx->ext.npn_advertised_cb = cb; @@ -2288,11 +2285,7 @@ void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx, * a value other than SSL_TLSEXT_ERR_OK. */ void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx, - int (*cb) (SSL *s, unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, - void *arg), + SSL_CTX_npn_select_cb_func cb, void *arg) { ctx->ext.npn_select_cb = cb; @@ -2344,12 +2337,8 @@ int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, * from the client's list of offered protocols. */ void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, - int (*cb) (SSL *ssl, - const unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, - void *arg), void *arg) + SSL_CTX_alpn_select_cb_func cb, + void *arg) { ctx->ext.alpn_select_cb = cb; ctx->ext.alpn_select_cb_arg = arg; @@ -3726,46 +3715,22 @@ const char *SSL_get_psk_identity(const SSL *s) return (s->session->psk_identity); } -void SSL_set_psk_client_callback(SSL *s, - unsigned int (*cb) (SSL *ssl, - const char *hint, - char *identity, - unsigned int - max_identity_len, - unsigned char *psk, - unsigned int max_psk_len)) +void SSL_set_psk_client_callback(SSL *s, SSL_psk_client_cb_func cb) { s->psk_client_callback = cb; } -void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, - unsigned int (*cb) (SSL *ssl, - const char *hint, - char *identity, - unsigned int - max_identity_len, - unsigned char *psk, - unsigned int - max_psk_len)) +void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb) { ctx->psk_client_callback = cb; } -void SSL_set_psk_server_callback(SSL *s, - unsigned int (*cb) (SSL *ssl, - const char *identity, - unsigned char *psk, - unsigned int max_psk_len)) +void SSL_set_psk_server_callback(SSL *s, SSL_psk_server_cb_func cb) { s->psk_server_callback = cb; } -void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, - unsigned int (*cb) (SSL *ssl, - const char *identity, - unsigned char *psk, - unsigned int - max_psk_len)) +void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb) { ctx->psk_server_callback = cb; } diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 06557bb4b2fdd4466810c649dca64ec7ff297e42..84a91a125f81f9fac072b0d6c7bff9030d1b734f 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -843,30 +843,20 @@ struct ssl_ctx_st { * For a server, this contains a callback function by which the set of * advertised protocols can be provided. */ - int (*npn_advertised_cb) (SSL *s, const unsigned char **buf, - unsigned int *len, void *arg); + SSL_CTX_npn_advertised_cb_func npn_advertised_cb; void *npn_advertised_cb_arg; /* * For a client, this contains a callback function that selects the next * protocol from the list provided by the server. */ - int (*npn_select_cb) (SSL *s, unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, void *arg); + SSL_CTX_npn_select_cb_func npn_select_cb; void *npn_select_cb_arg; # endif } ext; # ifndef OPENSSL_NO_PSK - unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, - char *identity, - unsigned int max_identity_len, - unsigned char *psk, - unsigned int max_psk_len); - unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, - unsigned char *psk, - unsigned int max_psk_len); + SSL_psk_client_cb_func psk_client_callback; + SSL_psk_server_cb_func psk_server_callback; # endif # ifndef OPENSSL_NO_SRP @@ -1002,14 +992,8 @@ struct ssl_st { /* actual code */ int error_code; # ifndef OPENSSL_NO_PSK - unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, - char *identity, - unsigned int max_identity_len, - unsigned char *psk, - unsigned int max_psk_len); - unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, - unsigned char *psk, - unsigned int max_psk_len); + SSL_psk_client_cb_func psk_client_callback; + SSL_psk_server_cb_func psk_server_callback; # endif SSL_CTX *ctx; /* Verified chain of peer */ diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 2568ac65733a7340fd36623557a6d8d0fbffb063..a68dd4883514cf5c18ce4b561c628a13afdf00d6 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -799,31 +799,13 @@ static int init_status_request(SSL *s, unsigned int context) * Ensure we get sensible values passed to tlsext_status_cb in the event * that we don't receive a status message */ - OPENSSL_free(s->tlsext_ocsp_resp); - s->ext.ocsp_resp = NULL; - s->ext.ocsp_resplen = 0; + OPENSSL_free(s->ext.ocsp.resp); + s->ext.ocsp.resp = NULL; + s->ext.ocsp.resp_len = 0; } return 1; } - -static int final_status_request(SSL *s, unsigned int context, int sent, - int *al) -{ - if (s->server) - return 1; - - /* - * Ensure we get sensible values passed to ext.status_cb in the event - * that we don't receive a status message - */ - OPENSSL_free(s->ext.ocsp.resp); - s->ext.ocsp.resp = NULL; - s->ext.ocsp.resp_len = 0; ->>>>>>> Move extension data into sub-structs - - return 1; -} #endif #ifndef OPENSSL_NO_NEXTPROTONEG diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 82713d2dfbd243eb78b37e334cf8278e82e21da1..9fa16b1417f06653e32fec7dbf0ec8b9303862e5 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2204,18 +2204,18 @@ int tls_process_cert_status_body(SSL *s, PACKET *pkt, int *al) SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS_BODY, SSL_R_LENGTH_MISMATCH); return 0; } - s->tlsext_ocsp_resp = OPENSSL_malloc(resplen); - if (s->ext.ocsp_resp == NULL) { + s->ext.ocsp.resp = OPENSSL_malloc(resplen); + if (s->ext.ocsp.resp == NULL) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS_BODY, ERR_R_MALLOC_FAILURE); return 0; } - if (!PACKET_copy_bytes(pkt, s->ext.ocsp_resp, resplen)) { + if (!PACKET_copy_bytes(pkt, s->ext.ocsp.resp, resplen)) { *al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS_BODY, SSL_R_LENGTH_MISMATCH); return 0; } - s->ext.ocsp_resplen = resplen; + s->ext.ocsp.resp_len = resplen; return 1; } diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 475f405768b9cc8ae3af40b3b9388e97bc9f4ef8..224b1581923602c79326f728c96e6e03b9914240 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3465,10 +3465,9 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) */ int tls_construct_cert_status_body(SSL *s, WPACKET *pkt) { -<<<<<<< 3b72dcd5fb4d2c756a830dba1fc34f4a7ae61b73 - if (!WPACKET_put_bytes_u8(pkt, s->tlsext_status_type) - || !WPACKET_sub_memcpy_u24(pkt, s->tlsext_ocsp_resp, - s->tlsext_ocsp_resplen)) { + if (!WPACKET_put_bytes_u8(pkt, s->ext.status_type) + || !WPACKET_sub_memcpy_u24(pkt, s->ext.ocsp.resp, + s->ext.ocsp.resp_len)) { SSLerr(SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY, ERR_R_INTERNAL_ERROR); return 0; } @@ -3479,12 +3478,6 @@ int tls_construct_cert_status_body(SSL *s, WPACKET *pkt) int tls_construct_cert_status(SSL *s, WPACKET *pkt) { if (!tls_construct_cert_status_body(s, pkt)) { -======= - if (!WPACKET_put_bytes_u8(pkt, s->ext.status_type) - || !WPACKET_sub_memcpy_u24(pkt, s->ext.ocsp.resp, - s->ext.ocsp.resp_len)) { - SSLerr(SSL_F_TLS_CONSTRUCT_CERT_STATUS, ERR_R_INTERNAL_ERROR); ->>>>>>> Move extension data into sub-structs ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); return 0; }