From 423ceb831903339b589ea7b94c877ed190a7cb64 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 14 Aug 2014 13:25:50 +0100 Subject: [PATCH] Callback revision. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Use "parse" and "add" for function and callback names instead of "first" and "second". Change arguments to callback so the extension type is unsigned int and the buffer length is size_t. Note: this *will* break existing code. Reviewed-by: Emilia Käsper (cherry picked from commit de2a9e38f39eacc2e052d694f5b5fa5b7e734abc) --- apps/s_client.c | 4 +- ssl/ssl.h | 41 +++++++++---------- ssl/ssl_locl.h | 4 +- ssl/ssl_rsa.c | 24 ++++++------ ssl/ssltest.c | 102 ++++++++++++++++++++++++------------------------ ssl/t1_ext.c | 32 +++++++++------ 6 files changed, 104 insertions(+), 103 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index af349f9e44..818445768a 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -548,8 +548,8 @@ static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, con } # endif /* ndef OPENSSL_NO_NEXTPROTONEG */ -static int serverinfo_cli_cb(SSL* s, unsigned short ext_type, - const unsigned char* in, unsigned short inlen, +static int serverinfo_cli_cb(SSL* s, unsigned int ext_type, + const unsigned char* in, size_t inlen, int* al, void* arg) { char pem_name[100]; diff --git a/ssl/ssl.h b/ssl/ssl.h index 65dfe97933..4ce46cb95c 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -386,10 +386,10 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, S #ifndef OPENSSL_NO_TLSEXT /* Callbacks and structures for handling custom TLS Extensions: - * cli_ext_first_cb - sends data for ClientHello TLS Extension - * cli_ext_second_cb - receives data from ServerHello TLS Extension - * srv_ext_first_cb - receives data from ClientHello TLS Extension - * srv_ext_second_cb - sends data for ServerHello TLS Extension + * cli_ext_add_cb - sends data for ClientHello TLS Extension + * cli_ext_parse_cb - receives data from ServerHello TLS Extension + * srv_ext_parse_cb - receives data from ClientHello TLS Extension + * srv_ext_add_cb - sends data for ServerHello TLS Extension * * All these functions return nonzero on success. Zero will terminate * the handshake (and return a specific TLS Fatal alert, if the function @@ -406,21 +406,16 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, S * fatal TLS alert, if the callback returns zero. */ -typedef int (*custom_ext_add_cb)(SSL *s, unsigned short ext_type, +typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type, const unsigned char **out, - unsigned short *outlen, int *al, + size_t *outlen, int *al, void *arg); -typedef int (*custom_ext_parse_cb)(SSL *s, unsigned short ext_type, +typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type, const unsigned char *in, - unsigned short inlen, int *al, + size_t inlen, int *al, void *arg); -typedef custom_ext_add_cb custom_cli_ext_first_cb_fn; -typedef custom_ext_parse_cb custom_cli_ext_second_cb_fn; -typedef custom_ext_add_cb custom_srv_ext_second_cb_fn; -typedef custom_ext_parse_cb custom_srv_ext_first_cb_fn; - #endif #ifndef OPENSSL_NO_SSL_INTERN @@ -1269,22 +1264,22 @@ const char *SSL_get_psk_identity(const SSL *s); * handled by OpenSSL will fail. * * NULL can be registered for any callback function. For the client - * functions, a NULL custom_cli_ext_first_cb_fn sends an empty ClientHello - * Extension, and a NULL custom_cli_ext_second_cb_fn ignores the ServerHello + * functions, a NULL custom_ext_add_cb sends an empty ClientHello + * Extension, and a NULL custom_ext_parse_cb ignores the ServerHello * response (if any). * - * For the server functions, a NULL custom_srv_ext_first_cb_fn means the + * For the server functions, a NULL custom_ext_parse means the * ClientHello extension's data will be ignored, but the extension will still - * be noted and custom_srv_ext_second_cb_fn will still be invoked. A NULL + * be noted and custom_ext_add_cb will still be invoked. A NULL * custom_srv_ext_second_cb doesn't send a ServerHello extension. */ -int SSL_CTX_set_custom_cli_ext(SSL_CTX *ctx, unsigned short ext_type, - custom_cli_ext_first_cb_fn fn1, - custom_cli_ext_second_cb_fn fn2, void *arg); +int SSL_CTX_set_custom_cli_ext(SSL_CTX *ctx, unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_parse_cb parse_cb, void *arg); -int SSL_CTX_set_custom_srv_ext(SSL_CTX *ctx, unsigned short ext_type, - custom_srv_ext_first_cb_fn fn1, - custom_srv_ext_second_cb_fn fn2, void *arg); +int SSL_CTX_set_custom_srv_ext(SSL_CTX *ctx, unsigned int ext_type, + custom_ext_parse_cb parse_cb, + custom_ext_add_cb add_cb, void *arg); #endif diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index af08597474..01beecf10e 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1398,9 +1398,9 @@ int srp_verify_server_param(SSL *s, int *al); void custom_ext_init(custom_ext_methods *meths); int custom_ext_parse(SSL *s, int server, - unsigned short ext_type, + unsigned int ext_type, const unsigned char *ext_data, - unsigned short ext_size, + size_t ext_size, int *al); int custom_ext_add(SSL *s, int server, unsigned char **pret, diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 76e9194a01..11efe5c13e 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -796,9 +796,9 @@ end: #ifndef OPENSSL_NO_TLSEXT static int serverinfo_find_extension(const unsigned char *serverinfo, size_t serverinfo_length, - unsigned short extension_type, + unsigned int extension_type, const unsigned char **extension_data, - unsigned short *extension_length) + size_t *extension_length) { *extension_data = NULL; *extension_length = 0; @@ -806,8 +806,8 @@ static int serverinfo_find_extension(const unsigned char *serverinfo, return 0; for (;;) { - unsigned short type = 0; /* uint16 */ - unsigned short len = 0; /* uint16 */ + unsigned int type = 0; + size_t len = 0; /* end of serverinfo */ if (serverinfo_length == 0) @@ -843,9 +843,9 @@ static int serverinfo_find_extension(const unsigned char *serverinfo, return 0; /* Error */ } -static int serverinfo_srv_first_cb(SSL *s, unsigned short ext_type, +static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type, const unsigned char *in, - unsigned short inlen, int *al, + size_t inlen, int *al, void *arg) { @@ -858,8 +858,8 @@ static int serverinfo_srv_first_cb(SSL *s, unsigned short ext_type, return 1; } -static int serverinfo_srv_second_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, unsigned short *outlen, +static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type, + const unsigned char **out, size_t *outlen, int *al, void *arg) { const unsigned char *serverinfo = NULL; @@ -891,8 +891,8 @@ static int serverinfo_process_buffer(const unsigned char *serverinfo, return 0; for (;;) { - unsigned short ext_type = 0; /* uint16 */ - unsigned short len = 0; /* uint16 */ + unsigned int ext_type = 0; + size_t len = 0; /* end of serverinfo */ if (serverinfo_length == 0) @@ -906,8 +906,8 @@ static int serverinfo_process_buffer(const unsigned char *serverinfo, /* Register callbacks for extensions */ ext_type = (serverinfo[0] << 8) + serverinfo[1]; if (ctx && !SSL_CTX_set_custom_srv_ext(ctx, ext_type, - serverinfo_srv_first_cb, - serverinfo_srv_second_cb, NULL)) + serverinfo_srv_parse_cb, + serverinfo_srv_add_cb, NULL)) return 0; serverinfo += 2; diff --git a/ssl/ssltest.c b/ssl/ssltest.c index a1e662621e..6e5adca704 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -446,8 +446,8 @@ int custom_ext = 0; /* This set based on extension callbacks */ int custom_ext_error = 0; -static int serverinfo_cli_cb(SSL* s, unsigned short ext_type, - const unsigned char* in, unsigned short inlen, +static int serverinfo_cli_cb(SSL* s, unsigned int ext_type, + const unsigned char* in, size_t inlen, int* al, void* arg) { if (ext_type == SCT_EXT_TYPE) @@ -477,26 +477,26 @@ static int verify_serverinfo() * 3 - ClientHello with "abc", "defg" response */ -static int custom_ext_0_cli_first_cb(SSL *s, unsigned short ext_type, +static int custom_ext_0_cli_add_cb(SSL *s, unsigned int ext_type, const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + size_t *outlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_0) custom_ext_error = 1; return -1; /* Don't send an extension */ } -static int custom_ext_0_cli_second_cb(SSL *s, unsigned short ext_type, +static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type, const unsigned char *in, - unsigned short inlen, int *al, + size_t inlen, int *al, void *arg) { return 1; } -static int custom_ext_1_cli_first_cb(SSL *s, unsigned short ext_type, +static int custom_ext_1_cli_add_cb(SSL *s, unsigned int ext_type, const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + size_t *outlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_1) custom_ext_error = 1; @@ -505,17 +505,17 @@ static int custom_ext_1_cli_first_cb(SSL *s, unsigned short ext_type, return 1; /* Send "abc" */ } -static int custom_ext_1_cli_second_cb(SSL *s, unsigned short ext_type, +static int custom_ext_1_cli_parse_cb(SSL *s, unsigned int ext_type, const unsigned char *in, - unsigned short inlen, int *al, + size_t inlen, int *al, void *arg) { return 1; } -static int custom_ext_2_cli_first_cb(SSL *s, unsigned short ext_type, +static int custom_ext_2_cli_add_cb(SSL *s, unsigned int ext_type, const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + size_t *outlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_2) custom_ext_error = 1; @@ -524,9 +524,9 @@ static int custom_ext_2_cli_first_cb(SSL *s, unsigned short ext_type, return 1; /* Send "abc" */ } -static int custom_ext_2_cli_second_cb(SSL *s, unsigned short ext_type, +static int custom_ext_2_cli_parse_cb(SSL *s, unsigned int ext_type, const unsigned char *in, - unsigned short inlen, int *al, + size_t inlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_2) @@ -536,9 +536,9 @@ static int custom_ext_2_cli_second_cb(SSL *s, unsigned short ext_type, return 1; } -static int custom_ext_3_cli_first_cb(SSL *s, unsigned short ext_type, +static int custom_ext_3_cli_add_cb(SSL *s, unsigned int ext_type, const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + size_t *outlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_3) custom_ext_error = 1; @@ -547,9 +547,9 @@ static int custom_ext_3_cli_first_cb(SSL *s, unsigned short ext_type, return 1; /* Send "abc" */ } -static int custom_ext_3_cli_second_cb(SSL *s, unsigned short ext_type, +static int custom_ext_3_cli_parse_cb(SSL *s, unsigned int ext_type, const unsigned char *in, - unsigned short inlen, int *al, + size_t inlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_3) @@ -561,26 +561,26 @@ static int custom_ext_3_cli_second_cb(SSL *s, unsigned short ext_type, return 1; } -/* custom_ext_0_cli_first_cb returns -1 - the server won't receive a callback for this extension */ -static int custom_ext_0_srv_first_cb(SSL *s, unsigned short ext_type, +/* custom_ext_0_cli_parse_cb returns -1 - the server won't receive a callback for this extension */ +static int custom_ext_0_srv_parse_cb(SSL *s, unsigned int ext_type, const unsigned char *in, - unsigned short inlen, int *al, + size_t inlen, int *al, void *arg) { return 1; } /* 'generate' callbacks are always called, even if the 'receive' callback isn't called */ -static int custom_ext_0_srv_second_cb(SSL *s, unsigned short ext_type, +static int custom_ext_0_srv_add_cb(SSL *s, unsigned int ext_type, const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + size_t *outlen, int *al, void *arg) { return -1; /* Don't send an extension */ } -static int custom_ext_1_srv_first_cb(SSL *s, unsigned short ext_type, +static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type, const unsigned char *in, - unsigned short inlen, int *al, + size_t inlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_1) @@ -593,16 +593,16 @@ static int custom_ext_1_srv_first_cb(SSL *s, unsigned short ext_type, return 1; } -static int custom_ext_1_srv_second_cb(SSL *s, unsigned short ext_type, +static int custom_ext_1_srv_add_cb(SSL *s, unsigned int ext_type, const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + size_t *outlen, int *al, void *arg) { return -1; /* Don't send an extension */ } -static int custom_ext_2_srv_first_cb(SSL *s, unsigned short ext_type, +static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type, const unsigned char *in, - unsigned short inlen, int *al, + size_t inlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_2) @@ -615,18 +615,18 @@ static int custom_ext_2_srv_first_cb(SSL *s, unsigned short ext_type, return 1; } -static int custom_ext_2_srv_second_cb(SSL *s, unsigned short ext_type, +static int custom_ext_2_srv_add_cb(SSL *s, unsigned int ext_type, const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + size_t *outlen, int *al, void *arg) { *out = NULL; *outlen = 0; return 1; /* Send empty extension */ } -static int custom_ext_3_srv_first_cb(SSL *s, unsigned short ext_type, +static int custom_ext_3_srv_parse_cb(SSL *s, unsigned int ext_type, const unsigned char *in, - unsigned short inlen, int *al, + size_t inlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_3) @@ -639,9 +639,9 @@ static int custom_ext_3_srv_first_cb(SSL *s, unsigned short ext_type, return 1; } -static int custom_ext_3_srv_second_cb(SSL *s, unsigned short ext_type, +static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type, const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + size_t *outlen, int *al, void *arg) { *out = (const unsigned char*)custom_ext_srv_string; *outlen = strlen(custom_ext_srv_string); @@ -1481,31 +1481,31 @@ bad: if (custom_ext) { SSL_CTX_set_custom_cli_ext(c_ctx, CUSTOM_EXT_TYPE_0, - custom_ext_0_cli_first_cb, - custom_ext_0_cli_second_cb, NULL); + custom_ext_0_cli_add_cb, + custom_ext_0_cli_parse_cb, NULL); SSL_CTX_set_custom_cli_ext(c_ctx, CUSTOM_EXT_TYPE_1, - custom_ext_1_cli_first_cb, - custom_ext_1_cli_second_cb, NULL); + custom_ext_1_cli_add_cb, + custom_ext_1_cli_parse_cb, NULL); SSL_CTX_set_custom_cli_ext(c_ctx, CUSTOM_EXT_TYPE_2, - custom_ext_2_cli_first_cb, - custom_ext_2_cli_second_cb, NULL); + custom_ext_2_cli_add_cb, + custom_ext_2_cli_parse_cb, NULL); SSL_CTX_set_custom_cli_ext(c_ctx, CUSTOM_EXT_TYPE_3, - custom_ext_3_cli_first_cb, - custom_ext_3_cli_second_cb, NULL); + custom_ext_3_cli_add_cb, + custom_ext_3_cli_parse_cb, NULL); SSL_CTX_set_custom_srv_ext(s_ctx, CUSTOM_EXT_TYPE_0, - custom_ext_0_srv_first_cb, - custom_ext_0_srv_second_cb, NULL); + custom_ext_0_srv_parse_cb, + custom_ext_0_srv_add_cb, NULL); SSL_CTX_set_custom_srv_ext(s_ctx, CUSTOM_EXT_TYPE_1, - custom_ext_1_srv_first_cb, - custom_ext_1_srv_second_cb, NULL); + custom_ext_1_srv_parse_cb, + custom_ext_1_srv_add_cb, NULL); SSL_CTX_set_custom_srv_ext(s_ctx, CUSTOM_EXT_TYPE_2, - custom_ext_2_srv_first_cb, - custom_ext_2_srv_second_cb, NULL); + custom_ext_2_srv_parse_cb, + custom_ext_2_srv_add_cb, NULL); SSL_CTX_set_custom_srv_ext(s_ctx, CUSTOM_EXT_TYPE_3, - custom_ext_3_srv_first_cb, - custom_ext_3_srv_second_cb, NULL); + custom_ext_3_srv_parse_cb, + custom_ext_3_srv_add_cb, NULL); } if (alpn_server) diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c index bd14806e6a..8b6c170ef6 100644 --- a/ssl/t1_ext.c +++ b/ssl/t1_ext.c @@ -87,9 +87,9 @@ void custom_ext_init(custom_ext_methods *exts) /* pass received custom extension data to the application for parsing */ int custom_ext_parse(SSL *s, int server, - unsigned short ext_type, + unsigned int ext_type, const unsigned char *ext_data, - unsigned short ext_size, + size_t ext_size, int *al) { custom_ext_methods *exts = server ? &s->cert->srv_ext : &s->cert->cli_ext; @@ -140,7 +140,7 @@ int custom_ext_add(SSL *s, int server, for (i = 0; i < exts->meths_count; i++) { const unsigned char *out = NULL; - unsigned short outlen = 0; + size_t outlen = 0; meth = exts->meths + i; if (server) @@ -165,7 +165,7 @@ int custom_ext_add(SSL *s, int server, if (cb_retval == -1) continue; /* skip this extension */ } - if (4 > limit - ret || outlen > limit - ret - 4) + if (4 > limit - ret || outlen > (size_t)(limit - ret - 4)) return 0; s2n(meth->ext_type, ret); s2n(outlen, ret); @@ -209,7 +209,7 @@ void custom_exts_free(custom_ext_methods *exts) /* Set callbacks for a custom extension */ static int custom_ext_set(custom_ext_methods *exts, - unsigned short ext_type, + unsigned int ext_type, custom_ext_parse_cb parse_cb, custom_ext_add_cb add_cb, void *arg) @@ -239,6 +239,9 @@ static int custom_ext_set(custom_ext_methods *exts, #endif return 0; } + /* Extension type must fit in 16 bits */ + if (ext_type > 0xffff) + return 0; /* Search for duplicate */ if (custom_ext_find(exts, ext_type)) return 0; @@ -263,17 +266,20 @@ static int custom_ext_set(custom_ext_methods *exts, /* Application level functions to add custom extension callbacks */ -int SSL_CTX_set_custom_cli_ext(SSL_CTX *ctx, unsigned short ext_type, - custom_cli_ext_first_cb_fn fn1, - custom_cli_ext_second_cb_fn fn2, void *arg) +int SSL_CTX_set_custom_cli_ext(SSL_CTX *ctx, unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_parse_cb parse_cb, void *arg) + { - return custom_ext_set(&ctx->cert->cli_ext, ext_type, fn2, fn1, arg); + return custom_ext_set(&ctx->cert->cli_ext, ext_type, parse_cb, add_cb, + arg); } -int SSL_CTX_set_custom_srv_ext(SSL_CTX *ctx, unsigned short ext_type, - custom_srv_ext_first_cb_fn fn1, - custom_srv_ext_second_cb_fn fn2, void *arg) +int SSL_CTX_set_custom_srv_ext(SSL_CTX *ctx, unsigned int ext_type, + custom_ext_parse_cb parse_cb, + custom_ext_add_cb add_cb, void *arg) { - return custom_ext_set(&ctx->cert->srv_ext, ext_type, fn1, fn2, arg); + return custom_ext_set(&ctx->cert->srv_ext, ext_type, parse_cb, add_cb, + arg); } #endif -- 2.25.1