projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add custom extension sanity checks.
[openssl.git] / ssl / ssl_locl.h
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 4a12aec5fcb369ddc4d5b059d888847a0b79edf2..8e9110a4ceaf4258d38115c3efc27501680deee5 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -534,17 +534,30 @@ typedef struct cert_pkey_st
 
 typedef struct {
        unsigned short ext_type;
-       custom_cli_ext_first_cb_fn fn1; 
-       custom_cli_ext_second_cb_fn fn2; 
+       /* Per-connection flags relating to this extension type: not used 
+        * if part of an SSL_CTX structure.
+        */
+       unsigned short ext_flags;
+       custom_ext_add_cb add_cb; 
+       custom_ext_parse_cb parse_cb; 
        void *arg;
-} custom_cli_ext_record;
+} custom_ext_method;
+
+/* ext_flags values */
+
+/* Indicates an extension has been received.
+ * Used to check for unsolicited or duplicate extensions.
+ */
+#define SSL_EXT_FLAG_RECEIVED  0x1
+/* Indicates an extension has been sent: used to
+ * enable sending of corresponding ServerHello extension.
+ */
+#define SSL_EXT_FLAG_SENT      0x2
 
 typedef struct {
-       unsigned short ext_type;
-       custom_srv_ext_first_cb_fn fn1; 
-       custom_srv_ext_second_cb_fn fn2; 
-       void *arg;
-} custom_srv_ext_record;
+       custom_ext_method *meths;
+       size_t meths_count;
+} custom_ext_methods;
 
 typedef struct cert_st
        {
@@ -642,12 +655,9 @@ typedef struct cert_st
        unsigned char *ciphers_raw;
        size_t ciphers_rawlen;
 
-       /* Arrays containing the callbacks for custom TLS Extensions. */
-       custom_cli_ext_record *custom_cli_ext_records;
-       size_t custom_cli_ext_records_count;
-       custom_srv_ext_record *custom_srv_ext_records;
-       size_t custom_srv_ext_records_count;
-
+       /* Custom extension methods for server and client */
+       custom_ext_methods cli_ext;
+       custom_ext_methods srv_ext;
        /* Security callback */
        int (*sec_cb)(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex);
        /* Security level */
@@ -1413,6 +1423,23 @@ void tls_fips_digest_extra(
 
 int srp_verify_server_param(SSL *s, int *al);
 
+/* t1_ext.c */
+
+void custom_ext_init(custom_ext_methods *meths);
+
+int custom_ext_parse(SSL *s, int server,
+                       unsigned short ext_type,
+                       const unsigned char *ext_data, 
+                       unsigned short ext_size,
+                       int *al);
+int custom_ext_add(SSL *s, int server,
+                       unsigned char **pret,
+                       unsigned char *limit,
+                       int *al);
+
+int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src);
+void custom_exts_free(custom_ext_methods *exts);
+
 #else
 
 #define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer
Unnamed repository; edit this file 'description' to name the repository.