Update custom TLS extension and supplemental data 'generate' callbacks to support...

[openssl.git] / ssl / ssl_rsa.c

diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 7fcd8460a3e5832c385e264f033b154b4f77225b..063eea5ecb9ed9e4344914f88794d929fad1aa45 100644 (file)
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -848,20 +848,59 @@ static int serverinfo_srv_first_cb(SSL *s, unsigned short ext_type,
                                   unsigned short inlen, int *al,
                                   void *arg)
        {
+        size_t i = 0;
        if (inlen != 0)
                {
                *al = SSL_AD_DECODE_ERROR;
                return 0;
                }
+        //if already in list, error out
+        for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++)
+                {
+                if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type)
+                        {
+                        *al = SSL_AD_DECODE_ERROR;
+                        return 0;
+                        }
+                }
+        s->s3->serverinfo_client_tlsext_custom_types_count++;
+        s->s3->serverinfo_client_tlsext_custom_types = OPENSSL_realloc(
+        s->s3->serverinfo_client_tlsext_custom_types,
+        s->s3->serverinfo_client_tlsext_custom_types_count * 2);
+        if (s->s3->serverinfo_client_tlsext_custom_types == NULL)
+                {
+                s->s3->serverinfo_client_tlsext_custom_types_count = 0;
+                *al = TLS1_AD_INTERNAL_ERROR;
+                return 0;
+                }
+        s->s3->serverinfo_client_tlsext_custom_types[
+        s->s3->serverinfo_client_tlsext_custom_types_count - 1] = ext_type;
+
        return 1;
        }
 
 static int serverinfo_srv_second_cb(SSL *s, unsigned short ext_type,
                                    const unsigned char **out, unsigned short *outlen, 
-                                   void *arg)
+                                    int *al, void *arg)
        {
        const unsigned char *serverinfo = NULL;
        size_t serverinfo_length = 0;
+        size_t i = 0;
+        unsigned int match = 0;
+        /* Did the client send a TLS extension for this type? */
+        for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++)
+                {
+                if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type)
+                        {
+                        match = 1;
+                        break;
+                        }
+                }
+        if (!match)
+        {
+                //extension not sent by client...don't send extension
+                return -1;
+        }
 
        /* Is there serverinfo data for the chosen server cert? */
        if ((ssl_get_server_cert_serverinfo(s, &serverinfo,