=head1 DESCRIPTION
-SSL_CTX_add_custom_ext() adds a custom extension for a (D)TLS client or server
+SSL_CTX_add_custom_ext() adds a custom extension for a TLS/DTLS client or server
for all supported protocol versions with extension type B<ext_type> and
callbacks B<add_cb>, B<free_cb> and B<parse_cb> (see the
L</EXTENSION CALLBACKS> section below). The B<context> value determines
which messages and under what conditions the extension will be added/parsed (see
the L</EXTENSION CONTEXTS> section below).
-SSL_CTX_add_client_custom_ext() adds a custom extension for a (D)TLS client with
-extension type B<ext_type> and callbacks B<add_cb>, B<free_cb> and B<parse_cb>.
-This function is similar to SSL_CTX_add_custom_ext() except it only applies
-to clients, uses the older style of callbacks, and implicitly sets the
+SSL_CTX_add_client_custom_ext() adds a custom extension for a TLS/DTLS client
+with extension type B<ext_type> and callbacks B<add_cb>, B<free_cb> and
+B<parse_cb>. This function is similar to SSL_CTX_add_custom_ext() except it only
+applies to clients, uses the older style of callbacks, and implicitly sets the
B<context> value to:
SSL_EXT_TLS1_2_AND_BELOW_ONLY | SSL_EXT_CLIENT_HELLO
| SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION
-SSL_CTX_add_server_custom_ext() adds a custom extension for a (D)TLS server with
-extension type B<ext_type> and callbacks B<add_cb>, B<free_cb> and
+SSL_CTX_add_server_custom_ext() adds a custom extension for a TLS/DTLS server
+
with extension type B<ext_type> and callbacks B<add_cb>, B<free_cb> and
B<parse_cb>. This function is similar to SSL_CTX_add_custom_ext() except it
only applies to servers, uses the older style of callbacks, and implicitly sets
the B<context> value to the same as for SSL_CTX_add_client_custom_ext() above.
-In all cases the extension type must not be handled by OpenSSL internally
-or an error occurs.
+The B<ext_type> parameter corresponds to the B<extension_type> field of
+RFC5246 et al. It is B<not> a NID. In all cases the extension type must not be
+handled by OpenSSL internally or an error occurs.
SSL_extension_supported() returns 1 if the extension B<ext_type> is handled
internally by OpenSSL and 0 otherwise.
If B<add_cb> returns -1 a fatal handshake error occurs using the TLS
alert value specified in B<*al>.
-When constructing the ClientHello if B<add_cb> is set to NULL a zero length
+When constructing the ClientHello
, if B<add_cb> is set to NULL a zero length
extension is added for B<ext_type>. For all other messages if B<add_cb> is set
to NULL then no extension is added.
certificate in the message. The B<x> parameter will indicate the
current certificate and the B<chainidx> parameter will indicate the position
of the certificate in the message. The first certificate is always the end
-entity certificate and has a B<chainidx> value of 0.
+entity certificate and has a B<chainidx> value of 0. The certificates are in the
+order that they were received in the Certificate message.
For all messages except the ServerHello and EncryptedExtensions every
registered B<add_cb> is always called to see if the application wishes to add an
=item SSL_EXT_TLS1_2_AND_BELOW_ONLY
-The extension is only defined for (D)TLSv1.2 and below. Servers will ignore this
-extension if it is present in the ClientHello and TLSv1.3 is negotiated.
+The extension is only defined for TLSv1.2/DTLSv1.2 and below. Servers will
+ignore this extension if it is present in the ClientHello and TLSv1.3 is
+negotiated.
=item SSL_EXT_TLS1_3_ONLY
be used to store the extension data received in a convenient structure or
pass the extension data to be added or freed when adding extensions.
-The B<ext_type> parameter corresponds to the B<extension_type> field of
-RFC5246 et al. It is B<not> a NID.
-
If the same custom extension type is received multiple times a fatal
B<decode_error> alert is sent and the handshake aborts. If a custom extension
is received in a ServerHello/EncryptedExtensions message which was not sent in
unsigned int ext_type, size_t *idx)
{
size_t i;
-
custom_ext_method *meth = exts->meths;
+
for (i = 0; i < exts->meths_count; i++, meth++) {
if (ext_type == meth->ext_type
&& (server == -1 || server == meth->server
{
size_t i;
custom_ext_method *meth = exts->meths;
+
for (i = 0; i < exts->meths_count; i++, meth++)
meth->ext_flags = 0;
}
continue;
if (meth->add_cb != NULL) {
- int cb_retval = 0;
- cb_retval = meth->add_cb(s, meth->ext_type, context, &out, &outlen,
- x, chainidx, al, meth->add_arg);
+ int cb_retval = meth->add_cb(s, meth->ext_type, context, &out,
+ &outlen, x, chainidx, al,
+ meth->add_arg);
+
if (cb_retval < 0)
return 0; /* error */
if (cb_retval == 0)
/*
* We can't send duplicates: code logic should prevent this.
*/
- assert(!(meth->ext_flags & SSL_EXT_FLAG_SENT));
+ assert((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0);
/*
* Indicate extension has been sent: this is both a sanity check to
* ensure we don't send duplicate extensions and indicates that it
*/
meth->ext_flags |= SSL_EXT_FLAG_SENT;
}
- if (meth->free_cb)
+ if (meth->free_cb != NULL)
meth->free_cb(s, meth->ext_type, context, out, meth->add_arg);
}
return 1;
if (src->meths_count > 0) {
dst->meths =
OPENSSL_memdup(src->meths,
- sizeof(custom_ext_method) * src->meths_count);
+ sizeof(*src->meths) * src->meths_count);
if (dst->meths == NULL)
return 0;
dst->meths_count = src->meths_count;
void custom_exts_free(custom_ext_methods *exts)
{
size_t i;
+ custom_ext_method *meth;
- for (i = 0; i < exts->meths_count; i++) {
- custom_ext_method *meth = exts->meths + i;
-
+ for (i = 0, meth = exts->meths; i < exts->meths_count; i++, meth++) {
if (meth->add_cb != custom_ext_add_old_cb_wrap)
continue;
* Check application error: if add_cb is not set free_cb will never be
* called.
*/
- if (!add_cb && free_cb)
+ if (add_cb == NULL && free_cb != NULL)
return 0;
#ifndef OPENSSL_NO_CT
return 0;
tmp = OPENSSL_realloc(exts->meths,
(exts->meths_count + 1) * sizeof(custom_ext_method));
-
if (tmp == NULL)
return 0;
custom_ext_parse_cb parse_cb, void *parse_arg)
{
custom_ext_add_cb_wrap *add_cb_wrap
- = OPENSSL_malloc(sizeof(custom_ext_add_cb_wrap));
+ = OPENSSL_malloc(sizeof(*add_cb_wrap));
custom_ext_parse_cb_wrap *parse_cb_wrap
- = OPENSSL_malloc(sizeof(custom_ext_parse_cb_wrap));
+ = OPENSSL_malloc(sizeof(*parse_cb_wrap));
int ret;
if (add_cb_wrap == NULL || parse_cb_wrap == NULL) {
projects / openssl.git / commitdiff