Loading CHANGES +0 −7 Original line number Diff line number Diff line Loading @@ -60,10 +60,6 @@ [Steve Henson] *) Add callbacks supporting generation and retrieval of supplemental data entries. [Scott Deboy <sdeboy@apache.org>, Trevor Perrin and Ben Laurie] *) Add EVP support for key wrapping algorithms, to avoid problems with existing code the flag EVP_CIPHER_CTX_WRAP_ALLOW has to be set in the EVP_CIPHER_CTX or an error is returned. Add AES and DES3 wrap Loading Loading @@ -528,9 +524,6 @@ *) Support for linux-x32, ILP32 environment in x86_64 framework. [Andy Polyakov] *) RFC 5878 (TLS Authorization Extensions) support. [Emilia Kasper, Adam Langley, Ben Laurie (Google)] *) Experimental multi-implementation support for FIPS capable OpenSSL. When in FIPS mode the approved implementations are used as normal, when not in FIPS mode the internal unapproved versions are used instead. Loading apps/s_cb.c +0 −3 Original line number Diff line number Diff line Loading @@ -881,9 +881,6 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * case 20: str_details1 = ", Finished"; break; case 23: str_details1 = ", SupplementalData"; break; } } } Loading apps/s_client.c +0 −121 Original line number Diff line number Diff line Loading @@ -214,8 +214,6 @@ static void sc_usage(void); static void print_stuff(BIO *berr,SSL *con,int full); #ifndef OPENSSL_NO_TLSEXT static int ocsp_resp_cb(SSL *s, void *arg); static int c_auth = 0; static int c_auth_require_reneg = 0; #endif static BIO *bio_c_out=NULL; static BIO *bio_c_msg=NULL; Loading @@ -223,37 +221,6 @@ static int c_quiet=0; static int c_ign_eof=0; static int c_brief=0; #ifndef OPENSSL_NO_TLSEXT static unsigned char *generated_supp_data = NULL; static const unsigned char *most_recent_supplemental_data = NULL; static size_t most_recent_supplemental_data_length = 0; static int server_provided_server_authz = 0; static int server_provided_client_authz = 0; static const unsigned char auth_ext_data[]={TLSEXT_AUTHZDATAFORMAT_dtcp}; static int suppdata_cb(SSL *s, unsigned short supp_data_type, const unsigned char *in, unsigned short inlen, int *al, void *arg); static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg); static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg); static int authz_tlsext_cb(SSL *s, unsigned short ext_type, const unsigned char *in, unsigned short inlen, int *al, void *arg); #endif #ifndef OPENSSL_NO_PSK /* Default PSK identity and key */ static char *psk_identity="Client_identity"; Loading Loading @@ -396,8 +363,6 @@ static void sc_usage(void) BIO_printf(bio_err," -status - request certificate status from server\n"); BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); BIO_printf(bio_err," -serverinfo types - send empty ClientHello extensions (comma-separated numbers)\n"); BIO_printf(bio_err," -auth - send and receive RFC 5878 TLS auth extensions and supplemental data\n"); BIO_printf(bio_err," -auth_require_reneg - Do not send TLS auth extensions until renegotiation\n"); # ifndef OPENSSL_NO_NEXTPROTONEG BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n"); # endif Loading Loading @@ -863,10 +828,6 @@ static char *jpake_secret = NULL; c_tlsextdebug=1; else if (strcmp(*argv,"-status") == 0) c_status_req=1; else if (strcmp(*argv,"-auth") == 0) c_auth = 1; else if (strcmp(*argv,"-auth_require_reneg") == 0) c_auth_require_reneg = 1; #endif #ifdef WATT32 else if (strcmp(*argv,"-wdebug") == 0) Loading Loading @@ -1453,12 +1414,6 @@ bad: } #endif if (c_auth) { SSL_CTX_set_custom_cli_ext(ctx, TLSEXT_TYPE_client_authz, authz_tlsext_generate_cb, authz_tlsext_cb, bio_err); SSL_CTX_set_custom_cli_ext(ctx, TLSEXT_TYPE_server_authz, authz_tlsext_generate_cb, authz_tlsext_cb, bio_err); SSL_CTX_set_cli_supp_data(ctx, TLSEXT_SUPPLEMENTALDATATYPE_authz_data, suppdata_cb, auth_suppdata_generate_cb, bio_err); } #endif con=SSL_new(ctx); Loading Loading @@ -1807,12 +1762,6 @@ SSL_set_tlsext_status_ids(con, ids); "CONNECTION ESTABLISHED\n"); print_ssl_summary(bio_err, con); } /*handshake is complete - free the generated supp data allocated in the callback */ if (generated_supp_data) { OPENSSL_free(generated_supp_data); generated_supp_data = NULL; } print_stuff(bio_c_out,con,full_log); if (full_log > 0) full_log--; Loading Loading @@ -2463,74 +2412,4 @@ static int ocsp_resp_cb(SSL *s, void *arg) return 1; } static int authz_tlsext_cb(SSL *s, unsigned short ext_type, const unsigned char *in, unsigned short inlen, int *al, void *arg) { if (TLSEXT_TYPE_server_authz == ext_type) server_provided_server_authz = (memchr(in, TLSEXT_AUTHZDATAFORMAT_dtcp, inlen) != NULL); if (TLSEXT_TYPE_client_authz == ext_type) server_provided_client_authz = (memchr(in, TLSEXT_AUTHZDATAFORMAT_dtcp, inlen) != NULL); return 1; } static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg) { if (c_auth) { /*if auth_require_reneg flag is set, only send extensions if renegotiation has occurred */ if (!c_auth_require_reneg || (c_auth_require_reneg && SSL_num_renegotiations(s))) { *out = auth_ext_data; *outlen = 1; return 1; } } /* no auth extension to send */ return -1; } static int suppdata_cb(SSL *s, unsigned short supp_data_type, const unsigned char *in, unsigned short inlen, int *al, void *arg) { if (supp_data_type == TLSEXT_SUPPLEMENTALDATATYPE_authz_data) { most_recent_supplemental_data = in; most_recent_supplemental_data_length = inlen; } return 1; } static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg) { if (c_auth && server_provided_client_authz && server_provided_server_authz) { /*if auth_require_reneg flag is set, only send supplemental data if renegotiation has occurred */ if (!c_auth_require_reneg || (c_auth_require_reneg && SSL_num_renegotiations(s))) { generated_supp_data = OPENSSL_malloc(10); memcpy(generated_supp_data, "5432154321", 10); *out = generated_supp_data; *outlen = 10; return 1; } } /* no supplemental data to send */ return -1; } #endif apps/s_server.c +0 −130 Original line number Diff line number Diff line Loading @@ -224,20 +224,6 @@ static DH *load_dh_param(const char *dhfile); static void s_server_init(void); #endif #ifndef OPENSSL_NO_TLSEXT static const unsigned char auth_ext_data[]={TLSEXT_AUTHZDATAFORMAT_dtcp}; static unsigned char *generated_supp_data = NULL; static const unsigned char *most_recent_supplemental_data = NULL; static size_t most_recent_supplemental_data_length = 0; static int client_provided_server_authz = 0; static int client_provided_client_authz = 0; #endif /* static int load_CA(SSL_CTX *ctx, char *file);*/ #undef BUFSIZZ Loading Loading @@ -302,29 +288,9 @@ static int cert_chain = 0; #endif #ifndef OPENSSL_NO_TLSEXT static int suppdata_cb(SSL *s, unsigned short supp_data_type, const unsigned char *in, unsigned short inlen, int *al, void *arg); static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg); static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg); static int authz_tlsext_cb(SSL *s, unsigned short ext_type, const unsigned char *in, unsigned short inlen, int *al, void *arg); static BIO *serverinfo_in = NULL; static const char *s_serverinfo_file = NULL; static int c_auth = 0; static int c_auth_require_reneg = 0; #endif #ifndef OPENSSL_NO_PSK Loading Loading @@ -490,8 +456,6 @@ static void sv_usage(void) BIO_printf(bio_err," -naccept arg - terminate after 'arg' connections\n"); #ifndef OPENSSL_NO_TLSEXT BIO_printf(bio_err," -serverinfo arg - PEM serverinfo file for certificate\n"); BIO_printf(bio_err," -auth - send and receive RFC 5878 TLS auth extensions and supplemental data\n"); BIO_printf(bio_err," -auth_require_reneg - Do not send TLS auth extensions until renegotiation\n"); #endif BIO_printf(bio_err," -no_resumption_on_reneg - set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag\n"); BIO_printf(bio_err," -crl_check - check the peer certificate has not been revoked by its CA.\n" \ Loading Loading @@ -1178,15 +1142,7 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; s_serverinfo_file = *(++argv); } else if (strcmp(*argv,"-auth") == 0) { c_auth = 1; } #endif else if (strcmp(*argv,"-auth_require_reneg") == 0) { c_auth_require_reneg = 1; } else if (strcmp(*argv,"-certform") == 0) { if (--argc < 1) goto bad; Loading Loading @@ -1997,12 +1953,6 @@ bad: ERR_print_errors(bio_err); goto end; } if (c_auth) { SSL_CTX_set_custom_srv_ext(ctx, TLSEXT_TYPE_client_authz, authz_tlsext_cb, authz_tlsext_generate_cb, bio_err); SSL_CTX_set_custom_srv_ext(ctx, TLSEXT_TYPE_server_authz, authz_tlsext_cb, authz_tlsext_generate_cb, bio_err); SSL_CTX_set_srv_supp_data(ctx, TLSEXT_SUPPLEMENTALDATATYPE_authz_data, auth_suppdata_generate_cb, suppdata_cb, bio_err); } #endif #ifndef OPENSSL_NO_TLSEXT if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2, NULL, build_chain)) Loading Loading @@ -2722,12 +2672,6 @@ static int init_ssl_connection(SSL *con) i=SSL_accept(con); } #endif /*handshake is complete - free the generated supp data allocated in the callback */ if (generated_supp_data) { OPENSSL_free(generated_supp_data); generated_supp_data = NULL; } if (i <= 0) { Loading Loading @@ -3615,77 +3559,3 @@ static void free_sessions(void) } first = NULL; } #ifndef OPENSSL_NO_TLSEXT static int authz_tlsext_cb(SSL *s, unsigned short ext_type, const unsigned char *in, unsigned short inlen, int *al, void *arg) { if (TLSEXT_TYPE_server_authz == ext_type) client_provided_server_authz = memchr(in, TLSEXT_AUTHZDATAFORMAT_dtcp, inlen) != NULL; if (TLSEXT_TYPE_client_authz == ext_type) client_provided_client_authz = memchr(in, TLSEXT_AUTHZDATAFORMAT_dtcp, inlen) != NULL; return 1; } static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg) { if (c_auth && client_provided_client_authz && client_provided_server_authz) { /*if auth_require_reneg flag is set, only send extensions if renegotiation has occurred */ if (!c_auth_require_reneg || (c_auth_require_reneg && SSL_num_renegotiations(s))) { *out = auth_ext_data; *outlen = 1; return 1; } } /* no auth extension to send */ return -1; } static int suppdata_cb(SSL *s, unsigned short supp_data_type, const unsigned char *in, unsigned short inlen, int *al, void *arg) { if (supp_data_type == TLSEXT_SUPPLEMENTALDATATYPE_authz_data) { most_recent_supplemental_data = in; most_recent_supplemental_data_length = inlen; } return 1; } static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg) { if (c_auth && client_provided_client_authz && client_provided_server_authz) { /*if auth_require_reneg flag is set, only send supplemental data if renegotiation has occurred */ if (!c_auth_require_reneg || (c_auth_require_reneg && SSL_num_renegotiations(s))) { generated_supp_data = OPENSSL_malloc(10); memcpy(generated_supp_data, "1234512345", 10); *out = generated_supp_data; *outlen = 10; return 1; } } /* no supplemental data to send */ return -1; } #endif crypto/symhacks.h +0 −9 Original line number Diff line number Diff line Loading @@ -210,15 +210,6 @@ #undef SSL_set_not_resumable_session_callback #define SSL_set_not_resumable_session_callback SSL_set_not_resumbl_sess_cb #undef tls1_send_server_supplemental_data #define tls1_send_server_supplemental_data tls1_send_server_suppl_data #undef tls1_send_client_supplemental_data #define tls1_send_client_supplemental_data tls1_send_client_suppl_data #undef tls1_get_server_supplemental_data #define tls1_get_server_supplemental_data tls1_get_server_suppl_data #undef tls1_get_client_supplemental_data #define tls1_get_client_supplemental_data tls1_get_client_suppl_data /* Hack some long ENGINE names */ #undef ENGINE_get_default_BN_mod_exp_crt #define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt Loading Loading
CHANGES +0 −7 Original line number Diff line number Diff line Loading @@ -60,10 +60,6 @@ [Steve Henson] *) Add callbacks supporting generation and retrieval of supplemental data entries. [Scott Deboy <sdeboy@apache.org>, Trevor Perrin and Ben Laurie] *) Add EVP support for key wrapping algorithms, to avoid problems with existing code the flag EVP_CIPHER_CTX_WRAP_ALLOW has to be set in the EVP_CIPHER_CTX or an error is returned. Add AES and DES3 wrap Loading Loading @@ -528,9 +524,6 @@ *) Support for linux-x32, ILP32 environment in x86_64 framework. [Andy Polyakov] *) RFC 5878 (TLS Authorization Extensions) support. [Emilia Kasper, Adam Langley, Ben Laurie (Google)] *) Experimental multi-implementation support for FIPS capable OpenSSL. When in FIPS mode the approved implementations are used as normal, when not in FIPS mode the internal unapproved versions are used instead. Loading
apps/s_cb.c +0 −3 Original line number Diff line number Diff line Loading @@ -881,9 +881,6 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * case 20: str_details1 = ", Finished"; break; case 23: str_details1 = ", SupplementalData"; break; } } } Loading
apps/s_client.c +0 −121 Original line number Diff line number Diff line Loading @@ -214,8 +214,6 @@ static void sc_usage(void); static void print_stuff(BIO *berr,SSL *con,int full); #ifndef OPENSSL_NO_TLSEXT static int ocsp_resp_cb(SSL *s, void *arg); static int c_auth = 0; static int c_auth_require_reneg = 0; #endif static BIO *bio_c_out=NULL; static BIO *bio_c_msg=NULL; Loading @@ -223,37 +221,6 @@ static int c_quiet=0; static int c_ign_eof=0; static int c_brief=0; #ifndef OPENSSL_NO_TLSEXT static unsigned char *generated_supp_data = NULL; static const unsigned char *most_recent_supplemental_data = NULL; static size_t most_recent_supplemental_data_length = 0; static int server_provided_server_authz = 0; static int server_provided_client_authz = 0; static const unsigned char auth_ext_data[]={TLSEXT_AUTHZDATAFORMAT_dtcp}; static int suppdata_cb(SSL *s, unsigned short supp_data_type, const unsigned char *in, unsigned short inlen, int *al, void *arg); static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg); static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg); static int authz_tlsext_cb(SSL *s, unsigned short ext_type, const unsigned char *in, unsigned short inlen, int *al, void *arg); #endif #ifndef OPENSSL_NO_PSK /* Default PSK identity and key */ static char *psk_identity="Client_identity"; Loading Loading @@ -396,8 +363,6 @@ static void sc_usage(void) BIO_printf(bio_err," -status - request certificate status from server\n"); BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); BIO_printf(bio_err," -serverinfo types - send empty ClientHello extensions (comma-separated numbers)\n"); BIO_printf(bio_err," -auth - send and receive RFC 5878 TLS auth extensions and supplemental data\n"); BIO_printf(bio_err," -auth_require_reneg - Do not send TLS auth extensions until renegotiation\n"); # ifndef OPENSSL_NO_NEXTPROTONEG BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n"); # endif Loading Loading @@ -863,10 +828,6 @@ static char *jpake_secret = NULL; c_tlsextdebug=1; else if (strcmp(*argv,"-status") == 0) c_status_req=1; else if (strcmp(*argv,"-auth") == 0) c_auth = 1; else if (strcmp(*argv,"-auth_require_reneg") == 0) c_auth_require_reneg = 1; #endif #ifdef WATT32 else if (strcmp(*argv,"-wdebug") == 0) Loading Loading @@ -1453,12 +1414,6 @@ bad: } #endif if (c_auth) { SSL_CTX_set_custom_cli_ext(ctx, TLSEXT_TYPE_client_authz, authz_tlsext_generate_cb, authz_tlsext_cb, bio_err); SSL_CTX_set_custom_cli_ext(ctx, TLSEXT_TYPE_server_authz, authz_tlsext_generate_cb, authz_tlsext_cb, bio_err); SSL_CTX_set_cli_supp_data(ctx, TLSEXT_SUPPLEMENTALDATATYPE_authz_data, suppdata_cb, auth_suppdata_generate_cb, bio_err); } #endif con=SSL_new(ctx); Loading Loading @@ -1807,12 +1762,6 @@ SSL_set_tlsext_status_ids(con, ids); "CONNECTION ESTABLISHED\n"); print_ssl_summary(bio_err, con); } /*handshake is complete - free the generated supp data allocated in the callback */ if (generated_supp_data) { OPENSSL_free(generated_supp_data); generated_supp_data = NULL; } print_stuff(bio_c_out,con,full_log); if (full_log > 0) full_log--; Loading Loading @@ -2463,74 +2412,4 @@ static int ocsp_resp_cb(SSL *s, void *arg) return 1; } static int authz_tlsext_cb(SSL *s, unsigned short ext_type, const unsigned char *in, unsigned short inlen, int *al, void *arg) { if (TLSEXT_TYPE_server_authz == ext_type) server_provided_server_authz = (memchr(in, TLSEXT_AUTHZDATAFORMAT_dtcp, inlen) != NULL); if (TLSEXT_TYPE_client_authz == ext_type) server_provided_client_authz = (memchr(in, TLSEXT_AUTHZDATAFORMAT_dtcp, inlen) != NULL); return 1; } static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg) { if (c_auth) { /*if auth_require_reneg flag is set, only send extensions if renegotiation has occurred */ if (!c_auth_require_reneg || (c_auth_require_reneg && SSL_num_renegotiations(s))) { *out = auth_ext_data; *outlen = 1; return 1; } } /* no auth extension to send */ return -1; } static int suppdata_cb(SSL *s, unsigned short supp_data_type, const unsigned char *in, unsigned short inlen, int *al, void *arg) { if (supp_data_type == TLSEXT_SUPPLEMENTALDATATYPE_authz_data) { most_recent_supplemental_data = in; most_recent_supplemental_data_length = inlen; } return 1; } static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg) { if (c_auth && server_provided_client_authz && server_provided_server_authz) { /*if auth_require_reneg flag is set, only send supplemental data if renegotiation has occurred */ if (!c_auth_require_reneg || (c_auth_require_reneg && SSL_num_renegotiations(s))) { generated_supp_data = OPENSSL_malloc(10); memcpy(generated_supp_data, "5432154321", 10); *out = generated_supp_data; *outlen = 10; return 1; } } /* no supplemental data to send */ return -1; } #endif
apps/s_server.c +0 −130 Original line number Diff line number Diff line Loading @@ -224,20 +224,6 @@ static DH *load_dh_param(const char *dhfile); static void s_server_init(void); #endif #ifndef OPENSSL_NO_TLSEXT static const unsigned char auth_ext_data[]={TLSEXT_AUTHZDATAFORMAT_dtcp}; static unsigned char *generated_supp_data = NULL; static const unsigned char *most_recent_supplemental_data = NULL; static size_t most_recent_supplemental_data_length = 0; static int client_provided_server_authz = 0; static int client_provided_client_authz = 0; #endif /* static int load_CA(SSL_CTX *ctx, char *file);*/ #undef BUFSIZZ Loading Loading @@ -302,29 +288,9 @@ static int cert_chain = 0; #endif #ifndef OPENSSL_NO_TLSEXT static int suppdata_cb(SSL *s, unsigned short supp_data_type, const unsigned char *in, unsigned short inlen, int *al, void *arg); static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg); static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg); static int authz_tlsext_cb(SSL *s, unsigned short ext_type, const unsigned char *in, unsigned short inlen, int *al, void *arg); static BIO *serverinfo_in = NULL; static const char *s_serverinfo_file = NULL; static int c_auth = 0; static int c_auth_require_reneg = 0; #endif #ifndef OPENSSL_NO_PSK Loading Loading @@ -490,8 +456,6 @@ static void sv_usage(void) BIO_printf(bio_err," -naccept arg - terminate after 'arg' connections\n"); #ifndef OPENSSL_NO_TLSEXT BIO_printf(bio_err," -serverinfo arg - PEM serverinfo file for certificate\n"); BIO_printf(bio_err," -auth - send and receive RFC 5878 TLS auth extensions and supplemental data\n"); BIO_printf(bio_err," -auth_require_reneg - Do not send TLS auth extensions until renegotiation\n"); #endif BIO_printf(bio_err," -no_resumption_on_reneg - set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag\n"); BIO_printf(bio_err," -crl_check - check the peer certificate has not been revoked by its CA.\n" \ Loading Loading @@ -1178,15 +1142,7 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; s_serverinfo_file = *(++argv); } else if (strcmp(*argv,"-auth") == 0) { c_auth = 1; } #endif else if (strcmp(*argv,"-auth_require_reneg") == 0) { c_auth_require_reneg = 1; } else if (strcmp(*argv,"-certform") == 0) { if (--argc < 1) goto bad; Loading Loading @@ -1997,12 +1953,6 @@ bad: ERR_print_errors(bio_err); goto end; } if (c_auth) { SSL_CTX_set_custom_srv_ext(ctx, TLSEXT_TYPE_client_authz, authz_tlsext_cb, authz_tlsext_generate_cb, bio_err); SSL_CTX_set_custom_srv_ext(ctx, TLSEXT_TYPE_server_authz, authz_tlsext_cb, authz_tlsext_generate_cb, bio_err); SSL_CTX_set_srv_supp_data(ctx, TLSEXT_SUPPLEMENTALDATATYPE_authz_data, auth_suppdata_generate_cb, suppdata_cb, bio_err); } #endif #ifndef OPENSSL_NO_TLSEXT if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2, NULL, build_chain)) Loading Loading @@ -2722,12 +2672,6 @@ static int init_ssl_connection(SSL *con) i=SSL_accept(con); } #endif /*handshake is complete - free the generated supp data allocated in the callback */ if (generated_supp_data) { OPENSSL_free(generated_supp_data); generated_supp_data = NULL; } if (i <= 0) { Loading Loading @@ -3615,77 +3559,3 @@ static void free_sessions(void) } first = NULL; } #ifndef OPENSSL_NO_TLSEXT static int authz_tlsext_cb(SSL *s, unsigned short ext_type, const unsigned char *in, unsigned short inlen, int *al, void *arg) { if (TLSEXT_TYPE_server_authz == ext_type) client_provided_server_authz = memchr(in, TLSEXT_AUTHZDATAFORMAT_dtcp, inlen) != NULL; if (TLSEXT_TYPE_client_authz == ext_type) client_provided_client_authz = memchr(in, TLSEXT_AUTHZDATAFORMAT_dtcp, inlen) != NULL; return 1; } static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg) { if (c_auth && client_provided_client_authz && client_provided_server_authz) { /*if auth_require_reneg flag is set, only send extensions if renegotiation has occurred */ if (!c_auth_require_reneg || (c_auth_require_reneg && SSL_num_renegotiations(s))) { *out = auth_ext_data; *outlen = 1; return 1; } } /* no auth extension to send */ return -1; } static int suppdata_cb(SSL *s, unsigned short supp_data_type, const unsigned char *in, unsigned short inlen, int *al, void *arg) { if (supp_data_type == TLSEXT_SUPPLEMENTALDATATYPE_authz_data) { most_recent_supplemental_data = in; most_recent_supplemental_data_length = inlen; } return 1; } static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg) { if (c_auth && client_provided_client_authz && client_provided_server_authz) { /*if auth_require_reneg flag is set, only send supplemental data if renegotiation has occurred */ if (!c_auth_require_reneg || (c_auth_require_reneg && SSL_num_renegotiations(s))) { generated_supp_data = OPENSSL_malloc(10); memcpy(generated_supp_data, "1234512345", 10); *out = generated_supp_data; *outlen = 10; return 1; } } /* no supplemental data to send */ return -1; } #endif
crypto/symhacks.h +0 −9 Original line number Diff line number Diff line Loading @@ -210,15 +210,6 @@ #undef SSL_set_not_resumable_session_callback #define SSL_set_not_resumable_session_callback SSL_set_not_resumbl_sess_cb #undef tls1_send_server_supplemental_data #define tls1_send_server_supplemental_data tls1_send_server_suppl_data #undef tls1_send_client_supplemental_data #define tls1_send_client_supplemental_data tls1_send_client_suppl_data #undef tls1_get_server_supplemental_data #define tls1_get_server_supplemental_data tls1_get_server_suppl_data #undef tls1_get_client_supplemental_data #define tls1_get_client_supplemental_data tls1_get_client_suppl_data /* Hack some long ENGINE names */ #undef ENGINE_get_default_BN_mod_exp_crt #define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt Loading
