Re-add alert variables removed during rebase
Whitespace fixes
(cherry picked from commit e9add063b5)
Conflicts:
ssl/s3_clnt.c
This commit is contained in:
Scott Deboy
parent
19a28a8aa3
commit
7612511b3b
10 changed files with 252 additions and 244 deletions
|
|
@ -236,22 +236,22 @@ static int server_provided_client_authz = 0;
|
|||
static const unsigned char auth_ext_data[]={TLSEXT_AUTHZDATAFORMAT_dtcp};
|
||||
|
||||
static int suppdata_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
|
||||
static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg);
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg);
|
||||
|
||||
static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out, unsigned short *outlen,
|
||||
int *al, void *arg);
|
||||
const unsigned char **out, unsigned short *outlen,
|
||||
int *al, void *arg);
|
||||
|
||||
static int authz_tlsext_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_PSK
|
||||
|
|
@ -2435,9 +2435,9 @@ static int ocsp_resp_cb(SSL *s, void *arg)
|
|||
}
|
||||
|
||||
static int authz_tlsext_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
if (TLSEXT_TYPE_server_authz == ext_type)
|
||||
{
|
||||
|
|
@ -2457,8 +2457,8 @@ static int authz_tlsext_cb(SSL *s, unsigned short ext_type,
|
|||
}
|
||||
|
||||
static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out, unsigned short *outlen,
|
||||
int *al, void *arg)
|
||||
const unsigned char **out, unsigned short *outlen,
|
||||
int *al, void *arg)
|
||||
{
|
||||
if (c_auth)
|
||||
{
|
||||
|
|
@ -2476,9 +2476,9 @@ static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
|
|||
}
|
||||
|
||||
static int suppdata_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
if (supp_data_type == TLSEXT_SUPPLEMENTALDATATYPE_authz_data)
|
||||
{
|
||||
|
|
@ -2489,8 +2489,8 @@ static int suppdata_cb(SSL *s, unsigned short supp_data_type,
|
|||
}
|
||||
|
||||
static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
{
|
||||
if (c_auth && server_provided_client_authz && server_provided_server_authz)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -330,22 +330,22 @@ static int cert_chain = 0;
|
|||
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
static int suppdata_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
|
||||
static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg);
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg);
|
||||
|
||||
static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out, unsigned short *outlen,
|
||||
int *al, void *arg);
|
||||
const unsigned char **out, unsigned short *outlen,
|
||||
int *al, void *arg);
|
||||
|
||||
static int authz_tlsext_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
|
||||
static BIO *serverinfo_in = NULL;
|
||||
static const char *s_serverinfo_file = NULL;
|
||||
|
|
@ -3553,9 +3553,9 @@ static void free_sessions(void)
|
|||
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
static int authz_tlsext_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
if (TLSEXT_TYPE_server_authz == ext_type)
|
||||
{
|
||||
|
|
@ -3575,8 +3575,8 @@ static int authz_tlsext_cb(SSL *s, unsigned short ext_type,
|
|||
}
|
||||
|
||||
static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out, unsigned short *outlen,
|
||||
int *al, void *arg)
|
||||
const unsigned char **out, unsigned short *outlen,
|
||||
int *al, void *arg)
|
||||
{
|
||||
if (c_auth && client_provided_client_authz && client_provided_server_authz)
|
||||
{
|
||||
|
|
@ -3595,9 +3595,9 @@ static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
|
|||
}
|
||||
|
||||
static int suppdata_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
if (supp_data_type == TLSEXT_SUPPLEMENTALDATATYPE_authz_data)
|
||||
{
|
||||
|
|
@ -3608,8 +3608,8 @@ static int suppdata_cb(SSL *s, unsigned short supp_data_type,
|
|||
}
|
||||
|
||||
static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
{
|
||||
if (c_auth && client_provided_client_authz && client_provided_server_authz)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -299,6 +299,7 @@ static int ssl23_client_hello(SSL *s)
|
|||
unsigned long l;
|
||||
int ssl2_compat;
|
||||
int version = 0, version_major, version_minor;
|
||||
int al = 0;
|
||||
#ifndef OPENSSL_NO_COMP
|
||||
int j;
|
||||
SSL_COMP *comp;
|
||||
|
|
@ -553,9 +554,9 @@ static int ssl23_client_hello(SSL *s)
|
|||
SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
|
||||
return -1;
|
||||
}
|
||||
if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL)
|
||||
if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL)
|
||||
{
|
||||
ssl3_send_alert(s,SSL3_AL_FATAL,al);
|
||||
ssl3_send_alert(s,SSL3_AL_FATAL,al);
|
||||
SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
|
||||
return -1;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -689,6 +689,7 @@ int ssl3_client_hello(SSL *s)
|
|||
unsigned char *p,*d;
|
||||
int i;
|
||||
unsigned long l;
|
||||
int al = 0;
|
||||
#ifndef OPENSSL_NO_COMP
|
||||
int j;
|
||||
SSL_COMP *comp;
|
||||
|
|
@ -891,9 +892,9 @@ int ssl3_client_hello(SSL *s)
|
|||
SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
|
||||
goto err;
|
||||
}
|
||||
if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL)
|
||||
if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL)
|
||||
{
|
||||
ssl3_send_alert(s,SSL3_AL_FATAL,al);
|
||||
ssl3_send_alert(s,SSL3_AL_FATAL,al);
|
||||
SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
|
||||
goto err;
|
||||
}
|
||||
|
|
@ -3618,7 +3619,7 @@ int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
|
|||
#ifndef OPENSSL_NO_TLSEXT
|
||||
int tls1_send_client_supplemental_data(SSL *s, int *skip)
|
||||
{
|
||||
int al = 0;
|
||||
int al = 0;
|
||||
if (s->ctx->cli_supp_data_records_count)
|
||||
{
|
||||
unsigned char *p = NULL;
|
||||
|
|
@ -3638,21 +3639,21 @@ int tls1_send_client_supplemental_data(SSL *s, int *skip)
|
|||
if (!record->fn2)
|
||||
continue;
|
||||
cb_retval = record->fn2(s, record->supp_data_type,
|
||||
&out, &outlen, &al,
|
||||
record->arg);
|
||||
&out, &outlen, &al,
|
||||
record->arg);
|
||||
if (cb_retval == -1)
|
||||
continue; /* skip this supp data entry */
|
||||
if (cb_retval == 0)
|
||||
{
|
||||
SSLerr(SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB);
|
||||
goto f_err;
|
||||
goto f_err;
|
||||
}
|
||||
if (outlen == 0 || TLSEXT_MAXLEN_supplemental_data < outlen + 4 + length)
|
||||
{
|
||||
SSLerr(SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB);
|
||||
return 0;
|
||||
}
|
||||
//if first entry, write handshake message type
|
||||
}
|
||||
/* if first entry, write handshake message type */
|
||||
if (length == 0)
|
||||
{
|
||||
if (!BUF_MEM_grow_clean(s->init_buf, 4))
|
||||
|
|
@ -3662,9 +3663,12 @@ int tls1_send_client_supplemental_data(SSL *s, int *skip)
|
|||
}
|
||||
p = (unsigned char *)s->init_buf->data;
|
||||
*(p++) = SSL3_MT_SUPPLEMENTAL_DATA;
|
||||
//update message length when all callbacks complete
|
||||
/* update message length when all
|
||||
* callbacks complete */
|
||||
size_loc = p;
|
||||
//skip over handshake length field (3 bytes) and supp_data length field (3 bytes)
|
||||
/* skip over handshake length field (3
|
||||
* bytes) and supp_data length field
|
||||
* (3 bytes) */
|
||||
p += 3 + 3;
|
||||
length += 1 +3 +3;
|
||||
}
|
||||
|
|
@ -3698,10 +3702,10 @@ int tls1_send_client_supplemental_data(SSL *s, int *skip)
|
|||
s->init_off = 0;
|
||||
return 1;
|
||||
|
||||
f_err:
|
||||
ssl3_send_alert(s,SSL3_AL_FATAL,al);
|
||||
return 0;
|
||||
}
|
||||
f_err:
|
||||
ssl3_send_alert(s,SSL3_AL_FATAL,al);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int tls1_get_server_supplemental_data(SSL *s)
|
||||
{
|
||||
|
|
@ -3716,12 +3720,12 @@ int tls1_get_server_supplemental_data(SSL *s)
|
|||
int cb_retval = 0;
|
||||
|
||||
n=s->method->ssl_get_message(s,
|
||||
SSL3_ST_CR_SUPPLEMENTAL_DATA_A,
|
||||
SSL3_ST_CR_SUPPLEMENTAL_DATA_B,
|
||||
SSL3_MT_SUPPLEMENTAL_DATA,
|
||||
/* use default limit */
|
||||
TLSEXT_MAXLEN_supplemental_data,
|
||||
&ok);
|
||||
SSL3_ST_CR_SUPPLEMENTAL_DATA_A,
|
||||
SSL3_ST_CR_SUPPLEMENTAL_DATA_B,
|
||||
SSL3_MT_SUPPLEMENTAL_DATA,
|
||||
/* use default limit */
|
||||
TLSEXT_MAXLEN_supplemental_data,
|
||||
&ok);
|
||||
|
||||
if (!ok) return((int)n);
|
||||
|
||||
|
|
@ -3742,9 +3746,11 @@ int tls1_get_server_supplemental_data(SSL *s)
|
|||
//if there is a callback for this supp data type, send it
|
||||
for (i=0; i < s->ctx->cli_supp_data_records_count; i++)
|
||||
{
|
||||
if (s->ctx->cli_supp_data_records[i].supp_data_type == supp_data_entry_type && s->ctx->cli_supp_data_records[i].fn1)
|
||||
if (s->ctx->cli_supp_data_records[i].supp_data_type == supp_data_entry_type &&
|
||||
s->ctx->cli_supp_data_records[i].fn1)
|
||||
{
|
||||
cb_retval = s->ctx->cli_supp_data_records[i].fn1(s, supp_data_entry_type, p, supp_data_entry_len, &al, s->ctx->cli_supp_data_records[i].arg);
|
||||
cb_retval = s->ctx->cli_supp_data_records[i].fn1(s, supp_data_entry_type, p,
|
||||
supp_data_entry_len, &al, s->ctx->cli_supp_data_records[i].arg);
|
||||
if (cb_retval == 0)
|
||||
{
|
||||
SSLerr(SSL_F_TLS1_GET_SERVER_SUPPLEMENTAL_DATA, ERR_R_SSL_LIB);
|
||||
|
|
@ -3755,8 +3761,8 @@ int tls1_get_server_supplemental_data(SSL *s)
|
|||
p+=supp_data_entry_len;
|
||||
}
|
||||
return 1;
|
||||
f_err:
|
||||
ssl3_send_alert(s,SSL3_AL_FATAL,al);
|
||||
return -1;
|
||||
f_err:
|
||||
ssl3_send_alert(s,SSL3_AL_FATAL,al);
|
||||
return -1;
|
||||
}
|
||||
#endif
|
||||
|
|
|
|||
12
ssl/s3_lib.c
12
ssl/s3_lib.c
|
|
@ -3029,8 +3029,8 @@ void ssl3_free(SSL *s)
|
|||
SSL_SRP_CTX_free(s);
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
|
||||
OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
|
||||
if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
|
||||
OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
|
||||
#endif
|
||||
OPENSSL_cleanse(s->s3,sizeof *s->s3);
|
||||
OPENSSL_free(s->s3);
|
||||
|
|
@ -3076,12 +3076,12 @@ void ssl3_clear(SSL *s)
|
|||
}
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
|
||||
if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
|
||||
{
|
||||
OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
|
||||
s->s3->serverinfo_client_tlsext_custom_types = NULL;
|
||||
OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
|
||||
s->s3->serverinfo_client_tlsext_custom_types = NULL;
|
||||
}
|
||||
s->s3->serverinfo_client_tlsext_custom_types_count = 0;
|
||||
s->s3->serverinfo_client_tlsext_custom_types_count = 0;
|
||||
#ifndef OPENSSL_NO_EC
|
||||
s->s3->is_probably_safari = 0;
|
||||
#endif /* !OPENSSL_NO_EC */
|
||||
|
|
|
|||
|
|
@ -1500,7 +1500,8 @@ int ssl3_send_server_hello(SSL *s)
|
|||
{
|
||||
unsigned char *buf;
|
||||
unsigned char *p,*d;
|
||||
int i,sl,al;
|
||||
int i,sl;
|
||||
int al = 0;
|
||||
unsigned long l;
|
||||
|
||||
if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
|
||||
|
|
@ -1569,9 +1570,9 @@ int ssl3_send_server_hello(SSL *s)
|
|||
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
|
||||
return -1;
|
||||
}
|
||||
if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL)
|
||||
if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL)
|
||||
{
|
||||
ssl3_send_alert(s, SSL3_AL_FATAL, al);
|
||||
ssl3_send_alert(s, SSL3_AL_FATAL, al);
|
||||
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
|
||||
return -1;
|
||||
}
|
||||
|
|
@ -3655,7 +3656,7 @@ int ssl3_get_next_proto(SSL *s)
|
|||
|
||||
int tls1_send_server_supplemental_data(SSL *s, int *skip)
|
||||
{
|
||||
int al = 0;
|
||||
int al = 0;
|
||||
if (s->ctx->srv_supp_data_records_count)
|
||||
{
|
||||
unsigned char *p = NULL;
|
||||
|
|
@ -3675,14 +3676,14 @@ int tls1_send_server_supplemental_data(SSL *s, int *skip)
|
|||
if (!record->fn1)
|
||||
continue;
|
||||
cb_retval = record->fn1(s, record->supp_data_type,
|
||||
&out, &outlen, &al,
|
||||
&out, &outlen, &al,
|
||||
record->arg);
|
||||
if (cb_retval == -1)
|
||||
continue; /* skip this supp data entry */
|
||||
if (cb_retval == 0)
|
||||
{
|
||||
SSLerr(SSL_F_TLS1_SEND_SERVER_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB);
|
||||
goto f_err;
|
||||
goto f_err;
|
||||
}
|
||||
if (outlen == 0 || TLSEXT_MAXLEN_supplemental_data < outlen + 4 + length)
|
||||
{
|
||||
|
|
@ -3741,8 +3742,8 @@ int tls1_send_server_supplemental_data(SSL *s, int *skip)
|
|||
s->init_off = 0;
|
||||
return 1;
|
||||
f_err:
|
||||
ssl3_send_alert(s,SSL3_AL_FATAL,al);
|
||||
return 0;
|
||||
ssl3_send_alert(s,SSL3_AL_FATAL,al);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int tls1_get_client_supplemental_data(SSL *s)
|
||||
|
|
@ -3758,12 +3759,12 @@ int tls1_get_client_supplemental_data(SSL *s)
|
|||
size_t i = 0;
|
||||
|
||||
n=s->method->ssl_get_message(s,
|
||||
SSL3_ST_SR_SUPPLEMENTAL_DATA_A,
|
||||
SSL3_ST_SR_SUPPLEMENTAL_DATA_B,
|
||||
SSL3_MT_SUPPLEMENTAL_DATA,
|
||||
/* use default limit */
|
||||
TLSEXT_MAXLEN_supplemental_data,
|
||||
&ok);
|
||||
SSL3_ST_SR_SUPPLEMENTAL_DATA_A,
|
||||
SSL3_ST_SR_SUPPLEMENTAL_DATA_B,
|
||||
SSL3_MT_SUPPLEMENTAL_DATA,
|
||||
/* use default limit */
|
||||
TLSEXT_MAXLEN_supplemental_data,
|
||||
&ok);
|
||||
|
||||
if (!ok) return((int)n);
|
||||
|
||||
|
|
|
|||
32
ssl/ssl.h
32
ssl/ssl.h
|
|
@ -406,19 +406,19 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, S
|
|||
*/
|
||||
typedef int (*custom_cli_ext_first_cb_fn)(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg);
|
||||
unsigned short *outlen, int *al, void *arg);
|
||||
typedef int (*custom_cli_ext_second_cb_fn)(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
|
||||
typedef int (*custom_srv_ext_first_cb_fn)(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
typedef int (*custom_srv_ext_second_cb_fn)(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg);
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg);
|
||||
|
||||
typedef struct {
|
||||
unsigned short ext_type;
|
||||
|
|
@ -456,20 +456,20 @@ typedef struct {
|
|||
* fatal TLS alert, if the callback returns zero.
|
||||
*/
|
||||
typedef int (*srv_supp_data_first_cb_fn)(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg);
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg);
|
||||
typedef int (*srv_supp_data_second_cb_fn)(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
|
||||
typedef int (*cli_supp_data_first_cb_fn)(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg);
|
||||
typedef int (*cli_supp_data_second_cb_fn)(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg);
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg);
|
||||
|
||||
typedef struct {
|
||||
unsigned short supp_data_type;
|
||||
|
|
|
|||
|
|
@ -844,71 +844,71 @@ static int serverinfo_find_extension(const unsigned char *serverinfo,
|
|||
}
|
||||
|
||||
static int serverinfo_srv_first_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
size_t i = 0;
|
||||
size_t i = 0;
|
||||
if (inlen != 0)
|
||||
{
|
||||
*al = SSL_AD_DECODE_ERROR;
|
||||
return 0;
|
||||
}
|
||||
//if already in list, error out
|
||||
for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++)
|
||||
{
|
||||
if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type)
|
||||
{
|
||||
*al = SSL_AD_DECODE_ERROR;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
s->s3->serverinfo_client_tlsext_custom_types_count++;
|
||||
s->s3->serverinfo_client_tlsext_custom_types = OPENSSL_realloc(
|
||||
s->s3->serverinfo_client_tlsext_custom_types,
|
||||
s->s3->serverinfo_client_tlsext_custom_types_count * 2);
|
||||
if (s->s3->serverinfo_client_tlsext_custom_types == NULL)
|
||||
{
|
||||
s->s3->serverinfo_client_tlsext_custom_types_count = 0;
|
||||
*al = TLS1_AD_INTERNAL_ERROR;
|
||||
return 0;
|
||||
}
|
||||
s->s3->serverinfo_client_tlsext_custom_types[
|
||||
s->s3->serverinfo_client_tlsext_custom_types_count - 1] = ext_type;
|
||||
//if already in list, error out
|
||||
for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++)
|
||||
{
|
||||
if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type)
|
||||
{
|
||||
*al = SSL_AD_DECODE_ERROR;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
s->s3->serverinfo_client_tlsext_custom_types_count++;
|
||||
s->s3->serverinfo_client_tlsext_custom_types = OPENSSL_realloc(
|
||||
s->s3->serverinfo_client_tlsext_custom_types,
|
||||
s->s3->serverinfo_client_tlsext_custom_types_count * 2);
|
||||
if (s->s3->serverinfo_client_tlsext_custom_types == NULL)
|
||||
{
|
||||
s->s3->serverinfo_client_tlsext_custom_types_count = 0;
|
||||
*al = TLS1_AD_INTERNAL_ERROR;
|
||||
return 0;
|
||||
}
|
||||
s->s3->serverinfo_client_tlsext_custom_types[
|
||||
s->s3->serverinfo_client_tlsext_custom_types_count - 1] = ext_type;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int serverinfo_srv_second_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out, unsigned short *outlen,
|
||||
int *al, void *arg)
|
||||
const unsigned char **out, unsigned short *outlen,
|
||||
int *al, void *arg)
|
||||
{
|
||||
const unsigned char *serverinfo = NULL;
|
||||
size_t serverinfo_length = 0;
|
||||
size_t i = 0;
|
||||
unsigned int match = 0;
|
||||
/* Did the client send a TLS extension for this type? */
|
||||
for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++)
|
||||
{
|
||||
if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type)
|
||||
{
|
||||
match = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!match)
|
||||
{
|
||||
//extension not sent by client...don't send extension
|
||||
return -1;
|
||||
}
|
||||
size_t i = 0;
|
||||
unsigned int match = 0;
|
||||
/* Did the client send a TLS extension for this type? */
|
||||
for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++)
|
||||
{
|
||||
if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type)
|
||||
{
|
||||
match = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!match)
|
||||
{
|
||||
//extension not sent by client...don't send extension
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Is there serverinfo data for the chosen server cert? */
|
||||
if ((ssl_get_server_cert_serverinfo(s, &serverinfo,
|
||||
&serverinfo_length)) != 0)
|
||||
&serverinfo_length)) != 0)
|
||||
{
|
||||
/* Find the relevant extension from the serverinfo */
|
||||
int retval = serverinfo_find_extension(serverinfo, serverinfo_length,
|
||||
ext_type, out, outlen);
|
||||
ext_type, out, outlen);
|
||||
if (retval == 0)
|
||||
return 0; /* Error */
|
||||
if (retval == -1)
|
||||
|
|
|
|||
132
ssl/ssltest.c
132
ssl/ssltest.c
|
|
@ -488,8 +488,8 @@ static int verify_serverinfo()
|
|||
*/
|
||||
|
||||
static int custom_ext_0_cli_first_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
{
|
||||
if (ext_type != CUSTOM_EXT_TYPE_0)
|
||||
custom_ext_error = 1;
|
||||
|
|
@ -497,17 +497,17 @@ static int custom_ext_0_cli_first_cb(SSL *s, unsigned short ext_type,
|
|||
}
|
||||
|
||||
static int custom_ext_0_cli_second_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
custom_ext_error = 1; /* Shouldn't be called */
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int custom_ext_1_cli_first_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
{
|
||||
if (ext_type != CUSTOM_EXT_TYPE_1)
|
||||
custom_ext_error = 1;
|
||||
|
|
@ -517,17 +517,17 @@ static int custom_ext_1_cli_first_cb(SSL *s, unsigned short ext_type,
|
|||
}
|
||||
|
||||
static int custom_ext_1_cli_second_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
custom_ext_error = 1; /* Shouldn't be called */
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int custom_ext_2_cli_first_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
{
|
||||
if (ext_type != CUSTOM_EXT_TYPE_2)
|
||||
custom_ext_error = 1;
|
||||
|
|
@ -537,9 +537,9 @@ static int custom_ext_2_cli_first_cb(SSL *s, unsigned short ext_type,
|
|||
}
|
||||
|
||||
static int custom_ext_2_cli_second_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
if (ext_type != CUSTOM_EXT_TYPE_2)
|
||||
custom_ext_error = 1;
|
||||
|
|
@ -549,8 +549,8 @@ static int custom_ext_2_cli_second_cb(SSL *s, unsigned short ext_type,
|
|||
}
|
||||
|
||||
static int custom_ext_3_cli_first_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
{
|
||||
if (ext_type != CUSTOM_EXT_TYPE_3)
|
||||
custom_ext_error = 1;
|
||||
|
|
@ -560,9 +560,9 @@ static int custom_ext_3_cli_first_cb(SSL *s, unsigned short ext_type,
|
|||
}
|
||||
|
||||
static int custom_ext_3_cli_second_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
if (ext_type != CUSTOM_EXT_TYPE_3)
|
||||
custom_ext_error = 1;
|
||||
|
|
@ -575,9 +575,9 @@ static int custom_ext_3_cli_second_cb(SSL *s, unsigned short ext_type,
|
|||
|
||||
//custom_ext_0_cli_first_cb returns -1 - the server won't receive a callback for this extension
|
||||
static int custom_ext_0_srv_first_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
custom_ext_error = 1;
|
||||
return 0; /* Shouldn't be called */
|
||||
|
|
@ -585,16 +585,16 @@ static int custom_ext_0_srv_first_cb(SSL *s, unsigned short ext_type,
|
|||
|
||||
//'generate' callbacks are always called, even if the 'receive' callback isn't called
|
||||
static int custom_ext_0_srv_second_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
{
|
||||
return -1; /* Don't send an extension */
|
||||
}
|
||||
|
||||
static int custom_ext_1_srv_first_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
if (ext_type != CUSTOM_EXT_TYPE_1)
|
||||
custom_ext_error = 1;
|
||||
|
|
@ -607,16 +607,16 @@ static int custom_ext_1_srv_first_cb(SSL *s, unsigned short ext_type,
|
|||
}
|
||||
|
||||
static int custom_ext_1_srv_second_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
{
|
||||
return -1; /* Don't send an extension */
|
||||
}
|
||||
|
||||
static int custom_ext_2_srv_first_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
if (ext_type != CUSTOM_EXT_TYPE_2)
|
||||
custom_ext_error = 1;
|
||||
|
|
@ -629,8 +629,8 @@ static int custom_ext_2_srv_first_cb(SSL *s, unsigned short ext_type,
|
|||
}
|
||||
|
||||
static int custom_ext_2_srv_second_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
{
|
||||
*out = NULL;
|
||||
*outlen = 0;
|
||||
|
|
@ -638,9 +638,9 @@ static int custom_ext_2_srv_second_cb(SSL *s, unsigned short ext_type,
|
|||
}
|
||||
|
||||
static int custom_ext_3_srv_first_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
if (ext_type != CUSTOM_EXT_TYPE_3)
|
||||
custom_ext_error = 1;
|
||||
|
|
@ -653,8 +653,8 @@ static int custom_ext_3_srv_first_cb(SSL *s, unsigned short ext_type,
|
|||
}
|
||||
|
||||
static int custom_ext_3_srv_second_cb(SSL *s, unsigned short ext_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
{
|
||||
*out = (const unsigned char*)custom_ext_srv_string;
|
||||
*outlen = strlen(custom_ext_srv_string);
|
||||
|
|
@ -662,8 +662,8 @@ static int custom_ext_3_srv_second_cb(SSL *s, unsigned short ext_type,
|
|||
}
|
||||
|
||||
static int supp_data_0_srv_first_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
{
|
||||
*out = (const unsigned char*)supp_data_0_string;
|
||||
*outlen = strlen(supp_data_0_string);
|
||||
|
|
@ -673,9 +673,9 @@ static int supp_data_0_srv_first_cb(SSL *s, unsigned short supp_data_type,
|
|||
}
|
||||
|
||||
static int supp_data_0_srv_second_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0)
|
||||
suppdata_error = 1;
|
||||
|
|
@ -689,34 +689,34 @@ static int supp_data_0_srv_second_cb(SSL *s, unsigned short supp_data_type,
|
|||
}
|
||||
|
||||
static int supp_data_1_srv_first_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
|
||||
static int supp_data_1_srv_second_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
suppdata_error = 1;
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int supp_data_2_srv_second_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
suppdata_error = 1;
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int supp_data_0_cli_first_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0)
|
||||
suppdata_error = 1;
|
||||
|
|
@ -730,8 +730,8 @@ static int supp_data_0_cli_first_cb(SSL *s, unsigned short supp_data_type,
|
|||
}
|
||||
|
||||
static int supp_data_0_cli_second_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
{
|
||||
*out = (const unsigned char*)supp_data_0_string;
|
||||
*outlen = strlen(supp_data_0_string);
|
||||
|
|
@ -741,25 +741,25 @@ static int supp_data_0_cli_second_cb(SSL *s, unsigned short supp_data_type,
|
|||
}
|
||||
|
||||
static int supp_data_1_cli_first_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
suppdata_error = 1;
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int supp_data_1_cli_second_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
const unsigned char **out,
|
||||
unsigned short *outlen, int *al, void *arg)
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
|
||||
static int supp_data_2_cli_first_cb(SSL *s, unsigned short supp_data_type,
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
const unsigned char *in,
|
||||
unsigned short inlen, int *al,
|
||||
void *arg)
|
||||
{
|
||||
suppdata_error = 1;
|
||||
return 1;
|
||||
|
|
|
|||
60
ssl/t1_lib.c
60
ssl/t1_lib.c
|
|
@ -1466,8 +1466,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
|
|||
{
|
||||
int cb_retval = 0;
|
||||
cb_retval = record->fn1(s, record->ext_type,
|
||||
&out, &outlen, al,
|
||||
record->arg);
|
||||
&out, &outlen, al,
|
||||
record->arg);
|
||||
if (cb_retval == 0)
|
||||
return NULL; /* error */
|
||||
if (cb_retval == -1)
|
||||
|
|
@ -1523,8 +1523,8 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
|
|||
{
|
||||
int extdatalen=0;
|
||||
unsigned char *ret = p;
|
||||
size_t i;
|
||||
custom_srv_ext_record *record;
|
||||
size_t i;
|
||||
custom_srv_ext_record *record;
|
||||
#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
int next_proto_neg_seen;
|
||||
#endif
|
||||
|
|
@ -1708,29 +1708,29 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
|
|||
}
|
||||
#endif
|
||||
|
||||
for (i = 0; i < s->ctx->custom_srv_ext_records_count; i++)
|
||||
for (i = 0; i < s->ctx->custom_srv_ext_records_count; i++)
|
||||
{
|
||||
record = &s->ctx->custom_srv_ext_records[i];
|
||||
const unsigned char *out = NULL;
|
||||
unsigned short outlen = 0;
|
||||
int cb_retval = 0;
|
||||
record = &s->ctx->custom_srv_ext_records[i];
|
||||
const unsigned char *out = NULL;
|
||||
unsigned short outlen = 0;
|
||||
int cb_retval = 0;
|
||||
|
||||
/* NULL callback or -1 omits extension */
|
||||
if (!record->fn2)
|
||||
break;
|
||||
cb_retval = record->fn2(s, record->ext_type,
|
||||
&out, &outlen, al,
|
||||
record->arg);
|
||||
if (cb_retval == 0)
|
||||
return NULL; /* error */
|
||||
if (cb_retval == -1)
|
||||
break; /* skip this extension */
|
||||
if (limit < ret + 4 + outlen)
|
||||
return NULL;
|
||||
s2n(record->ext_type, ret);
|
||||
s2n(outlen, ret);
|
||||
memcpy(ret, out, outlen);
|
||||
ret += outlen;
|
||||
/* NULL callback or -1 omits extension */
|
||||
if (!record->fn2)
|
||||
break;
|
||||
cb_retval = record->fn2(s, record->ext_type,
|
||||
&out, &outlen, al,
|
||||
record->arg);
|
||||
if (cb_retval == 0)
|
||||
return NULL; /* error */
|
||||
if (cb_retval == -1)
|
||||
break; /* skip this extension */
|
||||
if (limit < ret + 4 + outlen)
|
||||
return NULL;
|
||||
s2n(record->ext_type, ret);
|
||||
s2n(outlen, ret);
|
||||
memcpy(ret, out, outlen);
|
||||
ret += outlen;
|
||||
}
|
||||
|
||||
if (s->s3->alpn_selected)
|
||||
|
|
@ -1924,12 +1924,12 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
|
|||
#endif
|
||||
|
||||
/* Clear observed custom extensions */
|
||||
s->s3->serverinfo_client_tlsext_custom_types_count = 0;
|
||||
if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
|
||||
s->s3->serverinfo_client_tlsext_custom_types_count = 0;
|
||||
if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
|
||||
{
|
||||
OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
|
||||
s->s3->serverinfo_client_tlsext_custom_types = NULL;
|
||||
}
|
||||
OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
|
||||
s->s3->serverinfo_client_tlsext_custom_types = NULL;
|
||||
}
|
||||
|
||||
if (s->s3->alpn_selected)
|
||||
{
|
||||
|
|
|
|||
Loading…
Reference in a new issue