wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Rename the chain variable to chainidx

Browse source 
This variable represents the index of the cert within the chain, so give it
a name that better represents that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
This commit is contained in:
Matt Caswell 2017-01-05 16:12:56 +00:00
parent 3dd826b879
commit 8521ced616
4 changed files with 158 additions and 146 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
ssl/statem/extensions.c
View file

@ -54,14 +54,15 @@ typedef struct extensions_definition_st {
*/
int (*init)(SSL *s, unsigned int context);
/* Parse extension sent from client to server */
int (*parse_ctos)(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al);
int (*parse_ctos)(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al);
/* Parse extension send from server to client */
int (*parse_stoc)(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al);
int (*parse_stoc)(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al);
/* Construct extension sent from server to client */
int (*construct_stoc)(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int (*construct_stoc)(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al);
/* Construct extension sent from client to server */
int (*construct_ctos)(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al);
int (*construct_ctos)(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al);
/*
* Finalise extension after parsing. Always called where an extensions was
* initialised even if the extension was not present. |sent| is set to 1 if
@ -441,16 +442,16 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
* tls_collect_extensions(). The parser is only run if it is applicable for the
* given |context| and the parser has not already been run. If this is for a
* Certificate message, then we also provide the parser with the relevant
* Certificate |x| and its position in the |chain| with 0 being the first
* Certificate |x| and its position in the |chainidx| with 0 being the first
* Certificate. Returns 1 on success or 0 on failure. In the event of a failure
* |*al| is populated with a suitable alert code. If an extension is not present
* this counted as success.
*/
int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context,
RAW_EXTENSION *exts, X509 *x, size_t chain, int *al)
RAW_EXTENSION *exts, X509 *x, size_t chainidx, int *al)
{
RAW_EXTENSION *currext = &exts[idx];
int (*parser)(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al) = NULL;
int (*parser)(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al) = NULL;
/* Skip if the extension is not present */
if (!currext->present)
@ -479,7 +480,7 @@ int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context,
parser = s->server ? extdef->parse_ctos : extdef->parse_stoc;
if (parser != NULL)
return parser(s, &currext->data, x, chain, al);
return parser(s, &currext->data, x, chainidx, al);
/*
* If the parser is NULL we fall through to the custom extension
@ -490,7 +491,7 @@ int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context,
/*
* This is a custom extension. We only allow this if it is a non
* resumed session on the server side.
*
*chain
* TODO(TLS1.3): We only allow old style <=TLS1.2 custom extensions.
* We're going to need a new mechanism for TLS1.3 to specify which
* messages to add the custom extensions to.
@ -512,11 +513,11 @@ int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context,
* finalisation for all extensions at the end, whether we collected them or not.
* Returns 1 for success or 0 for failure. If we are working on a Certificate
* message then we also pass the Certificate |x| and its position in the
* |chain|, with 0 being the first certificate. On failure, |*al| is populated
* with a suitable alert code.
* |chainidx|, with 0 being the first certificate. On failure, |*al| is
* populated with a suitable alert code.
*/
int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, X509 *x,
size_t chain, int *al)
size_t chainidx, int *al)
{
size_t i, numexts = OSSL_NELEM(ext_defs);
const EXTENSION_DEFINITION *thisexd;
@ -530,7 +531,7 @@ int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, X509 *x,
/* Parse each extension in turn */
for (i = 0; i < numexts; i++) {
if (!tls_parse_extension(s, i, context, exts, x, chain, al))
if (!tls_parse_extension(s, i, context, exts, x, chainidx, al))
return 0;
}
@ -551,14 +552,14 @@ int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, X509 *x,
/*
* Construct all the extensions relevant to the current |context| and write
* them to |pkt|. If this is an extension for a Certificate in a Certificate
* message, then |x| will be set to the Certificate we are handling, and |chain|
* will indicate the position in the chain we are processing (with 0 being the
* first in the chain). Returns 1 on success or 0 on failure. If a failure
* occurs then |al| is populated with a suitable alert code. On a failure
* construction stops at the first extension to fail to construct.
* message, then |x| will be set to the Certificate we are handling, and
* |chainidx| will indicate the position in the chainidx we are processing (with
* 0 being the first in the chain). Returns 1 on success or 0 on failure. If a
* failure occurs then |al| is populated with a suitable alert code. On a
* failure construction stops at the first extension to fail to construct.
*/
int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
X509 *x, size_t chain, int *al)
X509 *x, size_t chainidx, int *al)
{
size_t i;
int addcustom = 0, min_version, max_version = 0, reason, tmpal;
@ -613,7 +614,8 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
}
for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs); i++, thisexd++) {
int (*construct)(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al);
int (*construct)(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al);
/* Skip if not relevant for our context */
if ((thisexd->context & context) == 0)
@ -640,7 +642,7 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
|| construct == NULL)
continue;
if (!construct(s, pkt, x, chain, &tmpal))
if (!construct(s, pkt, x, chainidx, &tmpal))
goto err;
}

70
ssl/statem/extensions_clnt.c
View file

@ -12,8 +12,8 @@
#include "../ssl_locl.h"
#include "statem_locl.h"
int tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int *al)
int tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, X509 *x,
size_t chainidx, int *al)
{
/* Add RI if renegotiating */
if (!s->renegotiate)
@ -31,8 +31,8 @@ int tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
return 1;
}
int tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int *al)
int tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, X509 *x,
size_t chainidx, int *al)
{
if (s->tlsext_hostname == NULL)
return 1;
@ -56,7 +56,8 @@ int tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
}
#ifndef OPENSSL_NO_SRP
int tls_construct_ctos_srp(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al)
int tls_construct_ctos_srp(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
/* Add SRP username if there is one */
if (s->srp_ctx.login == NULL)
@ -108,7 +109,7 @@ static int use_ecc(SSL *s)
}
int tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, X509 *x,
size_t chain, int *al)
size_t chainidx, int *al)
{
const unsigned char *pformats;
size_t num_formats;
@ -132,7 +133,7 @@ int tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, X509 *x,
}
int tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, X509 *x,
size_t chain, int *al)
size_t chainidx, int *al)
{
const unsigned char *pcurves = NULL, *pcurvestmp;
size_t num_curves = 0, i;
@ -182,7 +183,7 @@ int tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, X509 *x,
#endif
int tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, X509 *x,
size_t chain, int *al)
size_t chainidx, int *al)
{
size_t ticklen;
@ -221,7 +222,7 @@ int tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, X509 *x,
return 1;
}
int tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
size_t salglen;
@ -248,7 +249,7 @@ int tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
#ifndef OPENSSL_NO_OCSP
int tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, X509 *x,
size_t chain, int *al)
size_t chainidx, int *al)
{
int i;
@ -314,7 +315,8 @@ int tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, X509 *x,
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
int tls_construct_ctos_npn(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al)
int tls_construct_ctos_npn(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
if (s->ctx->next_proto_select_cb == NULL || s->s3->tmp.finish_md_len != 0)
return 1;
@ -333,7 +335,7 @@ int tls_construct_ctos_npn(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al)
}
#endif
int tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
s->s3->alpn_sent = 0;
@ -362,7 +364,7 @@ int tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
#ifndef OPENSSL_NO_SRTP
int tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = SSL_get_srtp_profiles(s);
@ -402,7 +404,8 @@ int tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
}
#endif
int tls_construct_ctos_etm(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al)
int tls_construct_ctos_etm(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
if (s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)
return 1;
@ -417,7 +420,8 @@ int tls_construct_ctos_etm(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al)
}
#ifndef OPENSSL_NO_CT
int tls_construct_ctos_sct(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al)
int tls_construct_ctos_sct(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
if (s->ct_validation_callback == NULL)
return 1;
@ -436,7 +440,8 @@ int tls_construct_ctos_sct(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al)
}
#endif
int tls_construct_ctos_ems(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al)
int tls_construct_ctos_ems(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret)
|| !WPACKET_put_bytes_u16(pkt, 0)) {
@ -448,7 +453,7 @@ int tls_construct_ctos_ems(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al)
}
int tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, X509 *x,
size_t chain, int *al)
size_t chainidx, int *al)
{
int currv, min_version, max_version, reason;
@ -494,7 +499,7 @@ int tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, X509 *x,
return 1;
}
int tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
#ifndef OPENSSL_NO_TLS1_3
@ -585,7 +590,7 @@ int tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
#define F5_WORKAROUND_MIN_MSG_LEN 0xff
#define F5_WORKAROUND_MAX_MSG_LEN 0x200
int tls_construct_ctos_padding(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int tls_construct_ctos_padding(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
unsigned char *padbytes;
@ -632,7 +637,7 @@ int tls_construct_ctos_padding(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
/*
* Parse the server's renegotiation binding and abort if it's not right
*/
int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
size_t expected_len = s->s3->previous_client_finished_len
@ -690,7 +695,7 @@ int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, X509 *x, size_t chain,
return 1;
}
int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
if (s->tlsext_hostname == NULL || PACKET_remaining(pkt) > 0) {
@ -714,7 +719,7 @@ int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, X509 *x, size_t chain,
}
#ifndef OPENSSL_NO_EC
int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
unsigned int ecpointformatlist_length;
@ -750,7 +755,7 @@ int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, X509 *x, size_t chain,
}
#endif
int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
if (s->tls_session_ticket_ext_cb != NULL &&
@ -772,7 +777,7 @@ int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, X509 *x, size_t chain,
}
#ifndef OPENSSL_NO_OCSP
int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
/*
@ -789,7 +794,7 @@ int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, X509 *x, size_t chain,
/* We only know how to handle this if it's for the first Certificate in
* the chain. We ignore any other repsonses.
*/
if (chain != 0)
if (chainidx != 0)
return 1;
return tls_process_cert_status_body(s, pkt, al);
}
@ -803,7 +808,7 @@ int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, X509 *x, size_t chain,
#ifndef OPENSSL_NO_CT
int tls_parse_stoc_sct(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)
int tls_parse_stoc_sct(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al)
{
/*
* Only take it if we asked for it - i.e if there is no CT validation
@ -856,7 +861,7 @@ static int ssl_next_proto_validate(PACKET *pkt)
return 1;
}
int tls_parse_stoc_npn(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)
int tls_parse_stoc_npn(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al)
{
unsigned char *selected;
unsigned char selected_len;
@ -906,7 +911,7 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)
}
#endif
int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)
int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al)
{
size_t len;
@ -943,7 +948,8 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)
}
#ifndef OPENSSL_NO_SRTP
int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)
int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
unsigned int id, ct, mki;
int i;
@ -996,7 +1002,7 @@ int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)
}
#endif
int tls_parse_stoc_etm(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)
int tls_parse_stoc_etm(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al)
{
/* Ignore if inappropriate ciphersuite */
if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)
@ -1007,7 +1013,7 @@ int tls_parse_stoc_etm(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)
return 1;
}
int tls_parse_stoc_ems(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)
int tls_parse_stoc_ems(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al)
{
s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS;
if (!s->hit)
@ -1016,7 +1022,7 @@ int tls_parse_stoc_ems(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)
return 1;
}
int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
#ifndef OPENSSL_NO_TLS1_3

64
ssl/statem/extensions_srvr.c
View file

@ -14,7 +14,7 @@
/*
* Parse the client's renegotiation binding and abort if it's not right
*/
int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
unsigned int ilen;
@ -73,7 +73,7 @@ int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, X509 *x, size_t chain,
* extension.
* - On session reconnect, the servername extension may be absent.
*/
int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
unsigned int servname_type;
@ -136,7 +136,7 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, X509 *x, size_t chain,
}
#ifndef OPENSSL_NO_SRP
int tls_parse_ctos_srp(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)
int tls_parse_ctos_srp(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al)
{
PACKET srp_I;
@ -160,7 +160,7 @@ int tls_parse_ctos_srp(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)
#endif
#ifndef OPENSSL_NO_EC
int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
PACKET ec_point_format_list;
@ -184,7 +184,7 @@ int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, X509 *x, size_t chain,
}
#endif /* OPENSSL_NO_EC */
int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
if (s->tls_session_ticket_ext_cb &&
@ -198,7 +198,8 @@ int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, X509 *x, size_t chain,
return 1;
}
int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)
int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
PACKET supported_sig_algs;
@ -219,7 +220,7 @@ int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)
}
#ifndef OPENSSL_NO_OCSP
int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
PACKET responder_id_list, exts;
@ -318,7 +319,7 @@ int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, X509 *x, size_t chain,
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
int tls_parse_ctos_npn(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)
int tls_parse_ctos_npn(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al)
{
/*
* We shouldn't accept this extension on a
@ -349,7 +350,7 @@ int tls_parse_ctos_npn(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)
* extension, not including type and length. |al| is a pointer to the alert
* value to send in the event of a failure. Returns: 1 on success, 0 on error.
*/
int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)
int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al)
{
PACKET protocol_list, save_protocol_list, protocol;
@ -382,7 +383,8 @@ int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)
}
#ifndef OPENSSL_NO_SRTP
int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)
int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
STACK_OF(SRTP_PROTECTION_PROFILE) *srvr;
unsigned int ct, mki_len, id;
@ -452,7 +454,7 @@ int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)
}
#endif
int tls_parse_ctos_etm(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)
int tls_parse_ctos_etm(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al)
{
if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC))
s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
@ -496,7 +498,7 @@ static int check_in_list(SSL *s, unsigned int group_id,
* the raw PACKET data for the extension. Returns 1 on success or 0 on failure.
* If a failure occurs then |*al| is set to an appropriate alert value.
*/
int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
#ifndef OPENSSL_NO_TLS1_3
@ -626,8 +628,8 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, X509 *x, size_t chain,
}
#ifndef OPENSSL_NO_EC
int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int *al)
int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, X509 *x,
size_t chainidx, int *al)
{
PACKET supported_groups_list;
@ -651,7 +653,7 @@ int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, X509 *x, size_t chain,
}
#endif
int tls_parse_ctos_ems(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)
int tls_parse_ctos_ems(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al)
{
/* The extension must always be empty */
if (PACKET_remaining(pkt) != 0) {
@ -667,8 +669,8 @@ int tls_parse_ctos_ems(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)
/*
* Add the server's renegotiation binding
*/
int tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int *al)
int tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, X509 *x, size_t
chainidx, int *al)
{
if (!s->s3->send_connection_binding)
return 1;
@ -689,8 +691,8 @@ int tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
return 1;
}
int tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int *al)
int tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, X509 *x,
size_t chainidx, int *al)
{
if (s->hit || s->servername_done != 1
|| s->session->tlsext_hostname == NULL)
@ -707,7 +709,7 @@ int tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
#ifndef OPENSSL_NO_EC
int tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, X509 *x,
size_t chain, int *al)
size_t chainidx, int *al)
{
unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
@ -733,7 +735,7 @@ int tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, X509 *x,
#endif
int tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, X509 *x,
size_t chain, int *al)
size_t chainidx, int *al)
{
if (!s->tlsext_ticket_expected || !tls_use_ticket(s)) {
s->tlsext_ticket_expected = 0;
@ -751,12 +753,12 @@ int tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, X509 *x,
#ifndef OPENSSL_NO_OCSP
int tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, X509 *x,
size_t chain, int *al)
size_t chainidx, int *al)
{
if (!s->tlsext_status_expected)
return 1;
if (SSL_IS_TLS13(s) && chain != 0)
if (SSL_IS_TLS13(s) && chainidx != 0)
return 1;
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_status_request)
@ -782,7 +784,7 @@ int tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, X509 *x,
#ifndef OPENSSL_NO_NEXTPROTONEG
int tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, X509 *x,
size_t chain, int *al)
size_t chainidx, int *al)
{
const unsigned char *npa;
unsigned int npalen;
@ -809,7 +811,7 @@ int tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, X509 *x,
}
#endif
int tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
if (s->s3->alpn_selected == NULL)
@ -831,7 +833,7 @@ int tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
}
#ifndef OPENSSL_NO_SRTP
int tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
if (s->srtp_profile == NULL)
@ -851,7 +853,8 @@ int tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
}
#endif
int tls_construct_stoc_etm(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al)
int tls_construct_stoc_etm(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
if ((s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC) == 0)
return 1;
@ -877,7 +880,8 @@ int tls_construct_stoc_etm(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al)
return 1;
}
int tls_construct_stoc_ems(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al)
int tls_construct_stoc_ems(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
if ((s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0)
return 1;
@ -891,7 +895,7 @@ int tls_construct_stoc_ems(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al)
return 1;
}
int tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
#ifndef OPENSSL_NO_TLS1_3
@ -949,7 +953,7 @@ int tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
}
int tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, X509 *x,
size_t chain, int *al)
size_t chainidx, int *al)
{
const unsigned char cryptopro_ext[36] = {
0xfd, 0xe8, /* 65000 */

126
ssl/statem/statem_locl.h
View file

@ -158,77 +158,77 @@ __owur int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt);
__owur int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
RAW_EXTENSION **res, int *al);
__owur int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context,
RAW_EXTENSION *exts, X509 *x, size_t chain,
RAW_EXTENSION *exts, X509 *x, size_t chainidx,
int *al);
__owur int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts,
X509 *x, size_t chain, int *al);
X509 *x, size_t chainidx, int *al);
__owur int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
X509 *x, size_t chain, int *al);
X509 *x, size_t chainidx, int *al);
/* Server Extension processing */
int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al);
int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al);
#ifndef OPENSSL_NO_SRP
int tls_parse_ctos_srp(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al);
int tls_parse_ctos_srp(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al);
#endif
#ifndef OPENSSL_NO_EC
int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al);
int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int *al);
int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, X509 *x,
size_t chainidx, int *al);
#endif
int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al);
int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al);
#ifndef OPENSSL_NO_OCSP
int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al);
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
int tls_parse_ctos_npn(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al);
int tls_parse_ctos_npn(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al);
#endif
int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al);
int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al);
#ifndef OPENSSL_NO_SRTP
int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al);
#endif
int tls_parse_ctos_etm(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al);
int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int tls_parse_ctos_etm(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al);
int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al);
int tls_parse_ctos_ems(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al);
int tls_parse_ctos_ems(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al);
int tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int *al);
int tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int *al);
int tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, X509 *x,
size_t chainidx, int *al);
int tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, X509 *x,
size_t chainidx, int *al);
#ifndef OPENSSL_NO_EC
int tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, X509 *x,
size_t chain, int *al);
size_t chainidx, int *al);
#endif
int tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, X509 *x,
size_t chain, int *al);
size_t chainidx, int *al);
#ifndef OPENSSL_NO_OCSP
int tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, X509 *x,
size_t chain, int *al);
size_t chainidx, int *al);
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
int tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, X509 *x,
size_t chain, int *al);
size_t chainidx, int *al);
#endif
int tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al);
#ifndef OPENSSL_NO_SRTP
int tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al);
#endif
int tls_construct_stoc_etm(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int tls_construct_stoc_etm(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al);
int tls_construct_stoc_ems(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int tls_construct_stoc_ems(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al);
int tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al);
/*
* Not in public headers as this is not an official extension. Only used when
@ -236,81 +236,81 @@ int tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
*/
#define TLSEXT_TYPE_cryptopro_bug 0xfde8
int tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, X509 *x,
size_t chain, int *al);
size_t chainidx, int *al);
/* Client Extension processing */
int tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int *al);
int tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int *al);
int tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, X509 *x,
size_t chainidx, int *al);
int tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, X509 *x,
size_t chainidx, int *al);
#ifndef OPENSSL_NO_SRP
int tls_construct_ctos_srp(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int tls_construct_ctos_srp(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al);
#endif
#ifndef OPENSSL_NO_EC
int tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, X509 *x,
size_t chain, int *al);
size_t chainidx, int *al);
int tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, X509 *x,
size_t chain, int *al);
size_t chainidx, int *al);
#endif
int tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, X509 *x,
size_t chain, int *al);
int tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
size_t chainidx, int *al);
int tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al);
#ifndef OPENSSL_NO_OCSP
int tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, X509 *x,
size_t chain, int *al);
size_t chainidx, int *al);
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
int tls_construct_ctos_npn(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int tls_construct_ctos_npn(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al);
#endif
int tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al);
#ifndef OPENSSL_NO_SRTP
int tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al);
#endif
int tls_construct_ctos_etm(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int tls_construct_ctos_etm(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al);
#ifndef OPENSSL_NO_CT
int tls_construct_ctos_sct(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int tls_construct_ctos_sct(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al);
#endif
int tls_construct_ctos_ems(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int tls_construct_ctos_ems(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al);
int tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, X509 *x,
size_t chain, int *al);
int tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
size_t chainidx, int *al);
int tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al);
int tls_construct_ctos_padding(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
int tls_construct_ctos_padding(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al);
int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al);
int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al);
#ifndef OPENSSL_NO_EC
int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al);
#endif
int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al);
#ifndef OPENSSL_NO_OCSP
int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al);
#endif
#ifndef OPENSSL_NO_CT
int tls_parse_stoc_sct(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al);
int tls_parse_stoc_sct(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al);
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
int tls_parse_stoc_npn(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al);
int tls_parse_stoc_npn(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al);
#endif
int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al);
int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al);
#ifndef OPENSSL_NO_SRTP
int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al);
#endif
int tls_parse_stoc_etm(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al);
int tls_parse_stoc_ems(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al);
int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, X509 *x, size_t chain,
int tls_parse_stoc_etm(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al);
int tls_parse_stoc_ems(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al);
int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
int *al);