diff options
| author | Steven Valdez <svaldez@google.com> | 2016-07-12 20:38:32 +0300 |
|---|---|---|
| committer | David Benjamin <davidben@google.com> | 2016-07-12 21:15:27 +0300 |
| commit | 6b8509a7688b06105f535aae2f0d20e8d2cf84f8 (patch) | |
| tree | 07276796f32b9511be4c8336ee1c3bbdb603a65c | |
| parent | 310d3f63f38cf8a82fa9ae5032e343ba5159eb4d (diff) | |
Add default handlers for extension parsing.
This allows us to specify client-only and unused callbacks without
needing to include empty wrappers, and allows us to continue using the
default ext_*_parse_clienthello function for early parsing.
Change-Id: I4104e22a0a6dd6b02f9a5605e9866f6b3de6a097
Reviewed-on: https://boringssl-review.googlesource.com/8743
Reviewed-by: David Benjamin <davidben@google.com>
| -rw-r--r-- | ssl/t1_lib.c | 50 |
1 files changed, 23 insertions, 27 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index c05bc4f7..2b9402d0 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -623,6 +623,25 @@ struct tls_extension { int (*add_serverhello)(SSL *ssl, CBB *out); }; +static int forbid_parse_serverhello(SSL *ssl, uint8_t *out_alert, CBS *contents) { + if (contents != NULL) { + /* Servers MUST NOT send this extension. */ + *out_alert = SSL_AD_UNSUPPORTED_EXTENSION; + OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION); + return 0; + } + + return 1; +} + +static int ignore_parse_clienthello(SSL *ssl, uint8_t *out_alert, CBS *contents) { + /* This extension from the client is handled elsewhere. */ + return 1; +} + +static int dont_add_serverhello(SSL *ssl, CBB *out) { + return 1; +} /* Server name indication (SNI). * @@ -1004,13 +1023,6 @@ static int ext_ticket_parse_serverhello(SSL *ssl, uint8_t *out_alert, return 1; } -static int ext_ticket_parse_clienthello(SSL *ssl, uint8_t *out_alert, - CBS *contents) { - /* This function isn't used because the ticket extension from the client is - * handled in ssl_session.c. */ - return 1; -} - static int ext_ticket_add_serverhello(SSL *ssl, CBB *out) { if (!ssl->tlsext_ticket_expected) { return 1; @@ -1062,18 +1074,6 @@ static int ext_sigalgs_add_clienthello(SSL *ssl, CBB *out) { return 1; } -static int ext_sigalgs_parse_serverhello(SSL *ssl, uint8_t *out_alert, - CBS *contents) { - if (contents != NULL) { - /* Servers MUST NOT send this extension. */ - *out_alert = SSL_AD_UNSUPPORTED_EXTENSION; - OPENSSL_PUT_ERROR(SSL, SSL_R_SIGNATURE_ALGORITHMS_EXTENSION_SENT_BY_SERVER); - return 0; - } - - return 1; -} - static int ext_sigalgs_parse_clienthello(SSL *ssl, uint8_t *out_alert, CBS *contents) { OPENSSL_free(ssl->cert->peer_sigalgs); @@ -1095,11 +1095,6 @@ static int ext_sigalgs_parse_clienthello(SSL *ssl, uint8_t *out_alert, return 1; } -static int ext_sigalgs_add_serverhello(SSL *ssl, CBB *out) { - /* Servers MUST NOT send this extension. */ - return 1; -} - /* OCSP Stapling. * @@ -1938,16 +1933,17 @@ static const struct tls_extension kExtensions[] = { NULL, ext_ticket_add_clienthello, ext_ticket_parse_serverhello, - ext_ticket_parse_clienthello, + /* Ticket extension client parsing is handled in ssl_session.c */ + ignore_parse_clienthello, ext_ticket_add_serverhello, }, { TLSEXT_TYPE_signature_algorithms, NULL, ext_sigalgs_add_clienthello, - ext_sigalgs_parse_serverhello, + forbid_parse_serverhello, ext_sigalgs_parse_clienthello, - ext_sigalgs_add_serverhello, + dont_add_serverhello, }, { TLSEXT_TYPE_status_request, |