diff options
author | Matt Caswell <matt@openssl.org> | 2022-11-14 15:29:38 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2023-01-24 17:16:29 +0000 |
commit | f6da3bbfb7342f3931d36e0c67bd9f79169fac2b (patch) | |
tree | d03268d4d107a7961d2dfee261cd0a8b4b375bfb /ssl | |
parent | 3f9175c7a46b13a3528d9b5776030a78eb1f9454 (diff) | |
download | openssl-new-f6da3bbfb7342f3931d36e0c67bd9f79169fac2b.tar.gz |
Add the ability to add a custom extension on an SSL object
Previously we could only do this at the SSL_CTX level. We add the ability
to also do this on an SSL - but only for internal code.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_local.h | 8 | ||||
-rw-r--r-- | ssl/statem/extensions_cust.c | 40 |
2 files changed, 30 insertions, 18 deletions
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 25fa38137e..ea8f5aa8b4 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -2894,6 +2894,14 @@ custom_ext_method *custom_ext_find(const custom_ext_methods *exts, void custom_ext_init(custom_ext_methods *meths); +int ossl_tls_add_custom_ext_intern(SSL_CTX *ctx, custom_ext_methods *exts, + ENDPOINT role, unsigned int ext_type, + unsigned int context, + SSL_custom_ext_add_cb_ex add_cb, + SSL_custom_ext_free_cb_ex free_cb, + void *add_arg, + SSL_custom_ext_parse_cb_ex parse_cb, + void *parse_arg); __owur int custom_ext_parse(SSL_CONNECTION *s, unsigned int context, unsigned int ext_type, const unsigned char *ext_data, size_t ext_size, diff --git a/ssl/statem/extensions_cust.c b/ssl/statem/extensions_cust.c index ebfe7d16ee..83470b1bf3 100644 --- a/ssl/statem/extensions_cust.c +++ b/ssl/statem/extensions_cust.c @@ -344,16 +344,15 @@ int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type) NULL) != NULL; } -static int add_custom_ext_intern(SSL_CTX *ctx, ENDPOINT role, - unsigned int ext_type, - unsigned int context, - SSL_custom_ext_add_cb_ex add_cb, - SSL_custom_ext_free_cb_ex free_cb, - void *add_arg, - SSL_custom_ext_parse_cb_ex parse_cb, - void *parse_arg) +int ossl_tls_add_custom_ext_intern(SSL_CTX *ctx, custom_ext_methods *exts, + ENDPOINT role, unsigned int ext_type, + unsigned int context, + SSL_custom_ext_add_cb_ex add_cb, + SSL_custom_ext_free_cb_ex free_cb, + void *add_arg, + SSL_custom_ext_parse_cb_ex parse_cb, + void *parse_arg) { - custom_ext_methods *exts = &ctx->cert->custext; custom_ext_method *meth, *tmp; /* @@ -363,6 +362,9 @@ static int add_custom_ext_intern(SSL_CTX *ctx, ENDPOINT role, if (add_cb == NULL && free_cb != NULL) return 0; + if (exts == NULL) + exts = &ctx->cert->custext; + #ifndef OPENSSL_NO_CT /* * We don't want applications registering callbacks for SCT extensions @@ -371,6 +373,7 @@ static int add_custom_ext_intern(SSL_CTX *ctx, ENDPOINT role, */ if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp && (context & SSL_EXT_CLIENT_HELLO) != 0 + && ctx != NULL && SSL_CTX_ct_is_enabled(ctx)) return 0; #endif @@ -435,13 +438,13 @@ static int add_old_custom_ext(SSL_CTX *ctx, ENDPOINT role, parse_cb_wrap->parse_arg = parse_arg; parse_cb_wrap->parse_cb = parse_cb; - ret = add_custom_ext_intern(ctx, role, ext_type, - context, - custom_ext_add_old_cb_wrap, - custom_ext_free_old_cb_wrap, - add_cb_wrap, - custom_ext_parse_old_cb_wrap, - parse_cb_wrap); + ret = ossl_tls_add_custom_ext_intern(ctx, NULL, role, ext_type, + context, + custom_ext_add_old_cb_wrap, + custom_ext_free_old_cb_wrap, + add_cb_wrap, + custom_ext_parse_old_cb_wrap, + parse_cb_wrap); if (!ret) { OPENSSL_free(add_cb_wrap); @@ -487,8 +490,9 @@ int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, void *add_arg, SSL_custom_ext_parse_cb_ex parse_cb, void *parse_arg) { - return add_custom_ext_intern(ctx, ENDPOINT_BOTH, ext_type, context, add_cb, - free_cb, add_arg, parse_cb, parse_arg); + return ossl_tls_add_custom_ext_intern(ctx, NULL, ENDPOINT_BOTH, ext_type, + context, add_cb, free_cb, add_arg, + parse_cb, parse_arg); } int SSL_extension_supported(unsigned int ext_type) |