Google Git
Sign in
boringssl/boringssl.git/6b8509a7688b06105f535aae2f0d20e8d2cf84f8^!/.
commit
6b8509a7688b06105f535aae2f0d20e8d2cf84f8
[log]
author
Steven Valdez <svaldez@google.com>
Tue Jul 12 13:38:32 2016 -0400
committer
David Benjamin <davidben@google.com>
Tue Jul 12 18:15:27 2016 +0000
tree
07276796f32b9511be4c8336ee1c3bbdb603a65c
parent
310d3f63f38cf8a82fa9ae5032e343ba5159eb4d [diff]
Add default handlers for extension parsing.

This allows us to specify client-only and unused callbacks without
needing to include empty wrappers, and allows us to continue using the
default ext_*_parse_clienthello function for early parsing.

Change-Id: I4104e22a0a6dd6b02f9a5605e9866f6b3de6a097
Reviewed-on: https://boringssl-review.googlesource.com/8743
Reviewed-by: David Benjamin <davidben@google.com>

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index c05bc4f..2b9402d 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c

@@ -623,6 +623,25 @@
   int (*add_serverhello)(SSL *ssl, CBB *out);
 };
 
+static int forbid_parse_serverhello(SSL *ssl, uint8_t *out_alert, CBS *contents) {
+  if (contents != NULL) {
+    /* Servers MUST NOT send this extension. */
+    *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
+    OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
+    return 0;
+  }
+
+  return 1;
+}
+
+static int ignore_parse_clienthello(SSL *ssl, uint8_t *out_alert, CBS *contents) {
+  /* This extension from the client is handled elsewhere. */
+  return 1;
+}
+
+static int dont_add_serverhello(SSL *ssl, CBB *out) {
+  return 1;
+}
 
 /* Server name indication (SNI).
  *
@@ -1004,13 +1023,6 @@
   return 1;
 }
 
-static int ext_ticket_parse_clienthello(SSL *ssl, uint8_t *out_alert,
-                                        CBS *contents) {
-  /* This function isn't used because the ticket extension from the client is
-   * handled in ssl_session.c. */
-  return 1;
-}
-
 static int ext_ticket_add_serverhello(SSL *ssl, CBB *out) {
   if (!ssl->tlsext_ticket_expected) {
     return 1;
@@ -1062,18 +1074,6 @@
   return 1;
 }
 
-static int ext_sigalgs_parse_serverhello(SSL *ssl, uint8_t *out_alert,
-                                         CBS *contents) {
-  if (contents != NULL) {
-    /* Servers MUST NOT send this extension. */
-    *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
-    OPENSSL_PUT_ERROR(SSL, SSL_R_SIGNATURE_ALGORITHMS_EXTENSION_SENT_BY_SERVER);
-    return 0;
-  }
-
-  return 1;
-}
-
 static int ext_sigalgs_parse_clienthello(SSL *ssl, uint8_t *out_alert,
                                          CBS *contents) {
   OPENSSL_free(ssl->cert->peer_sigalgs);
@@ -1095,11 +1095,6 @@
   return 1;
 }
 
-static int ext_sigalgs_add_serverhello(SSL *ssl, CBB *out) {
-  /* Servers MUST NOT send this extension. */
-  return 1;
-}
-
 
 /* OCSP Stapling.
  *
@@ -1938,16 +1933,17 @@
     NULL,
     ext_ticket_add_clienthello,
     ext_ticket_parse_serverhello,
-    ext_ticket_parse_clienthello,
+    /* Ticket extension client parsing is handled in ssl_session.c */
+    ignore_parse_clienthello,
     ext_ticket_add_serverhello,
   },
   {
     TLSEXT_TYPE_signature_algorithms,
     NULL,
     ext_sigalgs_add_clienthello,
-    ext_sigalgs_parse_serverhello,
+    forbid_parse_serverhello,
     ext_sigalgs_parse_clienthello,
-    ext_sigalgs_add_serverhello,
+    dont_add_serverhello,
   },
   {
     TLSEXT_TYPE_status_request,