FWIW, I pushed this to the openssl repo instead of my own by mistake, but I
guess since it is in a branch its not that big a deal.
On 5 September 2013 14:45, Ben Laurie <b...@openssl.org> wrote:
> This is an automated email from the git hooks/post-receive script. It was
> generated because a ref change was pushed to the repository containing
> the project "OpenSSL source code".
>
> The branch, supplemental-data-api-2 has been updated
> via 85b2ca671513df2b21df404d3dfa76cf681e553d (commit)
> via 0314741417bf45549bab1c94a49b33d40476d844 (commit)
> via 6381b3cbcd8e8626f3fdfcfd54ed5a1a980847dd (commit)
> via a66d5a4a77bc086c9eff36a096e9e74d8bca8be5 (commit)
> via 976fac84e0920feb9aaa9cb67002c4eb64bccde8 (commit)
> via b3943dbb18ea920c6bd71a52762ba16728e27e3d (commit)
> via 65616e81a11106002e0d4509de2b0507e83cca44 (commit)
> via e21ff60d6146868fdfed8cb0795ac8a36f8b7db8 (commit)
> from 664c69432740670e8d93e0fd8d8d29f84b15fe3d (commit)
>
> Those revisions listed above that are new to this repository have
> not appeared on any other notification email; so we list those
> revisions in full, below.
>
> - Log -----------------------------------------------------------------
> commit 85b2ca671513df2b21df404d3dfa76cf681e553d
> Merge: 664c694 0314741
> Author: Ben Laurie <b...@links.org>
> Date: Thu Sep 5 14:45:25 2013 +0100
>
> Merge remote-tracking branch 'scott2/ben-openssl' into
> supplemental-data-api-2
>
> Conflicts:
> apps/s_client.c
> apps/s_server.c
>
> commit 0314741417bf45549bab1c94a49b33d40476d844
> Author: Scott Deboy <sde...@secondstryke.com>
> Date: Thu Aug 1 11:54:09 2013 -0700
>
> Free generated supp data after handshake completion, add comment
> regarding use of num_renegotiations in TLS and supp data generation
> callbacks
>
> commit 6381b3cbcd8e8626f3fdfcfd54ed5a1a980847dd
> Author: Ben Laurie <b...@links.org>
> Date: Thu Aug 1 15:17:23 2013 +0100
>
> More cleanup.
>
> commit a66d5a4a77bc086c9eff36a096e9e74d8bca8be5
> Author: Ben Laurie <b...@links.org>
> Date: Thu Aug 1 12:33:15 2013 +0100
>
> More cleanup.
>
> commit 976fac84e0920feb9aaa9cb67002c4eb64bccde8
> Author: Ben Laurie <b...@links.org>
> Date: Thu Aug 1 11:14:23 2013 +0100
>
> Make it build.
>
> commit b3943dbb18ea920c6bd71a52762ba16728e27e3d
> Author: Scott Deboy <sde...@secondstryke.com>
> Date: Wed Jul 31 11:28:30 2013 -0700
>
> Remove end-of-line whitespace, change an int i to size_t i
>
> commit 65616e81a11106002e0d4509de2b0507e83cca44
> Merge: e21ff60 0b2bde7
> Author: Scott Deboy <sde...@secondstryke.com>
> Date: Wed Jul 31 10:51:19 2013 -0700
>
> Merge remote-tracking branch 'openssl-github/master' into
> supplemental-data-api
>
> Conflicts:
> ssl/s23_clnt.c
> ssl/ssl_rsa.c
>
> commit e21ff60d6146868fdfed8cb0795ac8a36f8b7db8
> Author: Scott Deboy <sde...@secondstryke.com>
> Date: Tue Jun 18 14:34:38 2013 -0700
>
> Add callbacks supporting generation and retrieval of supplemental data
> entries, facilitating RFC 5878 (TLS auth extensions)
> Removed prior audit proof logic - audit proof support was implemented
> using the generic TLS extension API
> Tests exercising the new supplemental data registration and callback
> api can be found in ssltest.c.
> Implemented changes to s_server and s_client to exercise supplemental
> data callbacks via the -auth argument, as well as additional flags to
> exercise supplemental data being sent only during renegotiation.
>
> -----------------------------------------------------------------------
>
> Summary of changes:
> apps/s_client.c | 24 ++++++++++++++++++------
> apps/s_server.c | 24 ++++++++++++++++++------
> 2 files changed, 36 insertions(+), 12 deletions(-)
>
> diff --git a/apps/s_client.c b/apps/s_client.c
> index a17917c..fa98d5b 100644
> --- a/apps/s_client.c
> +++ b/apps/s_client.c
> @@ -225,8 +225,10 @@ static int c_brief=0;
>
> #ifndef OPENSSL_NO_TLSEXT
>
> -static const unsigned char *most_recent_supplemental_data;
> -static size_t most_recent_supplemental_data_length;
> +static unsigned char *generated_supp_data = NULL;
> +
> +static unsigned char *most_recent_supplemental_data = NULL;
> +static size_t most_recent_supplemental_data_length = 0;
>
> static int server_provided_server_authz = 0;
> static int server_provided_client_authz = 0;
> @@ -1768,6 +1770,13 @@ SSL_set_tlsext_status_ids(con, ids);
> "CONNECTION
> ESTABLISHED\n");
> print_ssl_summary(bio_err, con);
> }
> + /*handshake is complete - free the
> generated supp data allocated in the callback */
> + if (generated_supp_data)
> + {
> + OPENSSL_free(generated_supp_data);
> + generated_supp_data = NULL;
> + }
> +
> print_stuff(bio_c_out,con,full_log);
> if (full_log > 0) full_log--;
>
> @@ -2439,6 +2448,8 @@ static int authz_tlsext_generate_cb(SSL *s, unsigned
> short ext_type,
> {
> if (c_auth)
> {
> + /*if auth_require_reneg flag is set, only send extensions
> if
> + renegotiation has occurred */
> if (!c_auth_require_reneg || (c_auth_require_reneg &&
> SSL_num_renegotiations(s)))
> {
> *out = auth_ext_data;
> @@ -2467,15 +2478,16 @@ static int auth_suppdata_generate_cb(SSL *s,
> unsigned short supp_data_type,
> const unsigned char **out,
> unsigned short *outlen, void *arg)
> {
> - unsigned char *result;
> if (c_auth && server_provided_client_authz &&
> server_provided_server_authz)
> {
> + /*if auth_require_reneg flag is set, only send
> supplemental data if
> + renegotiation has occurred */
> if (!c_auth_require_reneg
> || (c_auth_require_reneg && SSL_num_renegotiations(s)))
> {
> - result = OPENSSL_malloc(10);
> - memcpy(result, "5432154321", 10);
> - *out = result;
> + generated_supp_data = OPENSSL_malloc(10);
> + memcpy(generated_supp_data, "5432154321", 10);
> + *out = generated_supp_data;
> *outlen = 10;
> return 1;
> }
> diff --git a/apps/s_server.c b/apps/s_server.c
> index 42bce64..c3eca2b 100644
> --- a/apps/s_server.c
> +++ b/apps/s_server.c
> @@ -229,8 +229,10 @@ static void s_server_init(void);
>
> static const unsigned char auth_ext_data[]={TLSEXT_AUTHZDATAFORMAT_dtcp};
>
> -static const unsigned char *most_recent_supplemental_data;
> -static size_t most_recent_supplemental_data_length;
> +static unsigned char *generated_supp_data = NULL;
> +
> +static unsigned char *most_recent_supplemental_data = NULL;
> +static size_t most_recent_supplemental_data_length = 0;
>
> static int client_provided_server_authz = 0;
> static int client_provided_client_authz = 0;
> @@ -2673,6 +2675,13 @@ static int init_ssl_connection(SSL *con)
> i=SSL_accept(con);
> }
> #endif
> + /*handshake is complete - free the generated supp data allocated
> in the callback */
> + if (generated_supp_data)
> + {
> + OPENSSL_free(generated_supp_data);
> + generated_supp_data = NULL;
> + }
> +
> if (i <= 0)
> {
> if (BIO_sock_should_retry(i))
> @@ -3583,6 +3592,8 @@ static int authz_tlsext_generate_cb(SSL *s, unsigned
> short ext_type,
> {
> if (c_auth && client_provided_client_authz &&
> client_provided_server_authz)
> {
> + /*if auth_require_reneg flag is set, only send extensions
> if
> + renegotiation has occurred */
> if (!c_auth_require_reneg
> || (c_auth_require_reneg && SSL_num_renegotiations(s)))
> {
> @@ -3612,15 +3623,16 @@ static int auth_suppdata_generate_cb(SSL *s,
> unsigned short supp_data_type,
> const unsigned char **out,
> unsigned short *outlen, void *arg)
> {
> - unsigned char *result;
> if (c_auth && client_provided_client_authz &&
> client_provided_server_authz)
> {
> + /*if auth_require_reneg flag is set, only send
> supplemental data if
> + renegotiation has occurred */
> if (!c_auth_require_reneg
> || (c_auth_require_reneg && SSL_num_renegotiations(s)))
> {
> - result = OPENSSL_malloc(10);
> - memcpy(result, "1234512345", 10);
> - *out = result;
> + generated_supp_data = OPENSSL_malloc(10);
> + memcpy(generated_supp_data, "1234512345", 10);
> + *out = generated_supp_data;
> *outlen = 10;
> return 1;
> }
>
>
> hooks/post-receive
> --
> OpenSSL source code
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> CVS Repository Commit List openssl-...@openssl.org
> Automated List Manager majord...@openssl.org
>
