FWIW, I pushed this to the openssl repo instead of my own by mistake, but I guess since it is in a branch its not that big a deal.
On 5 September 2013 14:45, Ben Laurie <b...@openssl.org> wrote: > This is an automated email from the git hooks/post-receive script. It was > generated because a ref change was pushed to the repository containing > the project "OpenSSL source code". > > The branch, supplemental-data-api-2 has been updated > via 85b2ca671513df2b21df404d3dfa76cf681e553d (commit) > via 0314741417bf45549bab1c94a49b33d40476d844 (commit) > via 6381b3cbcd8e8626f3fdfcfd54ed5a1a980847dd (commit) > via a66d5a4a77bc086c9eff36a096e9e74d8bca8be5 (commit) > via 976fac84e0920feb9aaa9cb67002c4eb64bccde8 (commit) > via b3943dbb18ea920c6bd71a52762ba16728e27e3d (commit) > via 65616e81a11106002e0d4509de2b0507e83cca44 (commit) > via e21ff60d6146868fdfed8cb0795ac8a36f8b7db8 (commit) > from 664c69432740670e8d93e0fd8d8d29f84b15fe3d (commit) > > Those revisions listed above that are new to this repository have > not appeared on any other notification email; so we list those > revisions in full, below. > > - Log ----------------------------------------------------------------- > commit 85b2ca671513df2b21df404d3dfa76cf681e553d > Merge: 664c694 0314741 > Author: Ben Laurie <b...@links.org> > Date: Thu Sep 5 14:45:25 2013 +0100 > > Merge remote-tracking branch 'scott2/ben-openssl' into > supplemental-data-api-2 > > Conflicts: > apps/s_client.c > apps/s_server.c > > commit 0314741417bf45549bab1c94a49b33d40476d844 > Author: Scott Deboy <sde...@secondstryke.com> > Date: Thu Aug 1 11:54:09 2013 -0700 > > Free generated supp data after handshake completion, add comment > regarding use of num_renegotiations in TLS and supp data generation > callbacks > > commit 6381b3cbcd8e8626f3fdfcfd54ed5a1a980847dd > Author: Ben Laurie <b...@links.org> > Date: Thu Aug 1 15:17:23 2013 +0100 > > More cleanup. > > commit a66d5a4a77bc086c9eff36a096e9e74d8bca8be5 > Author: Ben Laurie <b...@links.org> > Date: Thu Aug 1 12:33:15 2013 +0100 > > More cleanup. > > commit 976fac84e0920feb9aaa9cb67002c4eb64bccde8 > Author: Ben Laurie <b...@links.org> > Date: Thu Aug 1 11:14:23 2013 +0100 > > Make it build. > > commit b3943dbb18ea920c6bd71a52762ba16728e27e3d > Author: Scott Deboy <sde...@secondstryke.com> > Date: Wed Jul 31 11:28:30 2013 -0700 > > Remove end-of-line whitespace, change an int i to size_t i > > commit 65616e81a11106002e0d4509de2b0507e83cca44 > Merge: e21ff60 0b2bde7 > Author: Scott Deboy <sde...@secondstryke.com> > Date: Wed Jul 31 10:51:19 2013 -0700 > > Merge remote-tracking branch 'openssl-github/master' into > supplemental-data-api > > Conflicts: > ssl/s23_clnt.c > ssl/ssl_rsa.c > > commit e21ff60d6146868fdfed8cb0795ac8a36f8b7db8 > Author: Scott Deboy <sde...@secondstryke.com> > Date: Tue Jun 18 14:34:38 2013 -0700 > > Add callbacks supporting generation and retrieval of supplemental data > entries, facilitating RFC 5878 (TLS auth extensions) > Removed prior audit proof logic - audit proof support was implemented > using the generic TLS extension API > Tests exercising the new supplemental data registration and callback > api can be found in ssltest.c. > Implemented changes to s_server and s_client to exercise supplemental > data callbacks via the -auth argument, as well as additional flags to > exercise supplemental data being sent only during renegotiation. > > ----------------------------------------------------------------------- > > Summary of changes: > apps/s_client.c | 24 ++++++++++++++++++------ > apps/s_server.c | 24 ++++++++++++++++++------ > 2 files changed, 36 insertions(+), 12 deletions(-) > > diff --git a/apps/s_client.c b/apps/s_client.c > index a17917c..fa98d5b 100644 > --- a/apps/s_client.c > +++ b/apps/s_client.c > @@ -225,8 +225,10 @@ static int c_brief=0; > > #ifndef OPENSSL_NO_TLSEXT > > -static const unsigned char *most_recent_supplemental_data; > -static size_t most_recent_supplemental_data_length; > +static unsigned char *generated_supp_data = NULL; > + > +static unsigned char *most_recent_supplemental_data = NULL; > +static size_t most_recent_supplemental_data_length = 0; > > static int server_provided_server_authz = 0; > static int server_provided_client_authz = 0; > @@ -1768,6 +1770,13 @@ SSL_set_tlsext_status_ids(con, ids); > "CONNECTION > ESTABLISHED\n"); > print_ssl_summary(bio_err, con); > } > + /*handshake is complete - free the > generated supp data allocated in the callback */ > + if (generated_supp_data) > + { > + OPENSSL_free(generated_supp_data); > + generated_supp_data = NULL; > + } > + > print_stuff(bio_c_out,con,full_log); > if (full_log > 0) full_log--; > > @@ -2439,6 +2448,8 @@ static int authz_tlsext_generate_cb(SSL *s, unsigned > short ext_type, > { > if (c_auth) > { > + /*if auth_require_reneg flag is set, only send extensions > if > + renegotiation has occurred */ > if (!c_auth_require_reneg || (c_auth_require_reneg && > SSL_num_renegotiations(s))) > { > *out = auth_ext_data; > @@ -2467,15 +2478,16 @@ static int auth_suppdata_generate_cb(SSL *s, > unsigned short supp_data_type, > const unsigned char **out, > unsigned short *outlen, void *arg) > { > - unsigned char *result; > if (c_auth && server_provided_client_authz && > server_provided_server_authz) > { > + /*if auth_require_reneg flag is set, only send > supplemental data if > + renegotiation has occurred */ > if (!c_auth_require_reneg > || (c_auth_require_reneg && SSL_num_renegotiations(s))) > { > - result = OPENSSL_malloc(10); > - memcpy(result, "5432154321", 10); > - *out = result; > + generated_supp_data = OPENSSL_malloc(10); > + memcpy(generated_supp_data, "5432154321", 10); > + *out = generated_supp_data; > *outlen = 10; > return 1; > } > diff --git a/apps/s_server.c b/apps/s_server.c > index 42bce64..c3eca2b 100644 > --- a/apps/s_server.c > +++ b/apps/s_server.c > @@ -229,8 +229,10 @@ static void s_server_init(void); > > static const unsigned char auth_ext_data[]={TLSEXT_AUTHZDATAFORMAT_dtcp}; > > -static const unsigned char *most_recent_supplemental_data; > -static size_t most_recent_supplemental_data_length; > +static unsigned char *generated_supp_data = NULL; > + > +static unsigned char *most_recent_supplemental_data = NULL; > +static size_t most_recent_supplemental_data_length = 0; > > static int client_provided_server_authz = 0; > static int client_provided_client_authz = 0; > @@ -2673,6 +2675,13 @@ static int init_ssl_connection(SSL *con) > i=SSL_accept(con); > } > #endif > + /*handshake is complete - free the generated supp data allocated > in the callback */ > + if (generated_supp_data) > + { > + OPENSSL_free(generated_supp_data); > + generated_supp_data = NULL; > + } > + > if (i <= 0) > { > if (BIO_sock_should_retry(i)) > @@ -3583,6 +3592,8 @@ static int authz_tlsext_generate_cb(SSL *s, unsigned > short ext_type, > { > if (c_auth && client_provided_client_authz && > client_provided_server_authz) > { > + /*if auth_require_reneg flag is set, only send extensions > if > + renegotiation has occurred */ > if (!c_auth_require_reneg > || (c_auth_require_reneg && SSL_num_renegotiations(s))) > { > @@ -3612,15 +3623,16 @@ static int auth_suppdata_generate_cb(SSL *s, > unsigned short supp_data_type, > const unsigned char **out, > unsigned short *outlen, void *arg) > { > - unsigned char *result; > if (c_auth && client_provided_client_authz && > client_provided_server_authz) > { > + /*if auth_require_reneg flag is set, only send > supplemental data if > + renegotiation has occurred */ > if (!c_auth_require_reneg > || (c_auth_require_reneg && SSL_num_renegotiations(s))) > { > - result = OPENSSL_malloc(10); > - memcpy(result, "1234512345", 10); > - *out = result; > + generated_supp_data = OPENSSL_malloc(10); > + memcpy(generated_supp_data, "1234512345", 10); > + *out = generated_supp_data; > *outlen = 10; > return 1; > } > > > hooks/post-receive > -- > OpenSSL source code > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > CVS Repository Commit List openssl-...@openssl.org > Automated List Manager majord...@openssl.org >