diff options
| author | Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> | 2017-04-18 23:59:39 +0900 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-04-26 16:56:35 +0100 |
| commit | 735d5b59df341236a6c9bb51ebdfebf9119ebeab (patch) | |
| tree | 3462d05f60d54f866f9a0051bbb01910d4f173c8 /ssl/statem/statem_clnt.c | |
| parent | b89646684d920d3014979f8a73b96aecb61c7b1f (diff) | |
Call init and finalization functions per extension message
Previously, init and finalization function for extensions are called
per extension block, rather than per message. This commit changes
that behaviour, and now they are called per message. The parse
function is still called per extension block.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3244)
Diffstat (limited to 'ssl/statem/statem_clnt.c')
| -rw-r--r-- | ssl/statem/statem_clnt.c | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index ab77ba05e9..0b4931d6d0 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1373,7 +1373,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) context = SSL_IS_TLS13(s) ? SSL_EXT_TLS1_3_SERVER_HELLO : SSL_EXT_TLS1_2_SERVER_HELLO; - if (!tls_collect_extensions(s, &extpkt, context, &extensions, &al, NULL)) + if (!tls_collect_extensions(s, &extpkt, context, &extensions, &al, NULL, 1)) goto f_err; s->hit = 0; @@ -1525,7 +1525,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) } #endif - if (!tls_parse_all_extensions(s, context, extensions, NULL, 0, &al)) + if (!tls_parse_all_extensions(s, context, extensions, NULL, 0, &al, 1)) goto f_err; #ifndef OPENSSL_NO_SCTP @@ -1616,9 +1616,9 @@ static MSG_PROCESS_RETURN tls_process_hello_retry_request(SSL *s, PACKET *pkt) } if (!tls_collect_extensions(s, &extpkt, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST, - &extensions, &al, NULL) + &extensions, &al, NULL, 1) || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST, - extensions, NULL, 0, &al)) + extensions, NULL, 0, &al, 1)) goto f_err; OPENSSL_free(extensions); @@ -1711,9 +1711,10 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) } if (!tls_collect_extensions(s, &extensions, SSL_EXT_TLS1_3_CERTIFICATE, &rawexts, - &al, NULL) + &al, NULL, chainidx == 0) || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE, - rawexts, x, chainidx, &al)) { + rawexts, x, chainidx, &al, + !PACKET_remaining(pkt))) { OPENSSL_free(rawexts); goto f_err; } @@ -2340,9 +2341,9 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt) } if (!tls_collect_extensions(s, &extensions, SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, - &rawexts, &al, NULL) + &rawexts, &al, NULL, 1) || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, - rawexts, NULL, 0, &al)) { + rawexts, NULL, 0, &al, 1)) { OPENSSL_free(rawexts); goto err; } @@ -2501,10 +2502,10 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) if (!PACKET_as_length_prefixed_2(pkt, &extpkt) || !tls_collect_extensions(s, &extpkt, SSL_EXT_TLS1_3_NEW_SESSION_TICKET, - &exts, &al, NULL) + &exts, &al, NULL, 1) || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_NEW_SESSION_TICKET, - exts, NULL, 0, &al)) { + exts, NULL, 0, &al, 1)) { SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, SSL_R_BAD_EXTENSION); goto f_err; } @@ -3464,9 +3465,9 @@ static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt) if (!tls_collect_extensions(s, &extensions, SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, &rawexts, - &al, NULL) + &al, NULL, 1) || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, - rawexts, NULL, 0, &al)) + rawexts, NULL, 0, &al, 1)) goto err; OPENSSL_free(rawexts); |