diff options
author | Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> | 2017-04-18 23:59:39 +0900 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-04-26 16:56:35 +0100 |
commit | 735d5b59df341236a6c9bb51ebdfebf9119ebeab (patch) | |
tree | 3462d05f60d54f866f9a0051bbb01910d4f173c8 /ssl/statem/statem_srvr.c | |
parent | b89646684d920d3014979f8a73b96aecb61c7b1f (diff) | |
download | openssl-735d5b59df341236a6c9bb51ebdfebf9119ebeab.zip openssl-735d5b59df341236a6c9bb51ebdfebf9119ebeab.tar.gz openssl-735d5b59df341236a6c9bb51ebdfebf9119ebeab.tar.bz2 |
Call init and finalization functions per extension message
Previously, init and finalization function for extensions are called
per extension block, rather than per message. This commit changes
that behaviour, and now they are called per message. The parse
function is still called per extension block.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3244)
Diffstat (limited to 'ssl/statem/statem_srvr.c')
-rw-r--r-- | ssl/statem/statem_srvr.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index d751502..f6ecbf7 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1426,7 +1426,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) extensions = clienthello->extensions; if (!tls_collect_extensions(s, &extensions, SSL_EXT_CLIENT_HELLO, &clienthello->pre_proc_exts, &al, - &clienthello->pre_proc_exts_len)) { + &clienthello->pre_proc_exts_len, 1)) { /* SSLerr already been called */ goto f_err; } @@ -1690,7 +1690,7 @@ static int tls_early_post_process_client_hello(SSL *s, int *pal) /* TLS extensions */ if (!tls_parse_all_extensions(s, SSL_EXT_CLIENT_HELLO, - clienthello->pre_proc_exts, NULL, 0, &al)) { + clienthello->pre_proc_exts, NULL, 0, &al, 1)) { SSLerr(SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, SSL_R_PARSE_TLSEXT); goto err; } @@ -3217,9 +3217,10 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) } if (!tls_collect_extensions(s, &extensions, SSL_EXT_TLS1_3_CERTIFICATE, &rawexts, - &al, NULL) + &al, NULL, chainidx == 0) || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE, - rawexts, x, chainidx, &al)) { + rawexts, x, chainidx, &al, + !PACKET_remaining(&spkt))) { OPENSSL_free(rawexts); goto f_err; } |