Call init and finalization functions per extension message

Previously, init and finalization function for extensions are called per extension block, rather than per message. This commit changes that behaviour, and now they are called per message. The parse function is still called per extension block. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3244)
author: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> 2017-04-18 23:59:39 +0900
committer: Matt Caswell <matt@openssl.org> 2017-04-26 16:56:35 +0100
commit: 735d5b59df341236a6c9bb51ebdfebf9119ebeab (patch)
tree: 3462d05f60d54f866f9a0051bbb01910d4f173c8 /ssl/statem/statem_srvr.c
parent: b89646684d920d3014979f8a73b96aecb61c7b1f (diff)
download: openssl-735d5b59df341236a6c9bb51ebdfebf9119ebeab.zip
openssl-735d5b59df341236a6c9bb51ebdfebf9119ebeab.tar.gz
openssl-735d5b59df341236a6c9bb51ebdfebf9119ebeab.tar.bz2
1 files changed, 5 insertions, 4 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index d751502..f6ecbf7 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1426,7 +1426,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
     extensions = clienthello->extensions;
     if (!tls_collect_extensions(s, &extensions, SSL_EXT_CLIENT_HELLO,
                                 &clienthello->pre_proc_exts, &al,
-                                &clienthello->pre_proc_exts_len)) {
+                                &clienthello->pre_proc_exts_len, 1)) {
         /* SSLerr already been called */
         goto f_err;
     }
@@ -1690,7 +1690,7 @@ static int tls_early_post_process_client_hello(SSL *s, int *pal)
 
     /* TLS extensions */
     if (!tls_parse_all_extensions(s, SSL_EXT_CLIENT_HELLO,
-                                  clienthello->pre_proc_exts, NULL, 0, &al)) {
+                                  clienthello->pre_proc_exts, NULL, 0, &al, 1)) {
         SSLerr(SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, SSL_R_PARSE_TLSEXT);
         goto err;
     }
@@ -3217,9 +3217,10 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
             }
             if (!tls_collect_extensions(s, &extensions,
                                         SSL_EXT_TLS1_3_CERTIFICATE, &rawexts,
-                                        &al, NULL)
+                                        &al, NULL, chainidx == 0)
                     || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE,
-                                                 rawexts, x, chainidx, &al)) {
+                                                 rawexts, x, chainidx, &al,
+                                                 !PACKET_remaining(&spkt))) {
                 OPENSSL_free(rawexts);
                 goto f_err;
             }
author	Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>	2017-04-18 23:59:39 +0900
committer	Matt Caswell <matt@openssl.org>	2017-04-26 16:56:35 +0100
commit	735d5b59df341236a6c9bb51ebdfebf9119ebeab (patch)
tree	3462d05f60d54f866f9a0051bbb01910d4f173c8 /ssl/statem/statem_srvr.c
parent	b89646684d920d3014979f8a73b96aecb61c7b1f (diff)
download	openssl-735d5b59df341236a6c9bb51ebdfebf9119ebeab.zip openssl-735d5b59df341236a6c9bb51ebdfebf9119ebeab.tar.gz openssl-735d5b59df341236a6c9bb51ebdfebf9119ebeab.tar.bz2