diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 8e1b502083f9627f7436ab0c0702a54ac42a35fa..c0114457cb502e3fb190bfcb1a658f16b61abf19 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -382,10 +382,11 @@ static int extension_is_relevant(SSL *s, unsigned int extctx, * extensions that we know about. We ignore others. */ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, - RAW_EXTENSION **res, int *al) + RAW_EXTENSION **res, int *al, size_t *len) { PACKET extensions = *packet; size_t i = 0; + size_t num_exts; custom_ext_methods *exts = NULL; RAW_EXTENSION *raw_extensions = NULL; const EXTENSION_DEFINITION *thisexd; @@ -403,9 +404,8 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, exts = &s->cert->cli_ext; } - raw_extensions = OPENSSL_zalloc((OSSL_NELEM(ext_defs) - + (exts != NULL ? exts->meths_count : 0)) - * sizeof(*raw_extensions)); + num_exts = OSSL_NELEM(ext_defs) + (exts != NULL ? exts->meths_count : 0); + raw_extensions = OPENSSL_zalloc(num_exts * sizeof(*raw_extensions)); if (raw_extensions == NULL) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_COLLECT_EXTENSIONS, ERR_R_MALLOC_FAILURE); @@ -454,6 +454,8 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, } *res = raw_extensions; + if (len != NULL) + *len = num_exts; return 1; err: diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 3957a73ede628e60debc30c6b41b2d2f221434f7..614da1b6a7c9309421be7432552395dae5ae155f 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1254,7 +1254,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) context = SSL_IS_TLS13(s) ? EXT_TLS1_3_SERVER_HELLO : EXT_TLS1_2_SERVER_HELLO; - if (!tls_collect_extensions(s, &extpkt, context, &extensions, &al)) + if (!tls_collect_extensions(s, &extpkt, context, &extensions, &al, NULL)) goto f_err; s->hit = 0; @@ -1524,7 +1524,7 @@ static MSG_PROCESS_RETURN tls_process_hello_retry_request(SSL *s, PACKET *pkt) } if (!tls_collect_extensions(s, &extpkt, EXT_TLS1_3_HELLO_RETRY_REQUEST, - &extensions, &al) + &extensions, &al, NULL) || !tls_parse_all_extensions(s, EXT_TLS1_3_HELLO_RETRY_REQUEST, extensions, NULL, 0, &al)) goto f_err; @@ -1596,7 +1596,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) goto f_err; } if (!tls_collect_extensions(s, &extensions, EXT_TLS1_3_CERTIFICATE, - &rawexts, &al) + &rawexts, &al, NULL) || !tls_parse_all_extensions(s, EXT_TLS1_3_CERTIFICATE, rawexts, x, chainidx, &al)) { OPENSSL_free(rawexts); @@ -2399,7 +2399,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) if (!PACKET_as_length_prefixed_2(pkt, &extpkt) || !tls_collect_extensions(s, &extpkt, EXT_TLS1_3_NEW_SESSION_TICKET, - &exts, &al) + &exts, &al, NULL) || !tls_parse_all_extensions(s, EXT_TLS1_3_NEW_SESSION_TICKET, exts, NULL, 0, &al)) { SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, SSL_R_BAD_EXTENSION); @@ -3362,7 +3362,7 @@ static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt) } if (!tls_collect_extensions(s, &extensions, EXT_TLS1_3_ENCRYPTED_EXTENSIONS, - &rawexts, &al) + &rawexts, &al, NULL) || !tls_parse_all_extensions(s, EXT_TLS1_3_ENCRYPTED_EXTENSIONS, rawexts, NULL, 0, &al)) goto err; diff --git a/ssl/statem/statem_locl.h b/ssl/statem/statem_locl.h index 595a803f3062c73584c3e542a425c279895f1f56..9230332bf4393bf6c3d9f2e7d25ab882542a639a 100644 --- a/ssl/statem/statem_locl.h +++ b/ssl/statem/statem_locl.h @@ -167,7 +167,7 @@ __owur int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt); /* Extension processing */ __owur int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, - RAW_EXTENSION **res, int *al); + RAW_EXTENSION **res, int *al, size_t *len); __owur int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context, RAW_EXTENSION *exts, X509 *x, size_t chainidx, int *al); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 0037e79d2ad88d7465354b69063c02da1cddcd0c..28f3b24cd6da374311987407f591e3fe4fadc7ef 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1423,7 +1423,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) /* Preserve the raw extensions PACKET for later use */ extensions = clienthello.extensions; if (!tls_collect_extensions(s, &extensions, EXT_CLIENT_HELLO, - &clienthello.pre_proc_exts, &al)) { + &clienthello.pre_proc_exts, &al, NULL)) { /* SSLerr already been called */ goto f_err; } @@ -3128,7 +3128,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) goto f_err; } if (!tls_collect_extensions(s, &extensions, EXT_TLS1_3_CERTIFICATE, - &rawexts, &al) + &rawexts, &al, NULL) || !tls_parse_all_extensions(s, EXT_TLS1_3_CERTIFICATE, rawexts, x, chainidx, &al)) { OPENSSL_free(rawexts);