X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fstatem%2Fextensions_cust.c;h=0a23630cf2f4abd83a5e0adeaa124677c9ad2bd8;hp=055c850abe87d105cbabb604b2d5fa750a8f8a29;hb=f63a17d66dec01c123630682e0b20450b34c086a;hpb=4752c5deb20cae92a7146c4b89ad41045a041970 diff --git a/ssl/statem/extensions_cust.c b/ssl/statem/extensions_cust.c index 055c850abe..0a23630cf2 100644 --- a/ssl/statem/extensions_cust.c +++ b/ssl/statem/extensions_cust.c @@ -112,8 +112,9 @@ void custom_ext_init(custom_ext_methods *exts) /* Pass received custom extension data to the application for parsing. */ int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type, const unsigned char *ext_data, size_t ext_size, X509 *x, - size_t chainidx, int *al) + size_t chainidx) { + int al; custom_ext_methods *exts = &s->cert->custext; custom_ext_method *meth; ENDPOINT role = ENDPOINT_BOTH; @@ -138,7 +139,8 @@ int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type, * extensions not sent in ClientHello. */ if ((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0) { - *al = TLS1_AD_UNSUPPORTED_EXTENSION; + SSLfatal(s, TLS1_AD_UNSUPPORTED_EXTENSION, SSL_F_CUSTOM_EXT_PARSE, + SSL_R_BAD_EXTENSION); return 0; } } @@ -155,8 +157,13 @@ int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type, if (!meth->parse_cb) return 1; - return meth->parse_cb(s, ext_type, context, ext_data, ext_size, x, chainidx, - al, meth->parse_arg); + if (meth->parse_cb(s, ext_type, context, ext_data, ext_size, x, chainidx, + &al, meth->parse_arg) <= 0) { + SSLfatal(s, al, SSL_F_CUSTOM_EXT_PARSE, SSL_R_BAD_EXTENSION); + return 0; + } + + return 1; } /* @@ -164,11 +171,12 @@ int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type, * buffer. */ int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx, - int maxversion, int *al) + int maxversion) { custom_ext_methods *exts = &s->cert->custext; custom_ext_method *meth; size_t i; + int al; for (i = 0; i < exts->meths_count; i++) { const unsigned char *out = NULL; @@ -197,11 +205,13 @@ int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx, if (meth->add_cb != NULL) { int cb_retval = meth->add_cb(s, meth->ext_type, context, &out, - &outlen, x, chainidx, al, + &outlen, x, chainidx, &al, meth->add_arg); - if (cb_retval < 0) + if (cb_retval < 0) { + SSLfatal(s, al, SSL_F_CUSTOM_EXT_ADD, SSL_R_CALLBACK_FAILED); return 0; /* error */ + } if (cb_retval == 0) continue; /* skip this extension */ } @@ -210,7 +220,8 @@ int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx, || !WPACKET_start_sub_packet_u16(pkt) || (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen)) || !WPACKET_close(pkt)) { - *al = SSL_AD_INTERNAL_ERROR; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CUSTOM_EXT_ADD, + ERR_R_INTERNAL_ERROR); return 0; } if ((context & SSL_EXT_CLIENT_HELLO) != 0) { @@ -218,7 +229,8 @@ int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx, * We can't send duplicates: code logic should prevent this. */ if (!ossl_assert((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0)) { - *al = SSL_AD_INTERNAL_ERROR; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CUSTOM_EXT_ADD, + ERR_R_INTERNAL_ERROR); return 0; } /*