From fc5ece2ee4c7ef41759c2267eccbe08df3245721 Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Mon, 23 Jan 2017 16:56:43 -0600 Subject: [PATCH] output number of exts from tls_collect_extensions() Modify the API of tls_collect_extensions() to be able to output the number of extensions that are known (i.e., the length of its 'res' output). This number can never be zero on a successful return due to the builtin extensions list, but use a separate output variable so as to not overload the return value semantics. Having this value easily available will give consumers a way to avoid repeating the calculation. Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2279) --- ssl/statem/extensions.c | 10 ++++++---- ssl/statem/statem_clnt.c | 10 +++++----- ssl/statem/statem_locl.h | 2 +- ssl/statem/statem_srvr.c | 4 ++-- 4 files changed, 14 insertions(+), 12 deletions(-) diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 8e1b502083..c0114457cb 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -382,10 +382,11 @@ static int extension_is_relevant(SSL *s, unsigned int extctx, * extensions that we know about. We ignore others. */ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, - RAW_EXTENSION **res, int *al) + RAW_EXTENSION **res, int *al, size_t *len) { PACKET extensions = *packet; size_t i = 0; + size_t num_exts; custom_ext_methods *exts = NULL; RAW_EXTENSION *raw_extensions = NULL; const EXTENSION_DEFINITION *thisexd; @@ -403,9 +404,8 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, exts = &s->cert->cli_ext; } - raw_extensions = OPENSSL_zalloc((OSSL_NELEM(ext_defs) - + (exts != NULL ? exts->meths_count : 0)) - * sizeof(*raw_extensions)); + num_exts = OSSL_NELEM(ext_defs) + (exts != NULL ? exts->meths_count : 0); + raw_extensions = OPENSSL_zalloc(num_exts * sizeof(*raw_extensions)); if (raw_extensions == NULL) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_COLLECT_EXTENSIONS, ERR_R_MALLOC_FAILURE); @@ -454,6 +454,8 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, } *res = raw_extensions; + if (len != NULL) + *len = num_exts; return 1; err: diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 3957a73ede..614da1b6a7 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1254,7 +1254,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) context = SSL_IS_TLS13(s) ? EXT_TLS1_3_SERVER_HELLO : EXT_TLS1_2_SERVER_HELLO; - if (!tls_collect_extensions(s, &extpkt, context, &extensions, &al)) + if (!tls_collect_extensions(s, &extpkt, context, &extensions, &al, NULL)) goto f_err; s->hit = 0; @@ -1524,7 +1524,7 @@ static MSG_PROCESS_RETURN tls_process_hello_retry_request(SSL *s, PACKET *pkt) } if (!tls_collect_extensions(s, &extpkt, EXT_TLS1_3_HELLO_RETRY_REQUEST, - &extensions, &al) + &extensions, &al, NULL) || !tls_parse_all_extensions(s, EXT_TLS1_3_HELLO_RETRY_REQUEST, extensions, NULL, 0, &al)) goto f_err; @@ -1596,7 +1596,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) goto f_err; } if (!tls_collect_extensions(s, &extensions, EXT_TLS1_3_CERTIFICATE, - &rawexts, &al) + &rawexts, &al, NULL) || !tls_parse_all_extensions(s, EXT_TLS1_3_CERTIFICATE, rawexts, x, chainidx, &al)) { OPENSSL_free(rawexts); @@ -2399,7 +2399,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) if (!PACKET_as_length_prefixed_2(pkt, &extpkt) || !tls_collect_extensions(s, &extpkt, EXT_TLS1_3_NEW_SESSION_TICKET, - &exts, &al) + &exts, &al, NULL) || !tls_parse_all_extensions(s, EXT_TLS1_3_NEW_SESSION_TICKET, exts, NULL, 0, &al)) { SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, SSL_R_BAD_EXTENSION); @@ -3362,7 +3362,7 @@ static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt) } if (!tls_collect_extensions(s, &extensions, EXT_TLS1_3_ENCRYPTED_EXTENSIONS, - &rawexts, &al) + &rawexts, &al, NULL) || !tls_parse_all_extensions(s, EXT_TLS1_3_ENCRYPTED_EXTENSIONS, rawexts, NULL, 0, &al)) goto err; diff --git a/ssl/statem/statem_locl.h b/ssl/statem/statem_locl.h index 595a803f30..9230332bf4 100644 --- a/ssl/statem/statem_locl.h +++ b/ssl/statem/statem_locl.h @@ -167,7 +167,7 @@ __owur int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt); /* Extension processing */ __owur int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, - RAW_EXTENSION **res, int *al); + RAW_EXTENSION **res, int *al, size_t *len); __owur int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context, RAW_EXTENSION *exts, X509 *x, size_t chainidx, int *al); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 0037e79d2a..28f3b24cd6 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1423,7 +1423,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) /* Preserve the raw extensions PACKET for later use */ extensions = clienthello.extensions; if (!tls_collect_extensions(s, &extensions, EXT_CLIENT_HELLO, - &clienthello.pre_proc_exts, &al)) { + &clienthello.pre_proc_exts, &al, NULL)) { /* SSLerr already been called */ goto f_err; } @@ -3128,7 +3128,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) goto f_err; } if (!tls_collect_extensions(s, &extensions, EXT_TLS1_3_CERTIFICATE, - &rawexts, &al) + &rawexts, &al, NULL) || !tls_parse_all_extensions(s, EXT_TLS1_3_CERTIFICATE, rawexts, x, chainidx, &al)) { OPENSSL_free(rawexts); -- 2.34.1