Make sure we reset the read sequence when skipping records

[openssl.git] / ssl / t1_ext.c

diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c
index 2db949d8acc599b1bb91bd0817e73c1ce0990e5c..b19e75231faecc7f73a4acc1a787b01a21b19a31 100644 (file)
--- a/ssl/t1_ext.c
+++ b/ssl/t1_ext.c
@@ -12,7 +12,6 @@
 #include <openssl/ct.h>
 #include "ssl_locl.h"
 
-
 /* Find a custom extension from the list. */
 static custom_ext_method *custom_ext_find(const custom_ext_methods *exts,
                                           unsigned int ext_type)
@@ -68,25 +67,23 @@ int custom_ext_parse(SSL *s, int server,
     if (!meth->parse_cb)
         return 1;
 
-    return meth->parse_cb(s, ext_type, ext_data, ext_size, al,
-                          meth->parse_arg);
+    return meth->parse_cb(s, ext_type, ext_data, ext_size, al, meth->parse_arg);
 }
 
 /*
  * Request custom extension data from the application and add to the return
  * buffer.
  */
-int custom_ext_add(SSL *s, int server,
-                   unsigned char **pret, unsigned char *limit, int *al)
+int custom_ext_add(SSL *s, int server, WPACKET *pkt, int *al)
 {
     custom_ext_methods *exts = server ? &s->cert->srv_ext : &s->cert->cli_ext;
     custom_ext_method *meth;
-    unsigned char *ret = *pret;
     size_t i;
 
     for (i = 0; i < exts->meths_count; i++) {
         const unsigned char *out = NULL;
         size_t outlen = 0;
+
         meth = exts->meths + i;
 
         if (server) {
@@ -108,13 +105,13 @@ int custom_ext_add(SSL *s, int server,
             if (cb_retval == 0)
                 continue;       /* skip this extension */
         }
-        if (4 > limit - ret || outlen > (size_t)(limit - ret - 4))
+
+        if (!WPACKET_put_bytes_u16(pkt, meth->ext_type)
+                || !WPACKET_start_sub_packet_u16(pkt)
+                || (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen))
+                || !WPACKET_close(pkt)) {
+            *al = SSL_AD_INTERNAL_ERROR;
             return 0;
-        s2n(meth->ext_type, ret);
-        s2n(outlen, ret);
-        if (outlen) {
-            memcpy(ret, out, outlen);
-            ret += outlen;
         }
         /*
          * We can't send duplicates: code logic should prevent this.
@@ -129,7 +126,6 @@ int custom_ext_add(SSL *s, int server,
         if (meth->free_cb)
             meth->free_cb(s, meth->ext_type, out, meth->add_arg);
     }
-    *pret = ret;
     return 1;
 }
 
@@ -139,7 +135,7 @@ int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src)
     if (src->meths_count) {
         dst->meths =
             OPENSSL_memdup(src->meths,
-                       sizeof(custom_ext_method) * src->meths_count);
+                           sizeof(custom_ext_method) * src->meths_count);
         if (dst->meths == NULL)
             return 0;
         dst->meths_count = src->meths_count;
@@ -183,12 +179,8 @@ static int custom_ext_meth_add(custom_ext_methods *exts,
     tmp = OPENSSL_realloc(exts->meths,
                           (exts->meths_count + 1) * sizeof(custom_ext_method));
 
-    if (tmp == NULL) {
-        OPENSSL_free(exts->meths);
-        exts->meths = NULL;
-        exts->meths_count = 0;
+    if (tmp == NULL)
         return 0;
-    }
 
     exts->meths = tmp;
     meth = exts->meths + exts->meths_count;
@@ -214,8 +206,7 @@ int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
                                   custom_ext_add_cb add_cb,
                                   custom_ext_free_cb free_cb,
                                   void *add_arg,
-                                  custom_ext_parse_cb parse_cb,
-                                  void *parse_arg)
+                                  custom_ext_parse_cb parse_cb, void *parse_arg)
 {
 #ifndef OPENSSL_NO_CT
     /*
@@ -235,8 +226,7 @@ int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
                                   custom_ext_add_cb add_cb,
                                   custom_ext_free_cb free_cb,
                                   void *add_arg,
-                                  custom_ext_parse_cb parse_cb,
-                                  void *parse_arg)
+                                  custom_ext_parse_cb parse_cb, void *parse_arg)
 {
     return custom_ext_meth_add(&ctx->cert->srv_ext, ext_type,
                                add_cb, free_cb, add_arg, parse_cb, parse_arg);
@@ -248,8 +238,7 @@ int SSL_extension_supported(unsigned int ext_type)
         /* Internally supported extensions. */
     case TLSEXT_TYPE_application_layer_protocol_negotiation:
     case TLSEXT_TYPE_ec_point_formats:
-    case TLSEXT_TYPE_elliptic_curves:
-    case TLSEXT_TYPE_heartbeat:
+    case TLSEXT_TYPE_supported_groups:
 #ifndef OPENSSL_NO_NEXTPROTONEG
     case TLSEXT_TYPE_next_proto_neg:
 #endif
@@ -265,6 +254,9 @@ int SSL_extension_supported(unsigned int ext_type)
 #ifdef TLSEXT_TYPE_encrypt_then_mac
     case TLSEXT_TYPE_encrypt_then_mac:
 #endif
+    case TLSEXT_TYPE_key_share:
+    case TLSEXT_TYPE_supported_versions:
+    case TLSEXT_TYPE_extended_master_secret:
         return 1;
     default:
         return 0;