Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
authorDr. Stephen Henson <steve@openssl.org>
Fri, 6 Apr 2012 11:18:40 +0000 (11:18 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 6 Apr 2012 11:18:40 +0000 (11:18 +0000)
Localize client hello extension parsing in t1_lib.c

ssl/s3_srvr.c
ssl/ssl_locl.h
ssl/t1_lib.c

index 296e27f..ebf4324 100644 (file)
@@ -1177,16 +1177,11 @@ int ssl3_get_client_hello(SSL *s)
        /* TLS extensions*/
        if (s->version >= SSL3_VERSION)
                {
-               if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al))
+               if (!ssl_parse_clienthello_tlsext(s,&p,d,n))
                        {
-                       /* 'al' set by ssl_parse_clienthello_tlsext */
                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLSEXT);
-                       goto f_err;
-                       }
-               }
-               if (ssl_check_clienthello_tlsext(s) <= 0) {
-                       SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
                        goto err;
+                       }
                }
 
        /* Check if we want to use external pre-shared secret for this
index 32f1a61..c340ac3 100644 (file)
@@ -1120,7 +1120,7 @@ int tls1_shared_list(SSL *s,
                        int nmatch);
 unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); 
 unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); 
-int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
+int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n);
 int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
 int ssl_prepare_clienthello_tlsext(SSL *s);
 int ssl_prepare_serverhello_tlsext(SSL *s);
index 7392439..b75b028 100644 (file)
@@ -1175,8 +1175,8 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
        return ret;
        }
 
-int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
-       {
+static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) 
+       {       
        unsigned short type;
        unsigned short size;
        unsigned short len;
@@ -1669,6 +1669,23 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
        return 1;
        }
 
+int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n) 
+       {
+       int al = -1;
+       if (ssl_scan_clienthello_tlsext(s, p, d, n, &al) <= 0) 
+               {
+               ssl3_send_alert(s,SSL3_AL_FATAL,al); 
+               return 0;
+               }
+
+       if (ssl_check_clienthello_tlsext(s) <= 0) 
+               {
+               SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
+               return 0;
+               }
+       return 1;
+}
+
 #ifndef OPENSSL_NO_NEXTPROTONEG
 /* ssl_next_proto_validate validates a Next Protocol Negotiation block. No
  * elements of zero length are allowed and the set of elements must exactly fill