Commit fc5ece2e authored by Benjamin Kaduk's avatar Benjamin Kaduk Committed by Richard Levitte
Browse files

output number of exts from tls_collect_extensions() 



Modify the API of tls_collect_extensions() to be able to output the number of
extensions that are known (i.e., the length of its 'res' output).  This number
can never be zero on a successful return due to the builtin extensions list,
but use a separate output variable so as to not overload the return value
semantics.

Having this value easily available will give consumers a way to avoid repeating
the calculation.

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2279)
parent 46958a04

ssl/statem/extensions.c

+6 −4
Original line number Diff line number Diff line
@@ -382,10 +382,11 @@ static int extension_is_relevant(SSL *s, unsigned int extctx, 
 * extensions that we know about. We ignore others.

 */

int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,

                           RAW_EXTENSION **res, int *al)

                           RAW_EXTENSION **res, int *al, size_t *len)

{

    PACKET extensions = *packet;

    size_t i = 0;

    size_t num_exts;

    custom_ext_methods *exts = NULL;

    RAW_EXTENSION *raw_extensions = NULL;

    const EXTENSION_DEFINITION *thisexd;
@@ -403,9 +404,8 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, 
        exts = &s->cert->cli_ext;

    }



    raw_extensions = OPENSSL_zalloc((OSSL_NELEM(ext_defs)

                                     + (exts != NULL ? exts->meths_count : 0))

                                     * sizeof(*raw_extensions));

    num_exts = OSSL_NELEM(ext_defs) + (exts != NULL ? exts->meths_count : 0);

    raw_extensions = OPENSSL_zalloc(num_exts * sizeof(*raw_extensions));

    if (raw_extensions == NULL) {

        *al = SSL_AD_INTERNAL_ERROR;

        SSLerr(SSL_F_TLS_COLLECT_EXTENSIONS, ERR_R_MALLOC_FAILURE);
@@ -454,6 +454,8 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, 
    }



    *res = raw_extensions;

    if (len != NULL)

        *len = num_exts;

    return 1;



 err:

ssl/statem/statem_clnt.c

+5 −5
Original line number Diff line number Diff line
@@ -1254,7 +1254,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) 


    context = SSL_IS_TLS13(s) ? EXT_TLS1_3_SERVER_HELLO

                              : EXT_TLS1_2_SERVER_HELLO;

    if (!tls_collect_extensions(s, &extpkt, context, &extensions, &al))

    if (!tls_collect_extensions(s, &extpkt, context, &extensions, &al, NULL))

        goto f_err;



    s->hit = 0;
@@ -1524,7 +1524,7 @@ static MSG_PROCESS_RETURN tls_process_hello_retry_request(SSL *s, PACKET *pkt) 
    }



    if (!tls_collect_extensions(s, &extpkt, EXT_TLS1_3_HELLO_RETRY_REQUEST,

                                &extensions, &al)

                                &extensions, &al, NULL)

            || !tls_parse_all_extensions(s, EXT_TLS1_3_HELLO_RETRY_REQUEST,

                                         extensions, NULL, 0, &al))

        goto f_err;
@@ -1596,7 +1596,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) 
                goto f_err;

            }

            if (!tls_collect_extensions(s, &extensions, EXT_TLS1_3_CERTIFICATE,

                                        &rawexts, &al)

                                        &rawexts, &al, NULL)

                    || !tls_parse_all_extensions(s, EXT_TLS1_3_CERTIFICATE,

                                                 rawexts, x, chainidx, &al)) {

                OPENSSL_free(rawexts);
@@ -2399,7 +2399,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) 
        if (!PACKET_as_length_prefixed_2(pkt, &extpkt)

                || !tls_collect_extensions(s, &extpkt,

                                           EXT_TLS1_3_NEW_SESSION_TICKET,

                                           &exts, &al)

                                           &exts, &al, NULL)

                || !tls_parse_all_extensions(s, EXT_TLS1_3_NEW_SESSION_TICKET,

                                             exts, NULL, 0, &al)) {

            SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, SSL_R_BAD_EXTENSION);
@@ -3362,7 +3362,7 @@ static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt) 
    }



    if (!tls_collect_extensions(s, &extensions, EXT_TLS1_3_ENCRYPTED_EXTENSIONS,

                                &rawexts, &al)

                                &rawexts, &al, NULL)

            || !tls_parse_all_extensions(s, EXT_TLS1_3_ENCRYPTED_EXTENSIONS,

                                         rawexts, NULL, 0, &al))

        goto err;

ssl/statem/statem_locl.h

+1 −1
Original line number Diff line number Diff line
@@ -167,7 +167,7 @@ __owur int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt); 
/* Extension processing */



__owur int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,

                                  RAW_EXTENSION **res, int *al);

                                  RAW_EXTENSION **res, int *al, size_t *len);

__owur int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context,

                               RAW_EXTENSION *exts,  X509 *x, size_t chainidx,

                               int *al);

ssl/statem/statem_srvr.c

+2 −2
Original line number Diff line number Diff line
@@ -1423,7 +1423,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) 
    /* Preserve the raw extensions PACKET for later use */

    extensions = clienthello.extensions;

    if (!tls_collect_extensions(s, &extensions, EXT_CLIENT_HELLO,

                                &clienthello.pre_proc_exts, &al)) {

                                &clienthello.pre_proc_exts, &al, NULL)) {

        /* SSLerr already been called */

        goto f_err;

    }
@@ -3128,7 +3128,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) 
                goto f_err;

            }

            if (!tls_collect_extensions(s, &extensions, EXT_TLS1_3_CERTIFICATE,

                                        &rawexts, &al)

                                        &rawexts, &al, NULL)

                    || !tls_parse_all_extensions(s, EXT_TLS1_3_CERTIFICATE,

                                                 rawexts, x, chainidx, &al)) {

                OPENSSL_free(rawexts);