From 58ece83395dadd910842926f367474bfefcb982a Mon Sep 17 00:00:00 2001
From: =?utf8?q?Bodo=20M=C3=B6ller?= <bodo@openssl.org>
Date: Fri, 13 Jan 2006 09:21:10 +0000
Subject: [PATCH] Further TLS extension improvements

Submitted by: Peter Sylvester
---
 ssl/s3_clnt.c  | 23 +++++------------------
 ssl/s3_srvr.c  | 50 ++++++++++++++++++--------------------------------
 ssl/ssl_locl.h |  2 +-
 ssl/t1_lib.c   | 25 ++++++++++++++++++-------
 4 files changed, 42 insertions(+), 58 deletions(-)

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index d50f588b94..995c8298b8 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -255,25 +255,7 @@ int ssl3_connect(SSL *s)
 		case SSL3_ST_CR_SRVR_HELLO_B:
 			ret=ssl3_get_server_hello(s);
 			if (ret <= 0) goto end;
-#ifndef OPENSSL_NO_TLSEXT
-			{
-				int al;
-				switch (ssl_check_tlsext(s,&al))
-					{
-				case SSL_TLSEXT_ERR_ALERT_FATAL:
-					ssl3_send_alert(s,SSL3_AL_FATAL,al);
-					SSLerr(SSL_F_SSL3_CONNECT,SSL_R_SERVERHELLO_TLS_EXT);
-					ret = -1;
-					goto end;
 
-				case SSL_TLSEXT_ERR_ALERT_WARNING:
-					ssl3_send_alert(s,SSL3_AL_WARNING,al); 
-					
-				default:
-					;
-					}
-			}
-#endif
 			if (s->hit)
 				s->state=SSL3_ST_CR_FINISHED_A;
 			else
@@ -822,6 +804,11 @@ int ssl3_get_server_hello(SSL *s)
 			SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_PARSE_TLS_EXT);
 			goto f_err; 
 			}
+		if (ssl_check_tlsext(s,0) <= 0)
+			{
+			SSLerr(SSL_F_SSL3_CONNECT,SSL_R_SERVERHELLO_TLS_EXT);
+				goto err;
+			}
 		}
 #endif
 
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 28d425a468..479b281c7d 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -281,25 +281,7 @@ int ssl3_accept(SSL *s)
 			s->shutdown=0;
 			ret=ssl3_get_client_hello(s);
 			if (ret <= 0) goto end;
-#ifndef OPENSSL_NO_TLSEXT
-			{
-				int al;
-				switch (ssl_check_tlsext(s,&al))
-					{
-				case SSL_TLSEXT_ERR_ALERT_FATAL:
-					ssl3_send_alert(s,SSL3_AL_FATAL,al); 
-					SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_CLIENTHELLO_TLS_EXT);
-					ret = -1;
-					goto end;
-
-				case SSL_TLSEXT_ERR_ALERT_WARNING:
-					ssl3_send_alert(s,SSL3_AL_WARNING,al); 
-					
-				default:
-					break;
-					}
-			}
-#endif
+			
 			s->new_session = 2;
 			s->state=SSL3_ST_SW_SRVR_HELLO_A;
 			s->init_num=0;
@@ -914,6 +896,23 @@ int ssl3_get_client_hello(SSL *s)
 		goto f_err;
 		}
 
+#ifndef OPENSSL_NO_TLSEXT
+	/* TLS extensions*/
+	if (s->version > SSL3_VERSION)
+		{
+		if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al))
+			{
+			/* 'al' set by ssl_parse_clienthello_tlsext */
+			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLS_EXT);
+			goto f_err;
+			}
+		}
+		if (ssl_check_tlsext(s,1) <= 0) {
+			SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_CLIENTHELLO_TLS_EXT);
+			goto err;
+		}
+#endif
+
 	/* Worst case, we will use the NULL compression, but if we have other
 	 * options, we will now look for them.  We have i-1 compression
 	 * algorithms from the client, starting at q. */
@@ -945,19 +944,6 @@ int ssl3_get_client_hello(SSL *s)
 		}
 #endif
 
-#ifndef OPENSSL_NO_TLSEXT
-	/* TLS extensions*/
-	if (s->version > SSL3_VERSION)
-		{
-		if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al))
-			{
-			/* 'al' set by ssl_parse_clienthello_tlsext */
-			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLS_EXT);
-			goto f_err;
-			}
-		}
-#endif
-
 	/* Given s->session->ciphers and SSL_get_ciphers, we must
 	 * pick a cipher */
 
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index ccc490aaf1..f8ec859c6f 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -945,6 +945,6 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); 
 int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
 int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
-int ssl_check_tlsext(SSL *s,int *al);
+int ssl_check_tlsext(SSL *s, int is_server);
 #endif
 #endif
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 1aa5e90bbf..abbde22ef3 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -387,19 +387,30 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 	return 1;
 }
 
-int ssl_check_tlsext(SSL *s,int *al)
+int ssl_check_tlsext(SSL *s, int is_server)
 	{
 	int ret=SSL_TLSEXT_ERR_NOACK;
 
-	*al = SSL_AD_UNRECOGNIZED_NAME;
+	int al = SSL_AD_UNRECOGNIZED_NAME;
 
 	if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) 
-		ret = s->ctx->tlsext_servername_callback(s, al, s->ctx->tlsext_servername_arg);
+		ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
 	else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) 		
-		ret = s->initial_ctx->tlsext_servername_callback(s, al, s->initial_ctx->tlsext_servername_arg);
+		ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
 
-	if (ret == SSL_TLSEXT_ERR_NOACK) 
-		s->servername_done=0;
-	return ret;
+	switch (ret) {
+		case SSL_TLSEXT_ERR_ALERT_FATAL:
+			ssl3_send_alert(s,SSL3_AL_FATAL,al); 
+			return -1;
+
+		case SSL_TLSEXT_ERR_ALERT_WARNING:
+			ssl3_send_alert(s,SSL3_AL_WARNING,al);
+			return 1; 
+					
+		case SSL_TLSEXT_ERR_NOACK:
+			s->servername_done=0;
+			default:
+		return 1;
 	}
+}
 #endif
-- 
2.25.1