Only reset TLS extension state when parsing client hello or server hello.

With TLSv1.3 we end up parsing extensions from more than just these two
messages. This can result in variables (like the selected alpn) being
freed when things still need them.

ok tb@

1 files changed, 7 insertions, 5 deletions

diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index bc122686c9..65e53f93be 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.65 2020/05/09 15:05:50 beck Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.66 2020/05/10 14:07:01 jsing Exp $ */
 /*
  * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -2061,8 +2061,9 @@ tlsext_server_build(SSL *s, CBB *cbb, uint16_t msg_type)
 int
 tlsext_server_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type)
 {
-        /* XXX - this possibly should be done by the caller... */
-        tlsext_server_reset_state(s);
+        /* XXX - this should be done by the caller... */
+        if (msg_type == SSL_TLSEXT_MSG_CH)
+                tlsext_server_reset_state(s);
 
         return tlsext_parse(s, cbs, alert, 1, msg_type);
 }
@@ -2084,8 +2085,9 @@ tlsext_client_build(SSL *s, CBB *cbb, uint16_t msg_type)
 int
 tlsext_client_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type)
 {
-        /* XXX - this possibly should be done by the caller... */
-        tlsext_client_reset_state(s);
+        /* XXX - this should be done by the caller... */
+        if (msg_type == SSL_TLSEXT_MSG_SH)
+                tlsext_client_reset_state(s);
 
         return tlsext_parse(s, cbs, alert, 0, msg_type);
 }