diff options
| author | jsing <> | 2024-03-25 03:23:59 +0000 |
|---|---|---|
| committer | jsing <> | 2024-03-25 03:23:59 +0000 |
| commit | 5b2c7b1c97209f380ad76d8f409db7f19ccb1a14 (patch) | |
| tree | e05eb243ae684cc26ee4514eeacd350cf80b8986 | |
| parent | 127ef72c52bbb3a413d932a955742a1916b82acc (diff) | |
| download | openbsd-5b2c7b1c97209f380ad76d8f409db7f19ccb1a14.tar.gz openbsd-5b2c7b1c97209f380ad76d8f409db7f19ccb1a14.tar.bz2 openbsd-5b2c7b1c97209f380ad76d8f409db7f19ccb1a14.zip | |
Decouple TLS extension table order from tlsext_randomize_build_order()
The PSK extension must be the last extension in the client hello. This is
currently implemented by relying on the fact that it is the last extension
in the TLS extension table. Remove this dependency so that we can reorder
the table as needed.
ok tb@
| -rw-r--r-- | src/lib/libssl/ssl_tlsext.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 5dd4b69dc5..7b8164352a 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_tlsext.c,v 1.137 2023/04/28 18:14:59 tb Exp $ */ | 1 | /* $OpenBSD: ssl_tlsext.c,v 1.138 2024/03/25 03:23:59 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -2185,8 +2185,6 @@ static const struct tls_extension tls_extensions[] = { | |||
| 2185 | }, | 2185 | }, |
| 2186 | }, | 2186 | }, |
| 2187 | { | 2187 | { |
| 2188 | /* MUST be last extension in CH per RFC 8446 section 4.2. */ | ||
| 2189 | |||
| 2190 | .type = TLSEXT_TYPE_pre_shared_key, | 2188 | .type = TLSEXT_TYPE_pre_shared_key, |
| 2191 | .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH, | 2189 | .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH, |
| 2192 | .client = { | 2190 | .client = { |
| @@ -2250,6 +2248,7 @@ tlsext_funcs(const struct tls_extension *tlsext, int is_server) | |||
| 2250 | int | 2248 | int |
| 2251 | tlsext_randomize_build_order(SSL *s) | 2249 | tlsext_randomize_build_order(SSL *s) |
| 2252 | { | 2250 | { |
| 2251 | const struct tls_extension *psk_ext; | ||
| 2253 | size_t idx, new_idx, psk_idx; | 2252 | size_t idx, new_idx, psk_idx; |
| 2254 | size_t alpn_idx = 0, sni_idx = 0; | 2253 | size_t alpn_idx = 0, sni_idx = 0; |
| 2255 | 2254 | ||
| @@ -2261,9 +2260,11 @@ tlsext_randomize_build_order(SSL *s) | |||
| 2261 | return 0; | 2260 | return 0; |
| 2262 | s->tlsext_build_order_len = N_TLS_EXTENSIONS; | 2261 | s->tlsext_build_order_len = N_TLS_EXTENSIONS; |
| 2263 | 2262 | ||
| 2264 | /* RFC 8446, section 4.2: PSK must be the last extension in the CH. */ | 2263 | /* RFC 8446, section 4.2 - PSK MUST be the last extension in the CH. */ |
| 2265 | psk_idx = N_TLS_EXTENSIONS - 1; | 2264 | if ((psk_ext = tls_extension_find(TLSEXT_TYPE_pre_shared_key, |
| 2266 | s->tlsext_build_order[psk_idx] = &tls_extensions[psk_idx]; | 2265 | &psk_idx)) == NULL) |
| 2266 | return 0; | ||
| 2267 | s->tlsext_build_order[N_TLS_EXTENSIONS - 1] = psk_ext; | ||
| 2267 | 2268 | ||
| 2268 | /* Fisher-Yates shuffle with PSK fixed. */ | 2269 | /* Fisher-Yates shuffle with PSK fixed. */ |
| 2269 | for (idx = 0; idx < psk_idx; idx++) { | 2270 | for (idx = 0; idx < psk_idx; idx++) { |