diff options
| author | jsing <> | 2020-01-25 12:37:06 +0000 |
|---|---|---|
| committer | jsing <> | 2020-01-25 12:37:06 +0000 |
| commit | 983569c934334fd995b6125aaaf9693d017ad9d2 (patch) | |
| tree | 0a588a3aa0c389df6c29103ddd09fc3749c66ea9 | |
| parent | 74477b68f746b2effaedcba6a34947c12f2272b9 (diff) | |
| download | openbsd-983569c934334fd995b6125aaaf9693d017ad9d2.tar.gz openbsd-983569c934334fd995b6125aaaf9693d017ad9d2.tar.bz2 openbsd-983569c934334fd995b6125aaaf9693d017ad9d2.zip | |
Only discard the extension block for client hello and server hello
messages.
TLSv1.3 messages that include extensions need a length prefixed field with
zero bytes, rather than no data at all.
ok beck@ tb@
| -rw-r--r-- | src/lib/libssl/ssl_tlsext.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index b76a48b99a..24f2bd5022 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_tlsext.c,v 1.55 2020/01/25 12:31:42 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_tlsext.c,v 1.56 2020/01/25 12:37:06 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -1918,7 +1918,8 @@ tlsext_build(SSL *s, CBB *cbb, int is_server, uint16_t msg_type) | |||
| 1918 | extensions_present = 1; | 1918 | extensions_present = 1; |
| 1919 | } | 1919 | } |
| 1920 | 1920 | ||
| 1921 | if (!extensions_present) | 1921 | if (!extensions_present && |
| 1922 | (msg_type & (SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH)) != 0) | ||
| 1922 | CBB_discard_child(cbb); | 1923 | CBB_discard_child(cbb); |
| 1923 | 1924 | ||
| 1924 | if (!CBB_flush(cbb)) | 1925 | if (!CBB_flush(cbb)) |