Add tls_extension_seen(), a utility to know if a particular extension

has been seen in the handshake so far. Use it for keyshare. ok tb@
author: beck <> 2019-01-28 15:44:33 +0000
committer: beck <> 2019-01-28 15:44:33 +0000
commit: e63b7ae874b05fb05048729a234f46ee3758b8bc (patch)
tree: dec5e3f4e629478f057e2746b1ea05dfaabc04ef /src/lib
parent: 41e9b2791e46049e95a98c9788b652226cfddb0a (diff)
download: openbsd-e63b7ae874b05fb05048729a234f46ee3758b8bc.tar.gz
openbsd-e63b7ae874b05fb05048729a234f46ee3758b8bc.tar.bz2
openbsd-e63b7ae874b05fb05048729a234f46ee3758b8bc.zip
2 files changed, 15 insertions, 9 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 20acb43ccf..cd939decbf 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.36 2019/01/24 02:56:41 beck Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.37 2019/01/28 15:44:33 beck Exp $ */
 /*
 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1333,14 +1333,10 @@ tlsext_keyshare_server_parse(SSL *s, CBS *cbs, int *alert)
 int
 tlsext_keyshare_server_needs(SSL *s)
 {
-        size_t idx;
        if (SSL_IS_DTLS(s) || s->version < TLS1_3_VERSION)
                return 0;
-        if (tls_extension_find(TLSEXT_TYPE_key_share, &idx) == NULL)
-                return 0;
+        return tlsext_extension_seen(s, TLSEXT_TYPE_key_share);
-        /* XXX move seen check to a function */
-        return ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0);
 }
 int
@@ -1879,6 +1875,16 @@ tls_extension_find(uint16_t type, size_t *tls_extensions_idx)
        return NULL;
 }
+int
+tlsext_extension_seen(SSL *s, uint16_t type)
+{
+        size_t idx;
+        if (tls_extension_find(type, &idx) == NULL)
+                return 0;
+        return ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0);
+}
 static struct tls_extension_funcs *
 tlsext_funcs(struct tls_extension *tlsext, int is_server)
 {
@@ -1988,7 +1994,6 @@ tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server, uint16_t msg_type)
                }
                /* Check for duplicate known extensions. */
-                /* XXX move seen check to a function */
                if ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0)
                        return 0;
                S3I(s)->hs.extensions_seen |= (1 << idx);
diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h
index 2f90a03ee9..2121ef662a 100644
--- a/src/lib/libssl/ssl_tlsext.h
+++ b/src/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.h,v 1.20 2019/01/24 02:56:41 beck Exp $ */
+/* $OpenBSD: ssl_tlsext.h,v 1.21 2019/01/28 15:44:33 beck Exp $ */
 /*
 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -124,6 +124,7 @@ int tlsext_server_build(SSL *s, CBB *cbb, uint16_t msg_type);
 int tlsext_server_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type);
 struct tls_extension *tls_extension_find(uint16_t, size_t *);
+int tlsext_extension_seen(SSL *s, uint16_t);
 __END_HIDDEN_DECLS
 #endif
author	beck <>	2019-01-28 15:44:33 +0000
committer	beck <>	2019-01-28 15:44:33 +0000
commit	e63b7ae874b05fb05048729a234f46ee3758b8bc (patch)
tree	dec5e3f4e629478f057e2746b1ea05dfaabc04ef /src/lib
parent	41e9b2791e46049e95a98c9788b652226cfddb0a (diff)
download	openbsd-e63b7ae874b05fb05048729a234f46ee3758b8bc.tar.gz openbsd-e63b7ae874b05fb05048729a234f46ee3758b8bc.tar.bz2 openbsd-e63b7ae874b05fb05048729a234f46ee3758b8bc.zip

diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 20acb43ccf..cd939decbf 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.c,v 1.36 2019/01/24 02:56:41 beck Exp $ */	1	/* $OpenBSD: ssl_tlsext.c,v 1.37 2019/01/28 15:44:33 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1333,14 +1333,10 @@ tlsext_keyshare_server_parse(SSL s, CBS cbs, int *alert)
1333	int	1333	int
1334	tlsext_keyshare_server_needs(SSL *s)	1334	tlsext_keyshare_server_needs(SSL *s)
1335	{	1335	{
1336	size_t idx;
1337
1338	if (SSL_IS_DTLS(s) \|\| s->version < TLS1_3_VERSION)	1336	if (SSL_IS_DTLS(s) \|\| s->version < TLS1_3_VERSION)
1339	return 0;	1337	return 0;
1340	if (tls_extension_find(TLSEXT_TYPE_key_share, &idx) == NULL)	1338
1341	return 0;	1339	return tlsext_extension_seen(s, TLSEXT_TYPE_key_share);
1342	/* XXX move seen check to a function */
1343	return ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0);
1344	}	1340	}
1345		1341
1346	int	1342	int
@@ -1879,6 +1875,16 @@ tls_extension_find(uint16_t type, size_t *tls_extensions_idx)
1879	return NULL;	1875	return NULL;
1880	}	1876	}
1881		1877
		1878	int
		1879	tlsext_extension_seen(SSL *s, uint16_t type)
		1880	{
		1881	size_t idx;
		1882
		1883	if (tls_extension_find(type, &idx) == NULL)
		1884	return 0;
		1885	return ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0);
		1886	}
		1887
1882	static struct tls_extension_funcs *	1888	static struct tls_extension_funcs *
1883	tlsext_funcs(struct tls_extension *tlsext, int is_server)	1889	tlsext_funcs(struct tls_extension *tlsext, int is_server)
1884	{	1890	{
@@ -1988,7 +1994,6 @@ tlsext_parse(SSL s, CBS cbs, int *alert, int is_server, uint16_t msg_type)
1988	}	1994	}
1989		1995
1990	/* Check for duplicate known extensions. */	1996	/* Check for duplicate known extensions. */
1991	/* XXX move seen check to a function */
1992	if ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0)	1997	if ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0)
1993	return 0;	1998	return 0;
1994	S3I(s)->hs.extensions_seen \|= (1 << idx);	1999	S3I(s)->hs.extensions_seen \|= (1 << idx);


diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h index 2f90a03ee9..2121ef662a 100644 --- a/src/lib/libssl/ssl_tlsext.h +++ b/src/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.h,v 1.20 2019/01/24 02:56:41 beck Exp $ */	1	/* $OpenBSD: ssl_tlsext.h,v 1.21 2019/01/28 15:44:33 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -124,6 +124,7 @@ int tlsext_server_build(SSL s, CBB cbb, uint16_t msg_type);
124	int tlsext_server_parse(SSL s, CBS cbs, int *alert, uint16_t msg_type);	124	int tlsext_server_parse(SSL s, CBS cbs, int *alert, uint16_t msg_type);
125		125
126	struct tls_extension tls_extension_find(uint16_t, size_t );	126	struct tls_extension tls_extension_find(uint16_t, size_t );
		127	int tlsext_extension_seen(SSL *s, uint16_t);
127	__END_HIDDEN_DECLS	128	__END_HIDDEN_DECLS
128		129
129	#endif	130	#endif