diff options
| author | tb <> | 2021-04-22 18:27:53 +0000 |
|---|---|---|
| committer | tb <> | 2021-04-22 18:27:53 +0000 |
| commit | e80166f7e03bb39682e2531b38a9a756170890e4 (patch) | |
| tree | e2d5b95dda83b3ae232ba03b900ca0d12f56a9ad /src/lib | |
| parent | 495d50d5e2181dc8a32391623733cdaaf4e09f45 (diff) | |
| download | openbsd-e80166f7e03bb39682e2531b38a9a756170890e4.tar.gz openbsd-e80166f7e03bb39682e2531b38a9a756170890e4.tar.bz2 openbsd-e80166f7e03bb39682e2531b38a9a756170890e4.zip | |
Only hash known CH extensions
RFC 4.1.2 specifies the ways in which the extensions in the first and
the second ClientHello may differ. It basically says that extensions
not known to a server must not change. This in turn makes it impossible
to introduce new extensions that do change. It makes little sense to
enforce that extensions we don't know and care about aren't modified,
so make the hashing more lenient and restrict it to the extensions we
do care about. Arguably, enforcing no change in an unknown extension
is incompatible with the requirement that it be ignored.
ok bcook jsing
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libssl/ssl_tlsext.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 797eb84001..0ed53f7ab2 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_tlsext.c,v 1.89 2021/03/29 16:46:09 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_tlsext.c,v 1.90 2021/04/22 18:27:53 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -2105,6 +2105,10 @@ tlsext_parse(SSL *s, int is_server, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 2105 | CBS_len(&extension_data), | 2105 | CBS_len(&extension_data), |
| 2106 | s->internal->tlsext_debug_arg); | 2106 | s->internal->tlsext_debug_arg); |
| 2107 | 2107 | ||
| 2108 | /* Unknown extensions are ignored. */ | ||
| 2109 | if ((tlsext = tls_extension_find(type, &idx)) == NULL) | ||
| 2110 | continue; | ||
| 2111 | |||
| 2108 | if (tls_version >= TLS1_3_VERSION && is_server && | 2112 | if (tls_version >= TLS1_3_VERSION && is_server && |
| 2109 | msg_type == SSL_TLSEXT_MSG_CH) { | 2113 | msg_type == SSL_TLSEXT_MSG_CH) { |
| 2110 | if (!tlsext_clienthello_hash_extension(s, type, | 2114 | if (!tlsext_clienthello_hash_extension(s, type, |
| @@ -2112,10 +2116,6 @@ tlsext_parse(SSL *s, int is_server, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 2112 | goto err; | 2116 | goto err; |
| 2113 | } | 2117 | } |
| 2114 | 2118 | ||
| 2115 | /* Unknown extensions are ignored. */ | ||
| 2116 | if ((tlsext = tls_extension_find(type, &idx)) == NULL) | ||
| 2117 | continue; | ||
| 2118 | |||
| 2119 | /* RFC 8446 Section 4.2 */ | 2119 | /* RFC 8446 Section 4.2 */ |
| 2120 | if (tls_version >= TLS1_3_VERSION && | 2120 | if (tls_version >= TLS1_3_VERSION && |
| 2121 | !(tlsext->messages & msg_type)) { | 2121 | !(tlsext->messages & msg_type)) { |