diff options
| author | beck <> | 2024-03-26 03:44:11 +0000 |
|---|---|---|
| committer | beck <> | 2024-03-26 03:44:11 +0000 |
| commit | 2f0f60ca5f805f51622d846cb90343d577d5e328 (patch) | |
| tree | 32be705c081bf9585a5addf552dc3b683a0164ff /src | |
| parent | 04a8708bb4f7fc690e050b5d45281e1e214735ff (diff) | |
| download | openbsd-2f0f60ca5f805f51622d846cb90343d577d5e328.tar.gz openbsd-2f0f60ca5f805f51622d846cb90343d577d5e328.tar.bz2 openbsd-2f0f60ca5f805f51622d846cb90343d577d5e328.zip | |
Add an indicator that an extension has been processed.
ok jsing@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/ssl_local.h | 5 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_tlsext.c | 16 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_tlsext.h | 3 |
3 files changed, 21 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl_local.h b/src/lib/libssl/ssl_local.h index b4d093b226..2266d5e3ce 100644 --- a/src/lib/libssl/ssl_local.h +++ b/src/lib/libssl/ssl_local.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_local.h,v 1.13 2024/02/03 15:58:34 beck Exp $ */ | 1 | /* $OpenBSD: ssl_local.h,v 1.14 2024/03/26 03:44:11 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -599,6 +599,9 @@ typedef struct ssl_handshake_st { | |||
| 599 | /* Extensions seen in this handshake. */ | 599 | /* Extensions seen in this handshake. */ |
| 600 | uint32_t extensions_seen; | 600 | uint32_t extensions_seen; |
| 601 | 601 | ||
| 602 | /* Extensions processed in this handshake. */ | ||
| 603 | uint32_t extensions_processed; | ||
| 604 | |||
| 602 | /* Signature algorithms selected for use (static pointers). */ | 605 | /* Signature algorithms selected for use (static pointers). */ |
| 603 | const struct ssl_sigalg *our_sigalg; | 606 | const struct ssl_sigalg *our_sigalg; |
| 604 | const struct ssl_sigalg *peer_sigalg; | 607 | const struct ssl_sigalg *peer_sigalg; |
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 3883aa6cec..e1506e5d60 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_tlsext.c,v 1.142 2024/03/26 01:21:34 beck Exp $ */ | 1 | /* $OpenBSD: ssl_tlsext.c,v 1.143 2024/03/26 03:44:11 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -2253,6 +2253,16 @@ tlsext_extension_seen(SSL *s, uint16_t type) | |||
| 2253 | return ((s->s3->hs.extensions_seen & (1 << idx)) != 0); | 2253 | return ((s->s3->hs.extensions_seen & (1 << idx)) != 0); |
| 2254 | } | 2254 | } |
| 2255 | 2255 | ||
| 2256 | int | ||
| 2257 | tlsext_extension_processed(SSL *s, uint16_t type) | ||
| 2258 | { | ||
| 2259 | size_t idx; | ||
| 2260 | |||
| 2261 | if (tls_extension_find(type, &idx) == NULL) | ||
| 2262 | return 0; | ||
| 2263 | return ((s->s3->hs.extensions_processed & (1 << idx)) != 0); | ||
| 2264 | } | ||
| 2265 | |||
| 2256 | const struct tls_extension_funcs * | 2266 | const struct tls_extension_funcs * |
| 2257 | tlsext_funcs(const struct tls_extension *tlsext, int is_server) | 2267 | tlsext_funcs(const struct tls_extension *tlsext, int is_server) |
| 2258 | { | 2268 | { |
| @@ -2490,6 +2500,8 @@ tlsext_process(SSL *s, struct tlsext_data *td, int is_server, uint16_t msg_type, | |||
| 2490 | 2500 | ||
| 2491 | alert_desc = SSL_AD_DECODE_ERROR; | 2501 | alert_desc = SSL_AD_DECODE_ERROR; |
| 2492 | 2502 | ||
| 2503 | s->s3->hs.extensions_processed = 0; | ||
| 2504 | |||
| 2493 | /* Run processing for present TLS extensions, in a defined order. */ | 2505 | /* Run processing for present TLS extensions, in a defined order. */ |
| 2494 | for (idx = 0; idx < N_TLS_EXTENSIONS; idx++) { | 2506 | for (idx = 0; idx < N_TLS_EXTENSIONS; idx++) { |
| 2495 | tlsext = &tls_extensions[idx]; | 2507 | tlsext = &tls_extensions[idx]; |
| @@ -2503,6 +2515,8 @@ tlsext_process(SSL *s, struct tlsext_data *td, int is_server, uint16_t msg_type, | |||
| 2503 | 2515 | ||
| 2504 | if (CBS_len(&td->extensions[idx]) != 0) | 2516 | if (CBS_len(&td->extensions[idx]) != 0) |
| 2505 | goto err; | 2517 | goto err; |
| 2518 | |||
| 2519 | s->s3->hs.extensions_processed |= (1 << idx); | ||
| 2506 | } | 2520 | } |
| 2507 | 2521 | ||
| 2508 | return 1; | 2522 | return 1; |
diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h index da14f7fa94..4fd2ec05a0 100644 --- a/src/lib/libssl/ssl_tlsext.h +++ b/src/lib/libssl/ssl_tlsext.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_tlsext.h,v 1.33 2023/04/23 18:51:53 tb Exp $ */ | 1 | /* $OpenBSD: ssl_tlsext.h,v 1.34 2024/03/26 03:44:11 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -41,6 +41,7 @@ int tlsext_server_build(SSL *s, uint16_t msg_type, CBB *cbb); | |||
| 41 | int tlsext_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); | 41 | int tlsext_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); |
| 42 | 42 | ||
| 43 | int tlsext_extension_seen(SSL *s, uint16_t); | 43 | int tlsext_extension_seen(SSL *s, uint16_t); |
| 44 | int tlsext_extension_processed(SSL *s, uint16_t); | ||
| 44 | int tlsext_randomize_build_order(SSL *s); | 45 | int tlsext_randomize_build_order(SSL *s); |
| 45 | 46 | ||
| 46 | __END_HIDDEN_DECLS | 47 | __END_HIDDEN_DECLS |