From 764541b0cbbef5bbe8943ea3da53ba158801937c Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sat, 9 Dec 2017 13:43:25 +0000
Subject: MFC: Correct TLS extensions handling when no extensions are present.

If no TLS extensions are present in a client hello or server hello, omit
the entire extensions block, rather than including it with a length of
zero.

ok beck@ inoguchi@

Thanks to Eric Elena <eric at voguemerry dot com> for providing packet
captures and testing the fix.
---
 src/lib/libssl/bytestring.h | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/lib/libssl/bytestring.h')

diff --git a/src/lib/libssl/bytestring.h b/src/lib/libssl/bytestring.h
index d8c8e6ada6..42d3d5d6d1 100644
--- a/src/lib/libssl/bytestring.h
+++ b/src/lib/libssl/bytestring.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bytestring.h,v 1.15 2016/11/04 18:28:58 guenther Exp $	*/
+/*	$OpenBSD: bytestring.h,v 1.15.6.1 2017/12/09 13:43:25 jsing Exp $	*/
 /*
  * Copyright (c) 2014, Google Inc.
  *
@@ -393,6 +393,12 @@ int CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len);
  */
 int CBB_flush(CBB *cbb);
 
+/*
+ * CBB_discard_child discards the current unflushed child of |cbb|. Neither the
+ * child's contents nor the length prefix will be included in the output.
+ */
+void CBB_discard_child(CBB *cbb);
+
 /*
  * CBB_add_u8_length_prefixed sets |*out_contents| to a new child of |cbb|. The
  * data written to |*out_contents| will be prefixed in |cbb| with an 8-bit
-- 
cgit v1.2.3-55-g6feb