From 14f80842a5259cd086043cbf3a1dc243a3b29011 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Mon, 25 Mar 2024 03:23:59 +0000 Subject: Decouple TLS extension table order from tlsext_randomize_build_order() The PSK extension must be the last extension in the client hello. This is currently implemented by relying on the fact that it is the last extension in the TLS extension table. Remove this dependency so that we can reorder the table as needed. ok tb@ --- src/lib/libssl/ssl_tlsext.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 5dd4b69dc5..7b8164352a 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.137 2023/04/28 18:14:59 tb Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.138 2024/03/25 03:23:59 jsing Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -2185,8 +2185,6 @@ static const struct tls_extension tls_extensions[] = { }, }, { - /* MUST be last extension in CH per RFC 8446 section 4.2. */ - .type = TLSEXT_TYPE_pre_shared_key, .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH, .client = { @@ -2250,6 +2248,7 @@ tlsext_funcs(const struct tls_extension *tlsext, int is_server) int tlsext_randomize_build_order(SSL *s) { + const struct tls_extension *psk_ext; size_t idx, new_idx, psk_idx; size_t alpn_idx = 0, sni_idx = 0; @@ -2261,9 +2260,11 @@ tlsext_randomize_build_order(SSL *s) return 0; s->tlsext_build_order_len = N_TLS_EXTENSIONS; - /* RFC 8446, section 4.2: PSK must be the last extension in the CH. */ - psk_idx = N_TLS_EXTENSIONS - 1; - s->tlsext_build_order[psk_idx] = &tls_extensions[psk_idx]; + /* RFC 8446, section 4.2 - PSK MUST be the last extension in the CH. */ + if ((psk_ext = tls_extension_find(TLSEXT_TYPE_pre_shared_key, + &psk_idx)) == NULL) + return 0; + s->tlsext_build_order[N_TLS_EXTENSIONS - 1] = psk_ext; /* Fisher-Yates shuffle with PSK fixed. */ for (idx = 0; idx < psk_idx; idx++) { -- cgit v1.2.3-55-g6feb