From: jsing Date: Mon, 25 Mar 2024 03:23:59 +0000 (+0000) Subject: Decouple TLS extension table order from tlsext_randomize_build_order() X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=2b2534fdcdeffb25edd8a1d5b7ebc30d146ba0f3;p=openbsd Decouple TLS extension table order from tlsext_randomize_build_order() The PSK extension must be the last extension in the client hello. This is currently implemented by relying on the fact that it is the last extension in the TLS extension table. Remove this dependency so that we can reorder the table as needed. ok tb@ --- diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c index 5dd4b69dc5a..7b8164352a6 100644 --- a/lib/libssl/ssl_tlsext.c +++ b/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.137 2023/04/28 18:14:59 tb Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.138 2024/03/25 03:23:59 jsing Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -2185,8 +2185,6 @@ static const struct tls_extension tls_extensions[] = { }, }, { - /* MUST be last extension in CH per RFC 8446 section 4.2. */ - .type = TLSEXT_TYPE_pre_shared_key, .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH, .client = { @@ -2250,6 +2248,7 @@ tlsext_funcs(const struct tls_extension *tlsext, int is_server) int tlsext_randomize_build_order(SSL *s) { + const struct tls_extension *psk_ext; size_t idx, new_idx, psk_idx; size_t alpn_idx = 0, sni_idx = 0; @@ -2261,9 +2260,11 @@ tlsext_randomize_build_order(SSL *s) return 0; s->tlsext_build_order_len = N_TLS_EXTENSIONS; - /* RFC 8446, section 4.2: PSK must be the last extension in the CH. */ - psk_idx = N_TLS_EXTENSIONS - 1; - s->tlsext_build_order[psk_idx] = &tls_extensions[psk_idx]; + /* RFC 8446, section 4.2 - PSK MUST be the last extension in the CH. */ + if ((psk_ext = tls_extension_find(TLSEXT_TYPE_pre_shared_key, + &psk_idx)) == NULL) + return 0; + s->tlsext_build_order[N_TLS_EXTENSIONS - 1] = psk_ext; /* Fisher-Yates shuffle with PSK fixed. */ for (idx = 0; idx < psk_idx; idx++) {