From 031ce3c500acebeeff9494be742710ba1edf32b8 Mon Sep 17 00:00:00 2001 From: beck Date: Tue, 26 Mar 2024 03:44:11 +0000 Subject: [PATCH] Add an indicator that an extension has been processed. ok jsing@ --- lib/libssl/ssl_local.h | 5 ++++- lib/libssl/ssl_tlsext.c | 16 +++++++++++++++- lib/libssl/ssl_tlsext.h | 3 ++- 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/lib/libssl/ssl_local.h b/lib/libssl/ssl_local.h index b4d093b2262..2266d5e3ce8 100644 --- a/lib/libssl/ssl_local.h +++ b/lib/libssl/ssl_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_local.h,v 1.13 2024/02/03 15:58:34 beck Exp $ */ +/* $OpenBSD: ssl_local.h,v 1.14 2024/03/26 03:44:11 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -599,6 +599,9 @@ typedef struct ssl_handshake_st { /* Extensions seen in this handshake. */ uint32_t extensions_seen; + /* Extensions processed in this handshake. */ + uint32_t extensions_processed; + /* Signature algorithms selected for use (static pointers). */ const struct ssl_sigalg *our_sigalg; const struct ssl_sigalg *peer_sigalg; diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c index 3883aa6cec8..e1506e5d602 100644 --- a/lib/libssl/ssl_tlsext.c +++ b/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.142 2024/03/26 01:21:34 beck Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.143 2024/03/26 03:44:11 beck Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -2253,6 +2253,16 @@ tlsext_extension_seen(SSL *s, uint16_t type) return ((s->s3->hs.extensions_seen & (1 << idx)) != 0); } +int +tlsext_extension_processed(SSL *s, uint16_t type) +{ + size_t idx; + + if (tls_extension_find(type, &idx) == NULL) + return 0; + return ((s->s3->hs.extensions_processed & (1 << idx)) != 0); +} + const struct tls_extension_funcs * tlsext_funcs(const struct tls_extension *tlsext, int is_server) { @@ -2490,6 +2500,8 @@ tlsext_process(SSL *s, struct tlsext_data *td, int is_server, uint16_t msg_type, alert_desc = SSL_AD_DECODE_ERROR; + s->s3->hs.extensions_processed = 0; + /* Run processing for present TLS extensions, in a defined order. */ for (idx = 0; idx < N_TLS_EXTENSIONS; idx++) { tlsext = &tls_extensions[idx]; @@ -2503,6 +2515,8 @@ tlsext_process(SSL *s, struct tlsext_data *td, int is_server, uint16_t msg_type, if (CBS_len(&td->extensions[idx]) != 0) goto err; + + s->s3->hs.extensions_processed |= (1 << idx); } return 1; diff --git a/lib/libssl/ssl_tlsext.h b/lib/libssl/ssl_tlsext.h index da14f7fa94b..4fd2ec05a0a 100644 --- a/lib/libssl/ssl_tlsext.h +++ b/lib/libssl/ssl_tlsext.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.h,v 1.33 2023/04/23 18:51:53 tb Exp $ */ +/* $OpenBSD: ssl_tlsext.h,v 1.34 2024/03/26 03:44:11 beck Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -41,6 +41,7 @@ int tlsext_server_build(SSL *s, uint16_t msg_type, CBB *cbb); int tlsext_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); int tlsext_extension_seen(SSL *s, uint16_t); +int tlsext_extension_processed(SSL *s, uint16_t); int tlsext_randomize_build_order(SSL *s); __END_HIDDEN_DECLS -- 2.20.1