diff options
| author |   beck <beck@openbsd.org> | 2019-01-28 15:44:33 +0000 |
|---|---|---|
| committer | beck <beck@openbsd.org> | 2019-01-28 15:44:33 +0000 |
| commit | 67d861326461a450a4962346a16a953e511e8e4b (patch) | |
| tree | e0fce439077273c0976fcc927ed3b86e888db9d3 | |
| parent | saying the apm driver provides a user interface to the apm driver is not (diff) | |
| download | wireguard-openbsd-67d861326461a450a4962346a16a953e511e8e4b.tar.xz wireguard-openbsd-67d861326461a450a4962346a16a953e511e8e4b.zip | |
Add tls_extension_seen(), a utility to know if a particular extension
has been seen in the handshake so far. Use it for keyshare.
ok tb@
| -rw-r--r-- | lib/libssl/ssl_tlsext.c | 21 | ||||
| -rw-r--r-- | lib/libssl/ssl_tlsext.h | 3 |
2 files changed, 15 insertions, 9 deletions
diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c index 20acb43ccf6..cd939decbfb 100644 --- a/lib/libssl/ssl_tlsext.c +++ b/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.36 2019/01/24 02:56:41 beck Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.37 2019/01/28 15:44:33 beck Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> @@ -1333,14 +1333,10 @@ tlsext_keyshare_server_parse(SSL *s, CBS *cbs, int *alert) int tlsext_keyshare_server_needs(SSL *s) { - size_t idx; - if (SSL_IS_DTLS(s) || s->version < TLS1_3_VERSION) return 0; - if (tls_extension_find(TLSEXT_TYPE_key_share, &idx) == NULL) - return 0; - /* XXX move seen check to a function */ - return ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0); + + return tlsext_extension_seen(s, TLSEXT_TYPE_key_share); } int @@ -1879,6 +1875,16 @@ tls_extension_find(uint16_t type, size_t *tls_extensions_idx) return NULL; } +int +tlsext_extension_seen(SSL *s, uint16_t type) +{ + size_t idx; + + if (tls_extension_find(type, &idx) == NULL) + return 0; + return ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0); +} + static struct tls_extension_funcs * tlsext_funcs(struct tls_extension *tlsext, int is_server) { @@ -1988,7 +1994,6 @@ tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server, uint16_t msg_type) } /* Check for duplicate known extensions. */ - /* XXX move seen check to a function */ if ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0) return 0; S3I(s)->hs.extensions_seen |= (1 << idx); diff --git a/lib/libssl/ssl_tlsext.h b/lib/libssl/ssl_tlsext.h index 2f90a03ee94..2121ef662a8 100644 --- a/lib/libssl/ssl_tlsext.h +++ b/lib/libssl/ssl_tlsext.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.h,v 1.20 2019/01/24 02:56:41 beck Exp $ */ +/* $OpenBSD: ssl_tlsext.h,v 1.21 2019/01/28 15:44:33 beck Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> @@ -124,6 +124,7 @@ int tlsext_server_build(SSL *s, CBB *cbb, uint16_t msg_type); int tlsext_server_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type); struct tls_extension *tls_extension_find(uint16_t, size_t *); +int tlsext_extension_seen(SSL *s, uint16_t); __END_HIDDEN_DECLS #endif |