diff options
| author |   jsing <jsing@openbsd.org> | 2017-11-28 16:46:14 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2017-11-28 16:46:14 +0000 |
| commit | d10a75c6ebdde4304e68a9cbd73f037b3fb0d8fb (patch) | |
| tree | 6ece843cd05110f5fdf3ea044b922bca67458101 /lib | |
| parent | Add regress test coverage for building clienthello and serverhello (diff) | |
| download | wireguard-openbsd-d10a75c6ebdde4304e68a9cbd73f037b3fb0d8fb.tar.xz wireguard-openbsd-d10a75c6ebdde4304e68a9cbd73f037b3fb0d8fb.zip | |
Correct TLS extensions handling when no extensions are present.
If no TLS extensions are present in a client hello or server hello, omit
the entire extensions block, rather than including it with a length of
zero.
ok beck@ inoguchi@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/ssl_tlsext.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c index 835c4134784..d43ebc67756 100644 --- a/lib/libssl/ssl_tlsext.c +++ b/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.17 2017/09/25 18:02:27 jsing Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.18 2017/11/28 16:46:14 jsing Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> @@ -1296,6 +1296,7 @@ tlsext_clienthello_build(SSL *s, CBB *cbb) { CBB extensions, extension_data; struct tls_extension *tlsext; + int extensions_present = 0; size_t i; if (!CBB_add_u16_length_prefixed(cbb, &extensions)) @@ -1313,8 +1314,13 @@ tlsext_clienthello_build(SSL *s, CBB *cbb) return 0; if (!tls_extensions[i].clienthello_build(s, &extension_data)) return 0; + + extensions_present = 1; } + if (!extensions_present) + CBB_discard_child(cbb); + if (!CBB_flush(cbb)) return 0; @@ -1351,6 +1357,7 @@ tlsext_serverhello_build(SSL *s, CBB *cbb) { CBB extensions, extension_data; struct tls_extension *tlsext; + int extensions_present = 0; size_t i; if (!CBB_add_u16_length_prefixed(cbb, &extensions)) @@ -1368,8 +1375,13 @@ tlsext_serverhello_build(SSL *s, CBB *cbb) return 0; if (!tlsext->serverhello_build(s, &extension_data)) return 0; + + extensions_present = 1; } + if (!extensions_present) + CBB_discard_child(cbb); + if (!CBB_flush(cbb)) return 0; |