diff options
| author | Todd Short <tshort@akamai.com> | 2022-09-23 12:03:13 -0400 |
|---|---|---|
| committer | Todd Short <todd.short@me.com> | 2022-09-28 09:54:25 -0400 |
| commit | ac44deaf00ad24fd18b9d74de4a23d98a2b75c8d (patch) | |
| tree | 3c4d6dfa55ab241562a9ebfed12bd7f6ae47e518 /ssl/statem | |
| parent | a9c474dc98233ce6e64b898874e3604cc151f461 (diff) | |
| download | openssl-new-ac44deaf00ad24fd18b9d74de4a23d98a2b75c8d.tar.gz | |
Test TLS extension ordering
Adding extensions is fragile, with the TLSEXT_TYPE entry needing to be
located at TLSEXT_IDX in the array.
This adds a test to ensure extensions are in the correct order.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19269)
Diffstat (limited to 'ssl/statem')
| -rw-r--r-- | ssl/statem/extensions.c | 16 | ||||
| -rw-r--r-- | ssl/statem/statem_local.h | 5 |
2 files changed, 20 insertions, 1 deletions
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 411cd35fb9..ebb766db05 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -103,6 +103,9 @@ typedef struct extensions_definition_st { * Definitions of all built-in extensions. NOTE: Changes in the number or order * of these extensions should be mirrored with equivalent changes to the * indexes ( TLSEXT_IDX_* ) defined in ssl_local.h. + * Extensions should be added to test/ext_internal_test.c as well, as that + * tests the ordering of the extensions. + * * Each extension has an initialiser, a client and * server side parser and a finaliser. The initialiser is called (if the * extension is relevant to the given context) even if we did not see the @@ -123,7 +126,7 @@ typedef struct extensions_definition_st { * NOTE: WebSphere Application Server 7+ cannot handle empty extensions at * the end, keep these extensions before signature_algorithm. */ -#define INVALID_EXTENSION { 0x10000, 0, NULL, NULL, NULL, NULL, NULL, NULL } +#define INVALID_EXTENSION { TLSEXT_TYPE_invalid, 0, NULL, NULL, NULL, NULL, NULL, NULL } static const EXTENSION_DEFINITION ext_defs[] = { { TLSEXT_TYPE_renegotiate, @@ -390,6 +393,17 @@ static const EXTENSION_DEFINITION ext_defs[] = { } }; +/* Returns a TLSEXT_TYPE for the given index */ +unsigned int ossl_get_extension_type(size_t idx) +{ + size_t num_exts = OSSL_NELEM(ext_defs); + + if (idx >= num_exts) + return TLSEXT_TYPE_out_of_range; + + return ext_defs[idx].type; +} + /* Check whether an extension's context matches the current context */ static int validate_context(SSL_CONNECTION *s, unsigned int extctx, unsigned int thisctx) diff --git a/ssl/statem/statem_local.h b/ssl/statem/statem_local.h index be28c930b8..e5c6cfe535 100644 --- a/ssl/statem/statem_local.h +++ b/ssl/statem/statem_local.h @@ -37,6 +37,11 @@ /* Dummy message type */ #define SSL3_MT_DUMMY -1 +/* Invalid extension ID for non-supported extensions */ +#define TLSEXT_TYPE_invalid 0x10000 +#define TLSEXT_TYPE_out_of_range 0x10001 +unsigned int ossl_get_extension_type(size_t idx); + extern const unsigned char hrrrandom[]; /* Message processing return codes */ |