[openssl-commits] [openssl] master update

Thu Sep 7 14:55:35 UTC 2017

The branch master has been updated
       via  1c259bb51824a2e3da990c76dd49e5dcaed334ea (commit)
      from  d3c3dfc5778ab2cca0d25c5959c8b814a334addb (commit)


- Log -----------------------------------------------------------------
commit 1c259bb51824a2e3da990c76dd49e5dcaed334ea
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Wed Aug 30 14:57:27 2017 -0500

    Restore historical behavior for absent ServerHello extensions
    
    In OpenSSL 1.1.0, when there were no extensions added to the ServerHello,
    we did not write the extension data length bytes to the end of the
    ServerHello; this is needed for compatibility with old client implementations
    that do not support TLS extensions (such as the default configuration of
    OpenSSL 0.9.8).  When ServerHello extension construction was converted
    to the new extensions framework in commit
    7da160b0f46d832dbf285cb0b48ae56d4a8b884d, this behavior was inadvertently
    limited to cases when SSLv3 was negotiated (and similarly for ClientHellos),
    presumably since extensions are not defined at all for SSLv3.  However,
    extensions for TLS prior to TLS 1.3 have been defined in separate
    RFCs (6066, 4366, and 3546) from the TLS protocol specifications, and as such
    should be considered an optional protocol feature in those cases.
    
    Accordingly, be conservative in what we send, and skip the extensions block
    when there are no extensions to be sent, regardless of the TLS/SSL version.
    (TLS 1.3 requires extensions and can safely be treated differently.)
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/4296)

-----------------------------------------------------------------------

Summary of changes:
 ssl/statem/extensions.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index b8ab5c8..61203ed 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -703,11 +703,11 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
     if (!WPACKET_start_sub_packet_u16(pkt)
                /*
                 * If extensions are of zero length then we don't even add the
-                * extensions length bytes to a ClientHello/ServerHello in SSLv3
+                * extensions length bytes to a ClientHello/ServerHello
+                * (for non-TLSv1.3).
                 */
             || ((context &
                  (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0
-                && s->version == SSL3_VERSION
                 && !WPACKET_set_flags(pkt,
                                      WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH))) {
         SSLerr(SSL_F_TLS_CONSTRUCT_EXTENSIONS, ERR_R_INTERNAL_ERROR);
