From a4c7f176fee410a20dcfe8fea6b48bee7a98620d Mon Sep 17 00:00:00 2001
From: Bob Beck <beck@cvs.openbsd.org>
Date: Thu, 24 Jan 2019 01:50:42 +0000
Subject: move the extensions_seen into the handshake struct ok jsing@

---
 lib/libssl/s3_lib.c     | 4 +++-
 lib/libssl/ssl_locl.h   | 5 ++++-
 lib/libssl/ssl_tlsext.c | 9 +++++----
 3 files changed, 12 insertions(+), 6 deletions(-)

(limited to 'lib')

diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 496bf7394c4..36142f04152 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.180 2019/01/23 18:24:40 beck Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.181 2019/01/24 01:50:41 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1606,6 +1606,8 @@ ssl3_clear(SSL *s)
 	freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH);
 	freezero(S3I(s)->hs_tls13.x25519_peer_public, X25519_KEY_LENGTH);
 
+	S3I(s)->hs.extensions_seen = 0;
+
 	rp = S3I(s)->rbuf.buf;
 	wp = S3I(s)->wbuf.buf;
 	rlen = S3I(s)->rbuf.len;
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index 8447484ec7a..5d560f59351 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.231 2019/01/23 18:39:28 beck Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.232 2019/01/24 01:50:41 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -429,6 +429,9 @@ typedef struct ssl_handshake_st {
 	/* key_block is the record-layer key block for TLS 1.2 and earlier. */
 	int key_block_len;
 	unsigned char *key_block;
+
+	/* Extensions seen in this handshake. */
+	uint32_t extensions_seen;
 } SSL_HANDSHAKE;
 
 typedef struct ssl_handshake_tls13_st {
diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c
index 2214a61ed3d..35c764f646e 100644
--- a/lib/libssl/ssl_tlsext.c
+++ b/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.34 2019/01/23 18:39:28 beck Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.35 2019/01/24 01:50:41 beck Exp $ */
 /*
  * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1675,11 +1675,12 @@ tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server, uint16_t msg_type)
 	struct tls_extension_funcs *ext;
 	struct tls_extension *tlsext;
 	CBS extensions, extension_data;
-	uint32_t extensions_seen = 0;
 	uint16_t type;
 	size_t idx;
 	uint16_t version;
 
+	S3I(s)->hs.extensions_seen = 0;
+
 	if (is_server)
 		version = s->version;
 	else
@@ -1718,9 +1719,9 @@ tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server, uint16_t msg_type)
 		}
 
 		/* Check for duplicate known extensions. */
-		if ((extensions_seen & (1 << idx)) != 0)
+		if ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0)
 			return 0;
-		extensions_seen |= (1 << idx);
+		S3I(s)->hs.extensions_seen |= (1 << idx);
 
 		ext = tlsext_funcs(tlsext, is_server);
 		if (!ext->parse(s, &extension_data, alert))
-- 
cgit v1.2.3