From: Matt Caswell Date: Fri, 10 Mar 2017 13:53:53 +0000 (+0000) Subject: Check that the PSK extension is last X-Git-Tag: OpenSSL_1_1_1-pre1~2080 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=652a6b7ee1be26c1a5205a494b0245d41dc34e26;p=oweals%2Fopenssl.git Check that the PSK extension is last We need to check that the PSK extension in a ClientHello is the last one. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2896) --- diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index fab9bcb3d4..ffacd41cf9 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -447,10 +447,14 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, } /* * Verify this extension is allowed. We only check duplicates for - * extensions that we recognise. + * extensions that we recognise. We also have a special case for the + * PSK extension, which must be the last one in the ClientHello. */ if (!verify_extension(s, context, type, exts, raw_extensions, &thisex) - || (thisex != NULL && thisex->present == 1)) { + || (thisex != NULL && thisex->present == 1) + || (type == TLSEXT_TYPE_psk + && (context & EXT_CLIENT_HELLO) != 0 + && PACKET_remaining(&extensions) != 0)) { SSLerr(SSL_F_TLS_COLLECT_EXTENSIONS, SSL_R_BAD_EXTENSION); *al = SSL_AD_ILLEGAL_PARAMETER; goto err;