From 0785274ca53bbc20774186df6081dc75258db9bb Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Wed, 28 Dec 2016 17:30:51 +0000
Subject: Fix extension for various no- options

Previously we were omitting the extension information from ext_defs if
the association no- option was defined. This doesn't work because the
indexes into the table are no longer valid.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)
---
 ssl/statem/extensions.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'ssl')

diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index f6b0589ffe..2bb09c9507 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -92,6 +92,7 @@ typedef struct extensions_definition_st {
  *
  * TODO(TLS1.3): Make sure we have a test to check the consistency of these
  */
+#define INVALID_EXTENSION { 0x10000, 0, NULL, NULL, NULL, NULL, NULL, NULL }
 static const EXTENSION_DEFINITION ext_defs[] = {
     {
         TLSEXT_TYPE_renegotiate,
@@ -116,6 +117,8 @@ static const EXTENSION_DEFINITION ext_defs[] = {
         EXT_CLIENT_HELLO | EXT_TLS1_2_AND_BELOW_ONLY,
         init_srp, tls_parse_ctos_srp, NULL, NULL, tls_construct_ctos_srp, NULL
     },
+#else
+    INVALID_EXTENSION,
 #endif
 #ifndef OPENSSL_NO_EC
     {
@@ -132,6 +135,9 @@ static const EXTENSION_DEFINITION ext_defs[] = {
         NULL /* TODO(TLS1.3): Need to add this */,
         tls_construct_ctos_supported_groups, NULL
     },
+#else
+    INVALID_EXTENSION,
+    INVALID_EXTENSION,
 #endif
     {
         TLSEXT_TYPE_session_ticket,
@@ -155,6 +161,8 @@ static const EXTENSION_DEFINITION ext_defs[] = {
         tls_parse_stoc_status_request, tls_construct_stoc_status_request,
         tls_construct_ctos_status_request, final_status_request
     },
+#else
+    INVALID_EXTENSION,
 #endif
 #ifndef OPENSSL_NO_NEXTPROTONEG
     {
@@ -163,6 +171,8 @@ static const EXTENSION_DEFINITION ext_defs[] = {
         init_npn, tls_parse_ctos_npn, tls_parse_stoc_npn,
         tls_construct_stoc_next_proto_neg, tls_construct_ctos_npn, NULL
     },
+#else
+    INVALID_EXTENSION,
 #endif
     {
         /*
@@ -183,6 +193,8 @@ static const EXTENSION_DEFINITION ext_defs[] = {
         init_srtp, tls_parse_ctos_use_srtp, tls_parse_stoc_use_srtp,
         tls_construct_stoc_use_srtp, tls_construct_ctos_use_srtp, NULL
     },
+#else
+    INVALID_EXTENSION,
 #endif
     {
         TLSEXT_TYPE_encrypt_then_mac,
@@ -203,6 +215,8 @@ static const EXTENSION_DEFINITION ext_defs[] = {
          */
         NULL, tls_parse_stoc_sct, NULL, tls_construct_ctos_sct,  NULL
     },
+#else
+    INVALID_EXTENSION,
 #endif
     {
         TLSEXT_TYPE_extended_master_secret,
-- 
cgit v1.2.3