[openssl.org #3480] TLSEXT_TYPE_application_layer_protocol_negotiation

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[openssl.org #3480] TLSEXT_TYPE_application_layer_protocol_negotiation

Rich Salz via RT
TLSEXT_TYPE_application_layer_protocol_negotiation was defined in
RFC7301 for which the IANA assigned #16

A non-IANA definition of TLSEXT_TYPE_next_proto_neg = 13172 is used.

The openssl tls code for #ifndef OPENSSL_NO_NEXTPROTONEG all used the
non-iana definition.

This patch corrects openssl to use tje IANA defined
TLSEXT_TYPE_application_layer_protocol_negotiation (16) but keeps
TLSEXT_TYPE_next_proto_neg for those trying to debug the confusion created.


diff --git a/apps/s_cb.c b/apps/s_cb.c
index cf34e00..4f7ff76 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1017,10 +1017,13 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
  extname = "opaque PRF input";
  break;
 #endif
-#ifdef TLSEXT_TYPE_next_proto_neg
- case TLSEXT_TYPE_next_proto_neg:
+#ifndef OPENSSL_NO_NEXTPROTONEG
+ case TLSEXT_TYPE_application_layer_protocol_negotiation:
  extname = "next protocol";
  break;
+ case TLSEXT_TYPE_next_proto_neg:
+ extname = "next protocol OLD NOT IANA";
+ break;
 #endif
 #ifdef TLSEXT_TYPE_encrypt_then_mac
  case TLSEXT_TYPE_encrypt_then_mac:
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 4374d6a..3c52024 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1434,11 +1434,11 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
 #ifndef OPENSSL_NO_NEXTPROTONEG
  if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len)
  {
- /* The client advertises an emtpy extension to indicate its
+ /* The client advertises an empty extension to indicate its
  * support for Next Protocol Negotiation */
  if (limit - ret - 4 < 0)
  return NULL;
- s2n(TLSEXT_TYPE_next_proto_neg,ret);
+ s2n(TLSEXT_TYPE_application_layer_protocol_negotiation,ret);
  s2n(0,ret);
  }
 #endif
@@ -1731,7 +1731,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
  if (r == SSL_TLSEXT_ERR_OK)
  {
  if ((long)(limit - ret - 4 - npalen) < 0) return NULL;
- s2n(TLSEXT_TYPE_next_proto_neg,ret);
+ s2n(TLSEXT_TYPE_application_layer_protocol_negotiation,ret);
  s2n(npalen,ret);
  memcpy(ret, npa, npalen);
  ret += npalen;
@@ -2448,7 +2448,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
  }
 #endif
 #ifndef OPENSSL_NO_NEXTPROTONEG
- else if (type == TLSEXT_TYPE_next_proto_neg &&
+ else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation &&
  s->s3->tmp.finish_md_len == 0 &&
  s->s3->alpn_selected == NULL)
  {
@@ -2726,7 +2726,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
  s->tlsext_status_expected = 1;
  }
 #ifndef OPENSSL_NO_NEXTPROTONEG
- else if (type == TLSEXT_TYPE_next_proto_neg &&
+ else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation &&
  s->s3->tmp.finish_md_len == 0)
  {
  unsigned char *selected;
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 0799a7a..6f66ab1 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -360,12 +360,11 @@ static ssl_trace_tbl ssl_exts_tbl[] = {
  {TLSEXT_TYPE_signature_algorithms, "signature_algorithms"},
  {TLSEXT_TYPE_use_srtp, "use_srtp"},
  {TLSEXT_TYPE_heartbeat, "heartbeat"},
+ {TLSEXT_TYPE_application_layer_protocol_negotiation, "next_proto_neg"},
+ {TLSEXT_TYPE_next_proto_neg, "next_proto_neg_OLD_NOT_IANA"},
  {TLSEXT_TYPE_session_ticket, "session_ticket"},
-#ifdef TLSEXT_TYPE_opaque_prf_input
  {TLSEXT_TYPE_opaque_prf_input, "opaque_prf_input"},
-#endif
  {TLSEXT_TYPE_renegotiate, "renegotiate"},
- {TLSEXT_TYPE_next_proto_neg, "next_proto_neg"},
  {TLSEXT_TYPE_padding, "padding"}
 };
 
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 3499584..24e3322 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -233,8 +233,13 @@ extern "C" {
 /* ExtensionType value from RFC5620 */
 #define TLSEXT_TYPE_heartbeat 15
 
-/* ExtensionType value from draft-ietf-tls-applayerprotoneg-00 */
+#ifndef OPENSSL_NO_NEXTPROTONEG
+/* ExtensionType value from RFC7301 */
 #define TLSEXT_TYPE_application_layer_protocol_negotiation 16
+/* This is not an IANA defined extension number */
+#define TLSEXT_TYPE_next_proto_neg 13172
+#endif
+
 
 /* ExtensionType value for TLS padding extension.
  * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
@@ -259,11 +264,6 @@ extern "C" {
 /* Temporary extension type */
 #define TLSEXT_TYPE_renegotiate                 0xff01
 
-#ifndef OPENSSL_NO_NEXTPROTONEG
-/* This is not an IANA defined extension number */
-#define TLSEXT_TYPE_next_proto_neg 13172
-#endif
-
 /* NameType value from RFC 3546 */
 #define TLSEXT_NAMETYPE_host_name 0
 /* status request value from RFC 3546 */