diff options
| author | beck <> | 2020-01-23 08:04:50 +0000 |
|---|---|---|
| committer | beck <> | 2020-01-23 08:04:50 +0000 |
| commit | 2e68d19baa1dd9f1c5e5f544dc3004683c5f618e (patch) | |
| tree | 55e8702668822f1be79903aafff9d5d337551226 | |
| parent | d0a2a4304e8bc55b8e532933c8af4982563b033b (diff) | |
| download | openbsd-2e68d19baa1dd9f1c5e5f544dc3004683c5f618e.tar.gz openbsd-2e68d19baa1dd9f1c5e5f544dc3004683c5f618e.tar.bz2 openbsd-2e68d19baa1dd9f1c5e5f544dc3004683c5f618e.zip | |
If we are building a legacy server hello, check to see if we are
downgrading from TLS 1.3. If we are, set the last 8 bytes of the
server_random value to the required values as per RFC 8446 section
4.1.3 indicating that we deliberately meant to downgrade.
ok jsing@
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 809f589653..26b24f4f22 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.68 2019/04/22 15:12:20 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.69 2020/01/23 08:04:50 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1042,6 +1042,25 @@ ssl3_get_client_hello(SSL *s) | |||
| 1042 | */ | 1042 | */ |
| 1043 | arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); | 1043 | arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); |
| 1044 | 1044 | ||
| 1045 | if (s->internal->tls13 != NULL) { | ||
| 1046 | /* | ||
| 1047 | * RFC 8446 section 4.1.3. If we are downgrading from TLS 1.3 | ||
| 1048 | * we must set the last 8 bytes of the server random to magical | ||
| 1049 | * values to indicate we meant to downgrade. | ||
| 1050 | */ | ||
| 1051 | size_t index = SSL3_RANDOM_SIZE - sizeof(tls13_downgrade_12); | ||
| 1052 | uint8_t *magic = &s->s3->server_random[index]; | ||
| 1053 | if (s->version == TLS1_2_VERSION) { | ||
| 1054 | /* Indicate we chose to downgrade to 1.2. */ | ||
| 1055 | memcpy(magic, tls13_downgrade_12, | ||
| 1056 | sizeof(tls13_downgrade_12)); | ||
| 1057 | } else { | ||
| 1058 | /* Indicate we chose to downgrade to 1.1 or lower */ | ||
| 1059 | memcpy(magic, tls13_downgrade_11, | ||
| 1060 | sizeof(tls13_downgrade_11)); | ||
| 1061 | } | ||
| 1062 | } | ||
| 1063 | |||
| 1045 | if (!s->internal->hit && s->internal->tls_session_secret_cb) { | 1064 | if (!s->internal->hit && s->internal->tls_session_secret_cb) { |
| 1046 | SSL_CIPHER *pref_cipher = NULL; | 1065 | SSL_CIPHER *pref_cipher = NULL; |
| 1047 | 1066 | ||