Only perform the downgrade check if our max version is less than TLSv1.3.

Issue noticed by kn@ when talking to a TLSv1.3 capable mail server, but with smtpd capping max version to TLSv1.2. ok beck@
author: jsing <> 2020-01-25 14:23:27 +0000
committer: jsing <> 2020-01-25 14:23:27 +0000
commit: 749a01f8891ca00e2929f61e3401dfe34c0035e5 (patch)
tree: fa3564bc29823da1fd3673385940f2d7f81e0f9e
parent: de21693550e907286f80eedf4165b09a8fe80e67 (diff)
download: openbsd-749a01f8891ca00e2929f61e3401dfe34c0035e5.tar.gz
openbsd-749a01f8891ca00e2929f61e3401dfe34c0035e5.tar.bz2
openbsd-749a01f8891ca00e2929f61e3401dfe34c0035e5.zip
1 files changed, 17 insertions, 15 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 737a1015a5..fb21b54621 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.33 2020/01/25 09:20:56 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.34 2020/01/25 14:23:27 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -288,20 +288,22 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)
                goto err;
        if (tls13_server_hello_is_legacy(cbs)) {
-                /*
+                if (ctx->hs->max_version >= TLS1_3_VERSION) {
-                 * RFC 8446 section 4.1.3, We must not downgrade if
+                        /*
-                 * the server random value contains the TLS 1.2 or 1.1
+                         * RFC 8446 section 4.1.3, We must not downgrade if
-                 * magical value.
+                         * the server random value contains the TLS 1.2 or 1.1
-                 */
+                         * magical value.
-                if (!CBS_skip(&server_random, CBS_len(&server_random) -
+                         */
-                    sizeof(tls13_downgrade_12)))
+                        if (!CBS_skip(&server_random, CBS_len(&server_random) -
-                        goto err;
+                            sizeof(tls13_downgrade_12)))
-                if (CBS_mem_equal(&server_random, tls13_downgrade_12,
+                                goto err;
-                    sizeof(tls13_downgrade_12)) ||
+                        if (CBS_mem_equal(&server_random, tls13_downgrade_12,
-                    CBS_mem_equal(&server_random, tls13_downgrade_11,
+                            sizeof(tls13_downgrade_12)) ||
-                    sizeof(tls13_downgrade_11))) {
+                            CBS_mem_equal(&server_random, tls13_downgrade_11,
-                        ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
+                            sizeof(tls13_downgrade_11))) {
-                        goto err;
+                                ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
+                                goto err;
+                        }
                }
                if (!CBS_skip(cbs, CBS_len(cbs)))
author	jsing <>	2020-01-25 14:23:27 +0000
committer	jsing <>	2020-01-25 14:23:27 +0000
commit	749a01f8891ca00e2929f61e3401dfe34c0035e5 (patch)
tree	fa3564bc29823da1fd3673385940f2d7f81e0f9e
parent	de21693550e907286f80eedf4165b09a8fe80e67 (diff)
download	openbsd-749a01f8891ca00e2929f61e3401dfe34c0035e5.tar.gz openbsd-749a01f8891ca00e2929f61e3401dfe34c0035e5.tar.bz2 openbsd-749a01f8891ca00e2929f61e3401dfe34c0035e5.zip

diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 737a1015a5..fb21b54621 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_client.c,v 1.33 2020/01/25 09:20:56 jsing Exp $ */	1	/* $OpenBSD: tls13_client.c,v 1.34 2020/01/25 14:23:27 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -288,20 +288,22 @@ tls13_server_hello_process(struct tls13_ctx ctx, CBS cbs)
288	goto err;	288	goto err;
289		289
290	if (tls13_server_hello_is_legacy(cbs)) {	290	if (tls13_server_hello_is_legacy(cbs)) {
291	/*	291	if (ctx->hs->max_version >= TLS1_3_VERSION) {
292	* RFC 8446 section 4.1.3, We must not downgrade if	292	/*
293	* the server random value contains the TLS 1.2 or 1.1	293	* RFC 8446 section 4.1.3, We must not downgrade if
294	* magical value.	294	* the server random value contains the TLS 1.2 or 1.1
295	*/	295	* magical value.
296	if (!CBS_skip(&server_random, CBS_len(&server_random) -	296	*/
297	sizeof(tls13_downgrade_12)))	297	if (!CBS_skip(&server_random, CBS_len(&server_random) -
298	goto err;	298	sizeof(tls13_downgrade_12)))
299	if (CBS_mem_equal(&server_random, tls13_downgrade_12,	299	goto err;
300	sizeof(tls13_downgrade_12)) \|\|	300	if (CBS_mem_equal(&server_random, tls13_downgrade_12,
301	CBS_mem_equal(&server_random, tls13_downgrade_11,	301	sizeof(tls13_downgrade_12)) \|\|
302	sizeof(tls13_downgrade_11))) {	302	CBS_mem_equal(&server_random, tls13_downgrade_11,
303	ctx->alert = SSL_AD_ILLEGAL_PARAMETER;	303	sizeof(tls13_downgrade_11))) {
304	goto err;	304	ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
		305	goto err;
		306	}
305	}	307	}
306		308
307	if (!CBS_skip(cbs, CBS_len(cbs)))	309	if (!CBS_skip(cbs, CBS_len(cbs)))