Add checking int the client to check the magic values which are

set by a 1.3 server when it downgrades to tls 1.2 or 1.1 as per RFC 8446 section 4.1.3 ok jsing@
author: beck <> 2020-01-23 07:30:55 +0000
committer: beck <> 2020-01-23 07:30:55 +0000
commit: ed73867a7fdf492c1302a217efba8999ce377f73 (patch)
tree: 3c6241065cc972e1b55e086b389921e9aa5eb52d /src/lib/libssl/tls13_client.c
parent: 0695f4268a1370f797c63f74b412ac9ec6b59664 (diff)
download: openbsd-ed73867a7fdf492c1302a217efba8999ce377f73.tar.gz
openbsd-ed73867a7fdf492c1302a217efba8999ce377f73.tar.bz2
openbsd-ed73867a7fdf492c1302a217efba8999ce377f73.zip
1 files changed, 17 insertions, 1 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index cab113b8c3..477cca2e04 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.30 2020/01/23 06:15:44 beck Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.31 2020/01/23 07:30:55 beck Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -285,6 +285,22 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)
                goto err;
        if (tls13_server_hello_is_legacy(cbs)) {
+                /*
+                 * RFC 8446 section 4.1.3, We must not downgrade if
+                 * the server random value contains the TLS 1.2 or 1.1
+                 * magical value.
+                 */
+                if (!CBS_skip(&server_random, CBS_len(&server_random) -
+                    sizeof(tls13_downgrade_12)))
+                        goto err;
+                if (CBS_mem_equal(&server_random, tls13_downgrade_12,
+                    sizeof(tls13_downgrade_12)) ||
+                    CBS_mem_equal(&server_random, tls13_downgrade_11,
+                    sizeof(tls13_downgrade_11))) {
+                        ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
+                        goto err;
+                }
                if (!CBS_skip(cbs, CBS_len(cbs)))
                        goto err;
                return tls13_use_legacy_client(ctx);
author	beck <>	2020-01-23 07:30:55 +0000
committer	beck <>	2020-01-23 07:30:55 +0000
commit	ed73867a7fdf492c1302a217efba8999ce377f73 (patch)
tree	3c6241065cc972e1b55e086b389921e9aa5eb52d /src/lib/libssl/tls13_client.c
parent	0695f4268a1370f797c63f74b412ac9ec6b59664 (diff)
download	openbsd-ed73867a7fdf492c1302a217efba8999ce377f73.tar.gz openbsd-ed73867a7fdf492c1302a217efba8999ce377f73.tar.bz2 openbsd-ed73867a7fdf492c1302a217efba8999ce377f73.zip

diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index cab113b8c3..477cca2e04 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_client.c,v 1.30 2020/01/23 06:15:44 beck Exp $ */	1	/* $OpenBSD: tls13_client.c,v 1.31 2020/01/23 07:30:55 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -285,6 +285,22 @@ tls13_server_hello_process(struct tls13_ctx ctx, CBS cbs)
285	goto err;	285	goto err;
286		286
287	if (tls13_server_hello_is_legacy(cbs)) {	287	if (tls13_server_hello_is_legacy(cbs)) {
		288	/*
		289	* RFC 8446 section 4.1.3, We must not downgrade if
		290	* the server random value contains the TLS 1.2 or 1.1
		291	* magical value.
		292	*/
		293	if (!CBS_skip(&server_random, CBS_len(&server_random) -
		294	sizeof(tls13_downgrade_12)))
		295	goto err;
		296	if (CBS_mem_equal(&server_random, tls13_downgrade_12,
		297	sizeof(tls13_downgrade_12)) \|\|
		298	CBS_mem_equal(&server_random, tls13_downgrade_11,
		299	sizeof(tls13_downgrade_11))) {
		300	ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
		301	goto err;
		302	}
		303
288	if (!CBS_skip(cbs, CBS_len(cbs)))	304	if (!CBS_skip(cbs, CBS_len(cbs)))
289	goto err;	305	goto err;
290	return tls13_use_legacy_client(ctx);	306	return tls13_use_legacy_client(ctx);