diff options
| author | jsing <> | 2021-10-23 14:40:54 +0000 |
|---|---|---|
| committer | jsing <> | 2021-10-23 14:40:54 +0000 |
| commit | 48d78838532f827ee48f8f73f24be6e77d4bbf0f (patch) | |
| tree | ce6df35f3dc86483e4bf5fb3d4d1a4ada8d56b08 /src/lib/libssl/tls13_client.c | |
| parent | 29938589622ccf645f7dc926feb10e611775c666 (diff) | |
| download | openbsd-48d78838532f827ee48f8f73f24be6e77d4bbf0f.tar.gz openbsd-48d78838532f827ee48f8f73f24be6e77d4bbf0f.tar.bz2 openbsd-48d78838532f827ee48f8f73f24be6e77d4bbf0f.zip | |
Provide a way to determine our maximum legacy version.
With the introduction of TLSv1.3, we need the ability to determine our
maximum legacy version and to track our peer's maximum legacy version.
This is needed for both the TLS record layer when using TLSv1.3, plus
it is needed for RSA key exhange in TLS prior to TLSv1.3, where the
maximum legacy version is incorporated in the pre-master secret to
avoid downgrade attacks.
This unbreaks RSA KEX for the TLS client when the non-version specific
method is used with TLSv1.0 or TLSv1.1 (clearly no one does this).
ok tb@
Diffstat (limited to 'src/lib/libssl/tls13_client.c')
| -rw-r--r-- | src/lib/libssl/tls13_client.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 62c5174490..00a1c6baa4 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_client.c,v 1.86 2021/06/29 19:20:39 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_client.c,v 1.87 2021/10/23 14:40:54 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -36,7 +36,7 @@ tls13_client_init(struct tls13_ctx *ctx) | |||
| 36 | SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); | 36 | SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); |
| 37 | return 0; | 37 | return 0; |
| 38 | } | 38 | } |
| 39 | s->client_version = s->version = ctx->hs->our_max_tls_version; | 39 | s->version = ctx->hs->our_max_tls_version; |
| 40 | 40 | ||
| 41 | tls13_record_layer_set_retry_after_phh(ctx->rl, | 41 | tls13_record_layer_set_retry_after_phh(ctx->rl, |
| 42 | (s->internal->mode & SSL_MODE_AUTO_RETRY) != 0); | 42 | (s->internal->mode & SSL_MODE_AUTO_RETRY) != 0); |
| @@ -92,9 +92,8 @@ tls13_client_hello_build(struct tls13_ctx *ctx, CBB *cbb) | |||
| 92 | SSL *s = ctx->ssl; | 92 | SSL *s = ctx->ssl; |
| 93 | 93 | ||
| 94 | /* Legacy client version is capped at TLS 1.2. */ | 94 | /* Legacy client version is capped at TLS 1.2. */ |
| 95 | client_version = ctx->hs->our_max_tls_version; | 95 | if (!ssl_max_legacy_version(s, &client_version)) |
| 96 | if (client_version > TLS1_2_VERSION) | 96 | goto err; |
| 97 | client_version = TLS1_2_VERSION; | ||
| 98 | 97 | ||
| 99 | if (!CBB_add_u16(cbb, client_version)) | 98 | if (!CBB_add_u16(cbb, client_version)) |
| 100 | goto err; | 99 | goto err; |
| @@ -282,6 +281,7 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) | |||
| 282 | goto err; | 281 | goto err; |
| 283 | } | 282 | } |
| 284 | ctx->hs->negotiated_tls_version = ctx->hs->tls13.server_version; | 283 | ctx->hs->negotiated_tls_version = ctx->hs->tls13.server_version; |
| 284 | ctx->hs->peer_legacy_version = legacy_version; | ||
| 285 | 285 | ||
| 286 | /* The session_id must match. */ | 286 | /* The session_id must match. */ |
| 287 | if (!CBS_mem_equal(&session_id, ctx->hs->tls13.legacy_session_id, | 287 | if (!CBS_mem_equal(&session_id, ctx->hs->tls13.legacy_session_id, |