Correctly handle TLSv1.3 ciphers suites in ssl3_choose_cipher().

Currently, TLSv1.3 cipher suites are filtered out by the fact that they have authentication and key exchange algorithms that are not being set in ssl_set_cert_masks(). Fix this so that ssl3_choose_cipher() works for TLSv1.3, however we also now need to ensure that we filter out TLSv1.3 for non-TLSv1.3 and only select TLSv1.3 for TLSv1.3. ok beck@ tb@
author: jsing <> 2020-01-23 10:40:59 +0000
committer: jsing <> 2020-01-23 10:40:59 +0000
commit: 3738bd24e9d4a33d52a585206262895bd6893bf4 (patch)
tree: 43dc459859c1fb1a2702abab83aea4b376e97893 /src/lib
parent: 8d4bd61260ee3ef0237ff103fbfa530c1c352552 (diff)
download: openbsd-3738bd24e9d4a33d52a585206262895bd6893bf4.tar.gz
openbsd-3738bd24e9d4a33d52a585206262895bd6893bf4.tar.bz2
openbsd-3738bd24e9d4a33d52a585206262895bd6893bf4.zip
4 files changed, 30 insertions, 5 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 9adf257ff3..252242e053 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.188 2020/01/02 06:37:13 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.189 2020/01/23 10:40:59 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2502,6 +2502,16 @@ ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                    !SSL_USE_TLS1_2_CIPHERS(s))
                        continue;
+                /* Skip TLS v1.3 only ciphersuites if not supported. */
+                if ((c->algorithm_ssl & SSL_TLSV1_3) &&
+                    !SSL_USE_TLS1_3_CIPHERS(s))
+                        continue;
+                /* If TLS v1.3, only allow TLS v1.3 ciphersuites. */
+                if (SSL_USE_TLS1_3_CIPHERS(s) &&
+                    !(c->algorithm_ssl & SSL_TLSV1_3))
+                        continue;
                ssl_set_cert_masks(cert, c);
                mask_k = cert->mask_k;
                mask_a = cert->mask_a;
@@ -2509,7 +2519,6 @@ ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                alg_k = c->algorithm_mkey;
                alg_a = c->algorithm_auth;
                ok = (alg_k & mask_k) && (alg_a & mask_a);
                /*
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 1b141b6e2c..a6bdfaa4a1 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.209 2020/01/23 03:17:40 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.210 2020/01/23 10:40:59 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2006,6 +2006,9 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
                mask_a |= SSL_aRSA;
        mask_a |= SSL_aNULL;
+        mask_a |= SSL_aTLS1_3;
+        mask_k |= SSL_kTLS1_3;
        /*
         * An ECC certificate may be usable for ECDH and/or
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 2c774a3d77..6703e8feee 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.254 2020/01/23 06:15:44 beck Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.255 2020/01/23 10:40:59 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -342,6 +342,10 @@ __BEGIN_HIDDEN_DECLS
 #define SSL_USE_TLS1_2_CIPHERS(s) \
        (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)
+/* Allow TLS 1.3 ciphersuites only. */
+#define SSL_USE_TLS1_3_CIPHERS(s) \
+        (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_3_CIPHERS)
 #define SSL_PKEY_RSA_ENC        0
 #define SSL_PKEY_RSA_SIGN       1
 #define SSL_PKEY_DH_RSA         2
@@ -1046,6 +1050,9 @@ typedef struct ssl3_enc_method {
 /* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */
 #define SSL_ENC_FLAG_TLS1_2_CIPHERS     (1 << 4)
+/* Allow TLS 1.3 ciphersuites only. */
+#define SSL_ENC_FLAG_TLS1_3_CIPHERS     (1 << 5)
 /*
 * ssl_aead_ctx_st contains information about an AEAD that is being used to
 * encrypt an SSL connection.
@@ -1094,6 +1101,7 @@ extern SSL3_ENC_METHOD DTLSv1_enc_data;
 extern SSL3_ENC_METHOD TLSv1_enc_data;
 extern SSL3_ENC_METHOD TLSv1_1_enc_data;
 extern SSL3_ENC_METHOD TLSv1_2_enc_data;
+extern SSL3_ENC_METHOD TLSv1_3_enc_data;
 void ssl_clear_cipher_state(SSL *s);
 void ssl_clear_cipher_read_state(SSL *s);
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 5d8c359014..91dd566864 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_lib.c,v 1.24 2020/01/23 07:30:55 beck Exp $ */
+/*      $OpenBSD: tls13_lib.c,v 1.25 2020/01/23 10:40:59 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -24,6 +24,11 @@
 #include "ssl_locl.h"
 #include "tls13_internal.h"
+SSL3_ENC_METHOD TLSv1_3_enc_data = {
+        .enc = NULL,
+        .enc_flags = SSL_ENC_FLAG_TLS1_3_CIPHERS,
+};
 /*
 * RFC 8446 section 4.1.3, magic values which must be set by the
 * server in server random if it is willing to downgrade but supports
author	jsing <>	2020-01-23 10:40:59 +0000
committer	jsing <>	2020-01-23 10:40:59 +0000
commit	3738bd24e9d4a33d52a585206262895bd6893bf4 (patch)
tree	43dc459859c1fb1a2702abab83aea4b376e97893 /src/lib
parent	8d4bd61260ee3ef0237ff103fbfa530c1c352552 (diff)
download	openbsd-3738bd24e9d4a33d52a585206262895bd6893bf4.tar.gz openbsd-3738bd24e9d4a33d52a585206262895bd6893bf4.tar.bz2 openbsd-3738bd24e9d4a33d52a585206262895bd6893bf4.zip