diff options
| author | jsing <> | 2021-02-20 08:22:55 +0000 |
|---|---|---|
| committer | jsing <> | 2021-02-20 08:22:55 +0000 |
| commit | 45ca0386c85a3541c21cb78dee47203b5492cc22 (patch) | |
| tree | 38282915160afb4f54aaf862d8797391736ce4ce /src/lib | |
| parent | ff8e4c1e0532f9cbbac3122e18d46a6c2f730581 (diff) | |
| download | openbsd-45ca0386c85a3541c21cb78dee47203b5492cc22.tar.gz openbsd-45ca0386c85a3541c21cb78dee47203b5492cc22.tar.bz2 openbsd-45ca0386c85a3541c21cb78dee47203b5492cc22.zip | |
Revise HelloVerifyRequest handling for DTLSv1.2.
Per RFC 6347 section 4.2.1, the HelloVerifyRequest should always contain
DTLSv1.0 - ensure this is the case on the server side, allow both DTLSv1.0
and DTLSv1.2 on the client.
ok tb@
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libssl/ssl_clnt.c | 9 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 9 |
2 files changed, 14 insertions, 4 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 680cafa8e5..7d55c0dd52 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_clnt.c,v 1.79 2021/02/20 08:19:01 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_clnt.c,v 1.80 2021/02/20 08:22:55 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -817,7 +817,12 @@ ssl3_get_dtls_hello_verify(SSL *s) | |||
| 817 | if (CBS_len(&hello_verify_request) != 0) | 817 | if (CBS_len(&hello_verify_request) != 0) |
| 818 | goto truncated; | 818 | goto truncated; |
| 819 | 819 | ||
| 820 | if (ssl_version != s->version) { | 820 | /* |
| 821 | * Per RFC 6347 section 4.2.1, the HelloVerifyRequest should always | ||
| 822 | * contain DTLSv1.0 the version that is going to be negotiated. | ||
| 823 | * Tolerate DTLSv1.2 just in case. | ||
| 824 | */ | ||
| 825 | if (ssl_version != DTLS1_VERSION && ssl_version != DTLS1_2_VERSION) { | ||
| 821 | SSLerror(s, SSL_R_WRONG_SSL_VERSION); | 826 | SSLerror(s, SSL_R_WRONG_SSL_VERSION); |
| 822 | s->version = (s->version & 0xff00) | (ssl_version & 0xff); | 827 | s->version = (s->version & 0xff00) | (ssl_version & 0xff); |
| 823 | al = SSL_AD_PROTOCOL_VERSION; | 828 | al = SSL_AD_PROTOCOL_VERSION; |
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 15768bb565..06ad42c8ff 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.91 2021/02/07 15:04:10 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.92 2021/02/20 08:22:55 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1171,10 +1171,15 @@ ssl3_send_dtls_hello_verify_request(SSL *s) | |||
| 1171 | return 0; | 1171 | return 0; |
| 1172 | } | 1172 | } |
| 1173 | 1173 | ||
| 1174 | /* | ||
| 1175 | * Per RFC 6347 section 4.2.1, the HelloVerifyRequest should | ||
| 1176 | * always contain DTLSv1.0 regardless of the version that is | ||
| 1177 | * going to be negotiated. | ||
| 1178 | */ | ||
| 1174 | if (!ssl3_handshake_msg_start(s, &cbb, &verify, | 1179 | if (!ssl3_handshake_msg_start(s, &cbb, &verify, |
| 1175 | DTLS1_MT_HELLO_VERIFY_REQUEST)) | 1180 | DTLS1_MT_HELLO_VERIFY_REQUEST)) |
| 1176 | goto err; | 1181 | goto err; |
| 1177 | if (!CBB_add_u16(&verify, s->version)) | 1182 | if (!CBB_add_u16(&verify, DTLS1_VERSION)) |
| 1178 | goto err; | 1183 | goto err; |
| 1179 | if (!CBB_add_u8_length_prefixed(&verify, &cookie)) | 1184 | if (!CBB_add_u8_length_prefixed(&verify, &cookie)) |
| 1180 | goto err; | 1185 | goto err; |