It is possible to receive a pre-TLSv1.3 alert in response to a TLSv1.3

client hello. Allow pre-TLSv1.3 alerts (including warnings) to be received before the server hello message. Disallow pre-TLSv1.3 alerts as soon as we know that we are using TLSv1.3. Noticed by ajacoutot@ while connecting to www.openprinting.org. ok tb@
author: jsing <> 2020-01-25 09:20:56 +0000
committer: jsing <> 2020-01-25 09:20:56 +0000
commit: 6b9adcf89cc2130fb9b26ac8e68e18a16ae477b7 (patch)
tree: bcc235a6daebd39d649e02f89e58cc75116ad6c0 /src/lib
parent: 8ef6d5699390cd817ba24c3f8f8a670d68b744af (diff)
download: openbsd-6b9adcf89cc2130fb9b26ac8e68e18a16ae477b7.tar.gz
openbsd-6b9adcf89cc2130fb9b26ac8e68e18a16ae477b7.tar.bz2
openbsd-6b9adcf89cc2130fb9b26ac8e68e18a16ae477b7.zip
3 files changed, 24 insertions, 4 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 20b3038b93..737a1015a5 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.32 2020/01/23 11:06:59 beck Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.33 2020/01/25 09:20:56 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -209,6 +209,9 @@ tls13_client_hello_send(struct tls13_ctx *ctx, CBB *cbb)
        if (ctx->hs->min_version < TLS1_2_VERSION)
                tls13_record_layer_set_legacy_version(ctx->rl, TLS1_VERSION);
+        /* We may receive a pre-TLSv1.3 alert in response to the client hello. */
+        tls13_record_layer_allow_legacy_alerts(ctx->rl, 1);
        if (!tls13_client_hello_build(ctx, cbb))
                return 0;
@@ -306,6 +309,9 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)
                return tls13_use_legacy_client(ctx);
        }
+        /* From here on in we know we are doing TLSv1.3. */
+        tls13_record_layer_allow_legacy_alerts(ctx->rl, 0);
        if (!tlsext_client_parse(s, cbs, &alert_desc, SSL_TLSEXT_MSG_SH)) {
                ctx->alert = alert_desc;
                goto err;
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index 4ff2df6e97..9aabc409d8 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.53 2020/01/24 08:21:24 jsing Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.54 2020/01/25 09:20:56 jsing Exp $ */
 /*
 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -122,6 +122,7 @@ struct tls13_record_layer *tls13_record_layer_new(tls13_read_cb wire_read,
    tls13_phh_sent_cb phh_sent_cb, void *cb_arg);
 void tls13_record_layer_free(struct tls13_record_layer *rl);
 void tls13_record_layer_allow_ccs(struct tls13_record_layer *rl, int allow);
+void tls13_record_layer_allow_legacy_alerts(struct tls13_record_layer *rl, int allow);
 void tls13_record_layer_rbuf(struct tls13_record_layer *rl, CBS *cbs);
 void tls13_record_layer_set_aead(struct tls13_record_layer *rl,
    const EVP_AEAD *aead);
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c
index e5f8ba8859..7d882924bc 100644
--- a/src/lib/libssl/tls13_record_layer.c
+++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_record_layer.c,v 1.25 2020/01/24 04:36:29 beck Exp $ */
+/* $OpenBSD: tls13_record_layer.c,v 1.26 2020/01/25 09:20:56 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -29,9 +29,11 @@ static ssize_t tls13_record_layer_write_record(struct tls13_record_layer *rl,
 struct tls13_record_layer {
        uint16_t legacy_version;
        int ccs_allowed;
        int ccs_seen;
        int handshake_completed;
+        int legacy_alerts_allowed;
        int phh;
        /*
@@ -207,6 +209,12 @@ tls13_record_layer_allow_ccs(struct tls13_record_layer *rl, int allow)
 }
 void
+tls13_record_layer_allow_legacy_alerts(struct tls13_record_layer *rl, int allow)
+{
+        rl->legacy_alerts_allowed = allow;
+}
+void
 tls13_record_layer_set_aead(struct tls13_record_layer *rl,
    const EVP_AEAD *aead)
 {
@@ -279,10 +287,15 @@ tls13_record_layer_process_alert(struct tls13_record_layer *rl)
                rl->read_closed = 1;
                rl->write_closed = 1;
                ret = TLS13_IO_ALERT;
-        } else
+        } else if (rl->legacy_alerts_allowed && alert_level == SSL3_AL_WARNING) {
+                /* Ignored and not passed to the callback. */
+                return TLS13_IO_WANT_RETRY;
+        } else {
                return tls13_send_alert(rl, SSL_AD_ILLEGAL_PARAMETER);
+        }
        rl->alert_cb(alert_desc, rl->cb_arg);
        return ret;
 }
author	jsing <>	2020-01-25 09:20:56 +0000
committer	jsing <>	2020-01-25 09:20:56 +0000
commit	6b9adcf89cc2130fb9b26ac8e68e18a16ae477b7 (patch)
tree	bcc235a6daebd39d649e02f89e58cc75116ad6c0 /src/lib
parent	8ef6d5699390cd817ba24c3f8f8a670d68b744af (diff)
download	openbsd-6b9adcf89cc2130fb9b26ac8e68e18a16ae477b7.tar.gz openbsd-6b9adcf89cc2130fb9b26ac8e68e18a16ae477b7.tar.bz2 openbsd-6b9adcf89cc2130fb9b26ac8e68e18a16ae477b7.zip