Remove ssl_downgrade_max_version().

Now that we store our maximum TLS version at the start of the handshake, we can check against that directly. ok inoguchi@ tb@
author: jsing <> 2021-03-11 17:14:47 +0000
committer: jsing <> 2021-03-11 17:14:47 +0000
commit: 7a96ea5b5a6bd9d1c199cb3f2b39f58b318330e0 (patch)
tree: 812227b9eac6204c336048feeaa5d32e3db2f552 /src
parent: 9718c009ebd714a8cb224839233e9267bf1471d8 (diff)
download: openbsd-7a96ea5b5a6bd9d1c199cb3f2b39f58b318330e0.tar.gz
openbsd-7a96ea5b5a6bd9d1c199cb3f2b39f58b318330e0.tar.bz2
openbsd-7a96ea5b5a6bd9d1c199cb3f2b39f58b318330e0.zip
5 files changed, 15 insertions, 54 deletions
diff --git a/src/lib/libssl/ssl_ciphers.c b/src/lib/libssl/ssl_ciphers.c
index 85c60b1abb..4e4a0d93a4 100644
--- a/src/lib/libssl/ssl_ciphers.c
+++ b/src/lib/libssl/ssl_ciphers.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ssl_ciphers.c,v 1.10 2021/02/25 17:06:05 jsing Exp $ */
+/*      $OpenBSD: ssl_ciphers.c,v 1.11 2021/03/11 17:14:46 jsing Exp $ */
 /*
 * Copyright (c) 2015-2017 Doug Hogan <doug@openbsd.org>
 * Copyright (c) 2015-2018, 2020 Joel Sing <jsing@openbsd.org>
@@ -93,7 +93,7 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs)
 {
        STACK_OF(SSL_CIPHER) *ciphers = NULL;
        const SSL_CIPHER *cipher;
-        uint16_t cipher_value, max_version;
+        uint16_t cipher_value;
        unsigned long cipher_id;
        S3I(s)->send_connection_binding = 0;
@@ -134,9 +134,8 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs)
                         * Fail if the current version is an unexpected
                         * downgrade.
                         */
-                        if (!ssl_downgrade_max_version(s, &max_version))
+                        if (S3I(s)->hs.negotiated_tls_version <
-                                goto err;
+                            S3I(s)->hs.our_max_tls_version) {
-                        if (s->version < max_version) {
                                SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK);
                                ssl3_send_alert(s, SSL3_AL_FATAL,
                                        SSL_AD_INAPPROPRIATE_FALLBACK);
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 97418f1ac7..06941530c6 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.85 2021/03/10 18:27:01 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.86 2021/03/11 17:14:46 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -859,7 +859,6 @@ ssl3_get_server_hello(SSL *s)
 {
        CBS cbs, server_random, session_id;
        uint16_t server_version, cipher_suite;
-        uint16_t max_version;
        uint8_t compression_method;
        const SSL_CIPHER *cipher;
        const SSL_METHOD *method;
@@ -930,10 +929,8 @@ ssl3_get_server_hello(SSL *s)
            sizeof(s->s3->server_random), NULL))
                goto err;
-        if (!ssl_downgrade_max_version(s, &max_version))
+        if (S3I(s)->hs.our_max_tls_version >= TLS1_2_VERSION &&
-                goto err;
+            S3I(s)->hs.negotiated_tls_version < S3I(s)->hs.our_max_tls_version) {
-        if (!SSL_is_dtls(s) && max_version >= TLS1_2_VERSION &&
-            s->version < max_version) {
                /*
                 * RFC 8446 section 4.1.3. We must not downgrade if the server
                 * random value contains the TLS 1.2 or TLS 1.1 magical value.
@@ -941,7 +938,7 @@ ssl3_get_server_hello(SSL *s)
                if (!CBS_skip(&server_random,
                    CBS_len(&server_random) - sizeof(tls13_downgrade_12)))
                        goto err;
-                if (s->version == TLS1_2_VERSION &&
+                if (S3I(s)->hs.negotiated_tls_version == TLS1_2_VERSION &&
                    CBS_mem_equal(&server_random, tls13_downgrade_12,
                    sizeof(tls13_downgrade_12))) {
                        al = SSL_AD_ILLEGAL_PARAMETER;
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 6f66a8932e..fed14b4b19 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.325 2021/03/10 18:27:01 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.326 2021/03/11 17:14:47 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1131,7 +1131,6 @@ int ssl_enabled_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver);
 int ssl_supported_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver);
 uint16_t ssl_tls_version(uint16_t version);
 uint16_t ssl_effective_tls_version(SSL *s);
-int ssl_downgrade_max_version(SSL *s, uint16_t *max_ver);
 int ssl_max_supported_version(SSL *s, uint16_t *max_ver);
 int ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver);
 int ssl_check_version_from_server(SSL *s, uint16_t server_version);
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 373a20d61b..19fedde87a 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.96 2021/03/10 18:27:02 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.97 2021/03/11 17:14:47 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -799,7 +799,7 @@ ssl3_get_client_hello(SSL *s)
        STACK_OF(SSL_CIPHER) *ciphers = NULL;
        unsigned long alg_k;
        const SSL_METHOD *method;
-        uint16_t max_version, shared_version;
+        uint16_t shared_version;
        /*
         * We do this so that we will respond with our native type.
@@ -850,8 +850,6 @@ ssl3_get_client_hello(SSL *s)
         * Use version from inside client hello, not from record header.
         * (may differ: see RFC 2246, Appendix E, second paragraph)
         */
-        if (!ssl_downgrade_max_version(s, &max_version))
-                goto err;
        if (!ssl_max_shared_version(s, client_version, &shared_version)) {
                if ((s->client_version >> 8) == SSL3_VERSION_MAJOR &&
                    !tls12_record_layer_write_protected(s->internal->rl)) {
@@ -1051,8 +1049,8 @@ ssl3_get_client_hello(SSL *s)
         */
        arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);
-        if (!SSL_is_dtls(s) && max_version >= TLS1_2_VERSION &&
+        if (S3I(s)->hs.our_max_tls_version >= TLS1_2_VERSION &&
-            s->version < max_version) {
+            S3I(s)->hs.negotiated_tls_version < S3I(s)->hs.our_max_tls_version) {
                /*
                 * RFC 8446 section 4.1.3. If we are downgrading from TLS 1.3
                 * we must set the last 8 bytes of the server random to magical
@@ -1061,7 +1059,7 @@ ssl3_get_client_hello(SSL *s)
                 */
                size_t index = SSL3_RANDOM_SIZE - sizeof(tls13_downgrade_12);
                uint8_t *magic = &s->s3->server_random[index];
-                if (s->version == TLS1_2_VERSION) {
+                if (S3I(s)->hs.negotiated_tls_version == TLS1_2_VERSION) {
                        /* Indicate we chose to downgrade to 1.2. */
                        memcpy(magic, tls13_downgrade_12,
                            sizeof(tls13_downgrade_12));
diff --git a/src/lib/libssl/ssl_versions.c b/src/lib/libssl/ssl_versions.c
index 37957fd0ab..45e468f0d8 100644
--- a/src/lib/libssl/ssl_versions.c
+++ b/src/lib/libssl/ssl_versions.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_versions.c,v 1.14 2021/03/10 18:27:02 jsing Exp $ */
+/* $OpenBSD: ssl_versions.c,v 1.15 2021/03/11 17:14:47 jsing Exp $ */
 /*
 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
 *
@@ -252,38 +252,6 @@ ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver)
 }
 int
-ssl_downgrade_max_version(SSL *s, uint16_t *max_ver)
-{
-        uint16_t min_version, max_version;
-        /*
-         * The downgrade maximum version is based on the versions that are
-         * enabled, however we also have to then limit to the versions
-         * supported by the method. The SSL method will be changed during
-         * version negotiation and when switching from the new stack to
-         * the legacy context, as such we want to use the method from the
-         * context.
-         */
-        if (SSL_is_dtls(s)) {
-                *max_ver = DTLS1_VERSION;
-                return 1;
-        }
-        if (!ssl_enabled_tls_version_range(s, &min_version, &max_version))
-                return 0;
-        if (!ssl_clamp_tls_version_range(&min_version, &max_version,
-            s->ctx->method->internal->min_tls_version,
-            s->ctx->method->internal->max_tls_version))
-                return 0;
-        *max_ver = max_version;
-        return 1;
-}
-int
 ssl_check_version_from_server(SSL *s, uint16_t server_version)
 {
        uint16_t min_version, max_version;
author	jsing <>	2021-03-11 17:14:47 +0000
committer	jsing <>	2021-03-11 17:14:47 +0000
commit	7a96ea5b5a6bd9d1c199cb3f2b39f58b318330e0 (patch)
tree	812227b9eac6204c336048feeaa5d32e3db2f552 /src
parent	9718c009ebd714a8cb224839233e9267bf1471d8 (diff)
download	openbsd-7a96ea5b5a6bd9d1c199cb3f2b39f58b318330e0.tar.gz openbsd-7a96ea5b5a6bd9d1c199cb3f2b39f58b318330e0.tar.bz2 openbsd-7a96ea5b5a6bd9d1c199cb3f2b39f58b318330e0.zip