summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authortb <>2021-02-22 16:13:31 +0000
committertb <>2021-02-22 16:13:31 +0000
commit842643a56228ae894659a873e62c56f51323f64e (patch)
tree54ea595d414b9275fb7968239c09513df65a5a86 /src
parent5be7b39a3d59ca113945b77a97aaa4d8875ccc82 (diff)
downloadopenbsd-842643a56228ae894659a873e62c56f51323f64e.tar.gz
openbsd-842643a56228ae894659a873e62c56f51323f64e.tar.bz2
openbsd-842643a56228ae894659a873e62c56f51323f64e.zip
Simplify version checks in the TLSv1.3 client
Ensure that the server announced TLSv1.3 (and nothing higher) in the supported_versions extension. In that case, the legacy_version must be TLSv1.2 according to RFC 8446, 4.1.3 and 4.2.1. This commit also removes some unreachable code which is a remnant of very early TLSv1.3 code from before the legacy fallback was introduced. Simplify a few checks and adjust some comments nearby. ok jsing
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/tls13_client.c32
1 files changed, 10 insertions, 22 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 1f51748147..38eca61d9a 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_client.c,v 1.70 2021/01/06 20:15:35 tb Exp $ */ 1/* $OpenBSD: tls13_client.c,v 1.71 2021/02/22 16:13:31 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -271,25 +271,14 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)
271 } 271 }
272 272
273 /* 273 /*
274 * See if a supported versions extension was returned. If it was then 274 * The supported versions extension indicated 0x0304 or greater.
275 * the legacy version must be set to 0x0303 (RFC 8446 section 4.1.3). 275 * Ensure that it was 0x0304 and that legacy version is set to 0x0303
276 * Otherwise, fallback to the legacy version, ensuring that it is both 276 * (RFC 8446 section 4.2.1).
277 * within range and not TLS 1.3 or greater (which must use the
278 * supported version extension.
279 */ 277 */
280 if (ctx->hs->server_version != 0) { 278 if (ctx->hs->server_version != TLS1_3_VERSION ||
281 if (legacy_version != TLS1_2_VERSION) { 279 legacy_version != TLS1_2_VERSION) {
282 ctx->alert = TLS13_ALERT_PROTOCOL_VERSION; 280 ctx->alert = TLS13_ALERT_PROTOCOL_VERSION;
283 goto err; 281 goto err;
284 }
285 } else {
286 if (legacy_version < ctx->hs->min_version ||
287 legacy_version > ctx->hs->max_version ||
288 legacy_version > TLS1_2_VERSION) {
289 ctx->alert = TLS13_ALERT_PROTOCOL_VERSION;
290 goto err;
291 }
292 ctx->hs->server_version = legacy_version;
293 } 282 }
294 283
295 /* The session_id must match. */ 284 /* The session_id must match. */
@@ -301,15 +290,14 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)
301 290
302 /* 291 /*
303 * Ensure that the cipher suite is one that we offered in the client 292 * Ensure that the cipher suite is one that we offered in the client
304 * hello and that it matches the TLS version selected. 293 * hello and that it is a TLSv1.3 cipher suite.
305 */ 294 */
306 cipher = ssl3_get_cipher_by_value(cipher_suite); 295 cipher = ssl3_get_cipher_by_value(cipher_suite);
307 if (cipher == NULL || !ssl_cipher_in_list(SSL_get_ciphers(s), cipher)) { 296 if (cipher == NULL || !ssl_cipher_in_list(SSL_get_ciphers(s), cipher)) {
308 ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; 297 ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;
309 goto err; 298 goto err;
310 } 299 }
311 if (ctx->hs->server_version == TLS1_3_VERSION && 300 if (cipher->algorithm_ssl != SSL_TLSV1_3) {
312 cipher->algorithm_ssl != SSL_TLSV1_3) {
313 ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; 301 ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;
314 goto err; 302 goto err;
315 } 303 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-23 16:01:19 +0000