diff options
| author | beck <> | 2020-01-23 07:30:55 +0000 |
|---|---|---|
| committer | beck <> | 2020-01-23 07:30:55 +0000 |
| commit | d0a2a4304e8bc55b8e532933c8af4982563b033b (patch) | |
| tree | 3c6241065cc972e1b55e086b389921e9aa5eb52d /src | |
| parent | a47fd2152ee5040be19d80d3d11f26ce798836f5 (diff) | |
| download | openbsd-d0a2a4304e8bc55b8e532933c8af4982563b033b.tar.gz openbsd-d0a2a4304e8bc55b8e532933c8af4982563b033b.tar.bz2 openbsd-d0a2a4304e8bc55b8e532933c8af4982563b033b.zip | |
Add checking int the client to check the magic values which are
set by a 1.3 server when it downgrades to tls 1.2 or 1.1 as per
RFC 8446 section 4.1.3
ok jsing@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/tls13_client.c | 18 | ||||
| -rw-r--r-- | src/lib/libssl/tls13_internal.h | 5 | ||||
| -rw-r--r-- | src/lib/libssl/tls13_lib.c | 10 |
3 files changed, 30 insertions, 3 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index cab113b8c3..477cca2e04 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_client.c,v 1.30 2020/01/23 06:15:44 beck Exp $ */ | 1 | /* $OpenBSD: tls13_client.c,v 1.31 2020/01/23 07:30:55 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -285,6 +285,22 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) | |||
| 285 | goto err; | 285 | goto err; |
| 286 | 286 | ||
| 287 | if (tls13_server_hello_is_legacy(cbs)) { | 287 | if (tls13_server_hello_is_legacy(cbs)) { |
| 288 | /* | ||
| 289 | * RFC 8446 section 4.1.3, We must not downgrade if | ||
| 290 | * the server random value contains the TLS 1.2 or 1.1 | ||
| 291 | * magical value. | ||
| 292 | */ | ||
| 293 | if (!CBS_skip(&server_random, CBS_len(&server_random) - | ||
| 294 | sizeof(tls13_downgrade_12))) | ||
| 295 | goto err; | ||
| 296 | if (CBS_mem_equal(&server_random, tls13_downgrade_12, | ||
| 297 | sizeof(tls13_downgrade_12)) || | ||
| 298 | CBS_mem_equal(&server_random, tls13_downgrade_11, | ||
| 299 | sizeof(tls13_downgrade_11))) { | ||
| 300 | ctx->alert = SSL_AD_ILLEGAL_PARAMETER; | ||
| 301 | goto err; | ||
| 302 | } | ||
| 303 | |||
| 288 | if (!CBS_skip(cbs, CBS_len(cbs))) | 304 | if (!CBS_skip(cbs, CBS_len(cbs))) |
| 289 | goto err; | 305 | goto err; |
| 290 | return tls13_use_legacy_client(ctx); | 306 | return tls13_use_legacy_client(ctx); |
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h index 12ba5750a0..f11d96f2ea 100644 --- a/src/lib/libssl/tls13_internal.h +++ b/src/lib/libssl/tls13_internal.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_internal.h,v 1.48 2020/01/23 05:08:30 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_internal.h,v 1.49 2020/01/23 07:30:55 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018 Bob Beck <beck@openbsd.org> |
| 4 | * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> | 4 | * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> |
| @@ -305,6 +305,9 @@ int tls13_error_setx(struct tls13_error *error, int code, int subcode, | |||
| 305 | tls13_error_setx(&(ctx)->error, (code), (subcode), __FILE__, __LINE__, \ | 305 | tls13_error_setx(&(ctx)->error, (code), (subcode), __FILE__, __LINE__, \ |
| 306 | (fmt), __VA_ARGS__) | 306 | (fmt), __VA_ARGS__) |
| 307 | 307 | ||
| 308 | extern uint8_t tls13_downgrade_12[8]; | ||
| 309 | extern uint8_t tls13_downgrade_11[8]; | ||
| 310 | |||
| 308 | __END_HIDDEN_DECLS | 311 | __END_HIDDEN_DECLS |
| 309 | 312 | ||
| 310 | #endif | 313 | #endif |
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c index de3e840a84..5d8c359014 100644 --- a/src/lib/libssl/tls13_lib.c +++ b/src/lib/libssl/tls13_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_lib.c,v 1.23 2020/01/23 05:08:30 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_lib.c,v 1.24 2020/01/23 07:30:55 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2019 Bob Beck <beck@openbsd.org> | 4 | * Copyright (c) 2019 Bob Beck <beck@openbsd.org> |
| @@ -24,6 +24,14 @@ | |||
| 24 | #include "ssl_locl.h" | 24 | #include "ssl_locl.h" |
| 25 | #include "tls13_internal.h" | 25 | #include "tls13_internal.h" |
| 26 | 26 | ||
| 27 | /* | ||
| 28 | * RFC 8446 section 4.1.3, magic values which must be set by the | ||
| 29 | * server in server random if it is willing to downgrade but supports | ||
| 30 | * tls v1.3 | ||
| 31 | */ | ||
| 32 | uint8_t tls13_downgrade_12[8] = {0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01}; | ||
| 33 | uint8_t tls13_downgrade_11[8] = {0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00}; | ||
| 34 | |||
| 27 | const EVP_AEAD * | 35 | const EVP_AEAD * |
| 28 | tls13_cipher_aead(const SSL_CIPHER *cipher) | 36 | tls13_cipher_aead(const SSL_CIPHER *cipher) |
| 29 | { | 37 | { |