diff options
Diffstat (limited to 'src/lib/libssl/ssl_srvr.c')
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 373a20d61b..19fedde87a 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.96 2021/03/10 18:27:02 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.97 2021/03/11 17:14:47 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -799,7 +799,7 @@ ssl3_get_client_hello(SSL *s) | |||
| 799 | STACK_OF(SSL_CIPHER) *ciphers = NULL; | 799 | STACK_OF(SSL_CIPHER) *ciphers = NULL; |
| 800 | unsigned long alg_k; | 800 | unsigned long alg_k; |
| 801 | const SSL_METHOD *method; | 801 | const SSL_METHOD *method; |
| 802 | uint16_t max_version, shared_version; | 802 | uint16_t shared_version; |
| 803 | 803 | ||
| 804 | /* | 804 | /* |
| 805 | * We do this so that we will respond with our native type. | 805 | * We do this so that we will respond with our native type. |
| @@ -850,8 +850,6 @@ ssl3_get_client_hello(SSL *s) | |||
| 850 | * Use version from inside client hello, not from record header. | 850 | * Use version from inside client hello, not from record header. |
| 851 | * (may differ: see RFC 2246, Appendix E, second paragraph) | 851 | * (may differ: see RFC 2246, Appendix E, second paragraph) |
| 852 | */ | 852 | */ |
| 853 | if (!ssl_downgrade_max_version(s, &max_version)) | ||
| 854 | goto err; | ||
| 855 | if (!ssl_max_shared_version(s, client_version, &shared_version)) { | 853 | if (!ssl_max_shared_version(s, client_version, &shared_version)) { |
| 856 | if ((s->client_version >> 8) == SSL3_VERSION_MAJOR && | 854 | if ((s->client_version >> 8) == SSL3_VERSION_MAJOR && |
| 857 | !tls12_record_layer_write_protected(s->internal->rl)) { | 855 | !tls12_record_layer_write_protected(s->internal->rl)) { |
| @@ -1051,8 +1049,8 @@ ssl3_get_client_hello(SSL *s) | |||
| 1051 | */ | 1049 | */ |
| 1052 | arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); | 1050 | arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); |
| 1053 | 1051 | ||
| 1054 | if (!SSL_is_dtls(s) && max_version >= TLS1_2_VERSION && | 1052 | if (S3I(s)->hs.our_max_tls_version >= TLS1_2_VERSION && |
| 1055 | s->version < max_version) { | 1053 | S3I(s)->hs.negotiated_tls_version < S3I(s)->hs.our_max_tls_version) { |
| 1056 | /* | 1054 | /* |
| 1057 | * RFC 8446 section 4.1.3. If we are downgrading from TLS 1.3 | 1055 | * RFC 8446 section 4.1.3. If we are downgrading from TLS 1.3 |
| 1058 | * we must set the last 8 bytes of the server random to magical | 1056 | * we must set the last 8 bytes of the server random to magical |
| @@ -1061,7 +1059,7 @@ ssl3_get_client_hello(SSL *s) | |||
| 1061 | */ | 1059 | */ |
| 1062 | size_t index = SSL3_RANDOM_SIZE - sizeof(tls13_downgrade_12); | 1060 | size_t index = SSL3_RANDOM_SIZE - sizeof(tls13_downgrade_12); |
| 1063 | uint8_t *magic = &s->s3->server_random[index]; | 1061 | uint8_t *magic = &s->s3->server_random[index]; |
| 1064 | if (s->version == TLS1_2_VERSION) { | 1062 | if (S3I(s)->hs.negotiated_tls_version == TLS1_2_VERSION) { |
| 1065 | /* Indicate we chose to downgrade to 1.2. */ | 1063 | /* Indicate we chose to downgrade to 1.2. */ |
| 1066 | memcpy(magic, tls13_downgrade_12, | 1064 | memcpy(magic, tls13_downgrade_12, |
| 1067 | sizeof(tls13_downgrade_12)); | 1065 | sizeof(tls13_downgrade_12)); |