1 files changed, 46 insertions, 2 deletions
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index edc87fcdcb..ccbb46652b 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.57 2020/06/04 18:46:21 tb Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.58 2020/06/06 01:40:09 beck Exp $ */
 /*
 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -126,11 +126,52 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs)
                return tls13_use_legacy_server(ctx);
        }
+        /* Add decoded values to the current ClientHello hash */
+        if (!tls13_clienthello_hash_init(ctx)) {
+                ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
+                goto err;
+        }
+        if (!tls13_clienthello_hash_update_bytes(ctx, (void *)&legacy_version,
+            sizeof(legacy_version))) {
+                ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
+                goto err;
+        }
+        if (!tls13_clienthello_hash_update(ctx, &client_random)) {
+                ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
+                goto err;
+        }
+        if (!tls13_clienthello_hash_update(ctx, &session_id)) {
+                ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
+                goto err;
+        }
+        if (!tls13_clienthello_hash_update(ctx, &cipher_suites)) {
+                ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
+                goto err;
+        }
+        if (!tls13_clienthello_hash_update(ctx, &compression_methods)) {
+                ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
+                goto err;
+        }
        if (!tlsext_server_parse(s, cbs, &alert_desc, SSL_TLSEXT_MSG_CH)) {
                ctx->alert = alert_desc;
                goto err;
        }
+        /* Finalize first ClientHello hash, or validate against it */
+        if (!ctx->hs->hrr) {
+                if (!tls13_clienthello_hash_finalize(ctx)) {
+                        ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
+                        goto err;
+                }
+        } else {
+                if (!tls13_clienthello_hash_validate(ctx)) {
+                        ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;
+                        goto err;
+                }
+                tls13_clienthello_hash_clear(ctx->hs);
+        }
        /*
         * If we got this far we have a supported versions extension that offers
         * TLS 1.3 or later. This requires the legacy version be set to 0x0303.
@@ -146,8 +187,11 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs)
                goto err;
        }
        if (!CBS_write_bytes(&session_id, ctx->hs->legacy_session_id,
-            sizeof(ctx->hs->legacy_session_id), &ctx->hs->legacy_session_id_len))
+            sizeof(ctx->hs->legacy_session_id),
+            &ctx->hs->legacy_session_id_len)) {
+                ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
                goto err;
+        }
        /* Parse cipher suites list and select preferred cipher. */
        if ((ciphers = ssl_bytes_to_cipher_list(s, &cipher_suites)) == NULL) {

diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index edc87fcdcb..ccbb46652b 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_server.c,v 1.57 2020/06/04 18:46:21 tb Exp $ */	1	/* $OpenBSD: tls13_server.c,v 1.58 2020/06/06 01:40:09 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>	4	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -126,11 +126,52 @@ tls13_client_hello_process(struct tls13_ctx ctx, CBS cbs)
126	return tls13_use_legacy_server(ctx);	126	return tls13_use_legacy_server(ctx);
127	}	127	}
128		128
		129	/* Add decoded values to the current ClientHello hash */
		130	if (!tls13_clienthello_hash_init(ctx)) {
		131	ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
		132	goto err;
		133	}
		134	if (!tls13_clienthello_hash_update_bytes(ctx, (void *)&legacy_version,
		135	sizeof(legacy_version))) {
		136	ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
		137	goto err;
		138	}
		139	if (!tls13_clienthello_hash_update(ctx, &client_random)) {
		140	ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
		141	goto err;
		142	}
		143	if (!tls13_clienthello_hash_update(ctx, &session_id)) {
		144	ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
		145	goto err;
		146	}
		147	if (!tls13_clienthello_hash_update(ctx, &cipher_suites)) {
		148	ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
		149	goto err;
		150	}
		151	if (!tls13_clienthello_hash_update(ctx, &compression_methods)) {
		152	ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
		153	goto err;
		154	}
		155
129	if (!tlsext_server_parse(s, cbs, &alert_desc, SSL_TLSEXT_MSG_CH)) {	156	if (!tlsext_server_parse(s, cbs, &alert_desc, SSL_TLSEXT_MSG_CH)) {
130	ctx->alert = alert_desc;	157	ctx->alert = alert_desc;
131	goto err;	158	goto err;
132	}	159	}
133		160
		161	/* Finalize first ClientHello hash, or validate against it */
		162	if (!ctx->hs->hrr) {
		163	if (!tls13_clienthello_hash_finalize(ctx)) {
		164	ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
		165	goto err;
		166	}
		167	} else {
		168	if (!tls13_clienthello_hash_validate(ctx)) {
		169	ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;
		170	goto err;
		171	}
		172	tls13_clienthello_hash_clear(ctx->hs);
		173	}
		174
134	/*	175	/*
135	* If we got this far we have a supported versions extension that offers	176	* If we got this far we have a supported versions extension that offers
136	* TLS 1.3 or later. This requires the legacy version be set to 0x0303.	177	* TLS 1.3 or later. This requires the legacy version be set to 0x0303.
@@ -146,8 +187,11 @@ tls13_client_hello_process(struct tls13_ctx ctx, CBS cbs)
146	goto err;	187	goto err;
147	}	188	}
148	if (!CBS_write_bytes(&session_id, ctx->hs->legacy_session_id,	189	if (!CBS_write_bytes(&session_id, ctx->hs->legacy_session_id,
149	sizeof(ctx->hs->legacy_session_id), &ctx->hs->legacy_session_id_len))	190	sizeof(ctx->hs->legacy_session_id),
		191	&ctx->hs->legacy_session_id_len)) {
		192	ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
150	goto err;	193	goto err;
		194	}
151		195
152	/* Parse cipher suites list and select preferred cipher. */	196	/* Parse cipher suites list and select preferred cipher. */
153	if ((ciphers = ssl_bytes_to_cipher_list(s, &cipher_suites)) == NULL) {	197	if ((ciphers = ssl_bytes_to_cipher_list(s, &cipher_suites)) == NULL) {