diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/tls13_server.c | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index 8f225433f0..b1612a86e5 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_server.c,v 1.101 2022/08/17 07:39:19 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_server.c,v 1.102 2022/09/11 14:39:44 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> | 4 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> |
| @@ -174,6 +174,15 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) | |||
| 174 | /* Ensure we send subsequent alerts with the correct record version. */ | 174 | /* Ensure we send subsequent alerts with the correct record version. */ |
| 175 | tls13_record_layer_set_legacy_version(ctx->rl, TLS1_2_VERSION); | 175 | tls13_record_layer_set_legacy_version(ctx->rl, TLS1_2_VERSION); |
| 176 | 176 | ||
| 177 | /* | ||
| 178 | * Ensure that the client has not requested middlebox compatibility mode | ||
| 179 | * if it is prohibited from doing so. | ||
| 180 | */ | ||
| 181 | if (!ctx->middlebox_compat && CBS_len(&session_id) != 0) { | ||
| 182 | ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; | ||
| 183 | goto err; | ||
| 184 | } | ||
| 185 | |||
| 177 | /* Add decoded values to the current ClientHello hash */ | 186 | /* Add decoded values to the current ClientHello hash */ |
| 178 | if (!tls13_clienthello_hash_init(ctx)) { | 187 | if (!tls13_clienthello_hash_init(ctx)) { |
| 179 | ctx->alert = TLS13_ALERT_INTERNAL_ERROR; | 188 | ctx->alert = TLS13_ALERT_INTERNAL_ERROR; |
| @@ -234,8 +243,14 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) | |||
| 234 | goto err; | 243 | goto err; |
| 235 | } | 244 | } |
| 236 | 245 | ||
| 237 | /* Store legacy session identifier so we can echo it. */ | 246 | /* |
| 238 | if (CBS_len(&session_id) > sizeof(ctx->hs->tls13.legacy_session_id)) { | 247 | * The legacy session identifier must either be zero length or a 32 byte |
| 248 | * value (in which case the client is requesting middlebox compatibility | ||
| 249 | * mode), as per RFC 8446 section 4.1.2. If it is valid, store the value | ||
| 250 | * so that we can echo it back to the client. | ||
| 251 | */ | ||
| 252 | if (CBS_len(&session_id) != 0 && | ||
| 253 | CBS_len(&session_id) != sizeof(ctx->hs->tls13.legacy_session_id)) { | ||
| 239 | ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; | 254 | ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; |
| 240 | goto err; | 255 | goto err; |
| 241 | } | 256 | } |
| @@ -303,8 +318,9 @@ tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
| 303 | if (ctx->hs->key_share != NULL) | 318 | if (ctx->hs->key_share != NULL) |
| 304 | ctx->handshake_stage.hs_type |= NEGOTIATED | WITHOUT_HRR; | 319 | ctx->handshake_stage.hs_type |= NEGOTIATED | WITHOUT_HRR; |
| 305 | 320 | ||
| 306 | /* XXX - check this is the correct point */ | 321 | /* Only allow CCS if client requested middlebox compatibility mode. */ |
| 307 | tls13_record_layer_allow_ccs(ctx->rl, 1); | 322 | if (ctx->hs->tls13.legacy_session_id_len > 0) |
| 323 | tls13_record_layer_allow_ccs(ctx->rl, 1); | ||
| 308 | 324 | ||
| 309 | return 1; | 325 | return 1; |
| 310 | 326 | ||