diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/tls13_client.c | 32 |
1 files changed, 10 insertions, 22 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 1f51748147..38eca61d9a 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_client.c,v 1.70 2021/01/06 20:15:35 tb Exp $ */ | 1 | /* $OpenBSD: tls13_client.c,v 1.71 2021/02/22 16:13:31 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -271,25 +271,14 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) | |||
| 271 | } | 271 | } |
| 272 | 272 | ||
| 273 | /* | 273 | /* |
| 274 | * See if a supported versions extension was returned. If it was then | 274 | * The supported versions extension indicated 0x0304 or greater. |
| 275 | * the legacy version must be set to 0x0303 (RFC 8446 section 4.1.3). | 275 | * Ensure that it was 0x0304 and that legacy version is set to 0x0303 |
| 276 | * Otherwise, fallback to the legacy version, ensuring that it is both | 276 | * (RFC 8446 section 4.2.1). |
| 277 | * within range and not TLS 1.3 or greater (which must use the | ||
| 278 | * supported version extension. | ||
| 279 | */ | 277 | */ |
| 280 | if (ctx->hs->server_version != 0) { | 278 | if (ctx->hs->server_version != TLS1_3_VERSION || |
| 281 | if (legacy_version != TLS1_2_VERSION) { | 279 | legacy_version != TLS1_2_VERSION) { |
| 282 | ctx->alert = TLS13_ALERT_PROTOCOL_VERSION; | 280 | ctx->alert = TLS13_ALERT_PROTOCOL_VERSION; |
| 283 | goto err; | 281 | goto err; |
| 284 | } | ||
| 285 | } else { | ||
| 286 | if (legacy_version < ctx->hs->min_version || | ||
| 287 | legacy_version > ctx->hs->max_version || | ||
| 288 | legacy_version > TLS1_2_VERSION) { | ||
| 289 | ctx->alert = TLS13_ALERT_PROTOCOL_VERSION; | ||
| 290 | goto err; | ||
| 291 | } | ||
| 292 | ctx->hs->server_version = legacy_version; | ||
| 293 | } | 282 | } |
| 294 | 283 | ||
| 295 | /* The session_id must match. */ | 284 | /* The session_id must match. */ |
| @@ -301,15 +290,14 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) | |||
| 301 | 290 | ||
| 302 | /* | 291 | /* |
| 303 | * Ensure that the cipher suite is one that we offered in the client | 292 | * Ensure that the cipher suite is one that we offered in the client |
| 304 | * hello and that it matches the TLS version selected. | 293 | * hello and that it is a TLSv1.3 cipher suite. |
| 305 | */ | 294 | */ |
| 306 | cipher = ssl3_get_cipher_by_value(cipher_suite); | 295 | cipher = ssl3_get_cipher_by_value(cipher_suite); |
| 307 | if (cipher == NULL || !ssl_cipher_in_list(SSL_get_ciphers(s), cipher)) { | 296 | if (cipher == NULL || !ssl_cipher_in_list(SSL_get_ciphers(s), cipher)) { |
| 308 | ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; | 297 | ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; |
| 309 | goto err; | 298 | goto err; |
| 310 | } | 299 | } |
| 311 | if (ctx->hs->server_version == TLS1_3_VERSION && | 300 | if (cipher->algorithm_ssl != SSL_TLSV1_3) { |
| 312 | cipher->algorithm_ssl != SSL_TLSV1_3) { | ||
| 313 | ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; | 301 | ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; |
| 314 | goto err; | 302 | goto err; |
| 315 | } | 303 | } |