From 19a3c1d96385a70d4641d597c708f03c347280ae Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Thu, 23 Jan 2020 11:47:13 +0000
Subject: Correct several issues in the current TLSv1.3 server code.

Correct the parsing of the client hello support versions extension. This
has one or more values, rather than just the single selected version.

Allocate an SSL_SESSION - this is unused currently, but is needed as
soon as we start parsing extensions.

Also, pull the cipher suites list off correctly - this is u16 prefixed,
not u8.

ok beck@
---
 src/lib/libssl/tls13_server.c | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index e56d4c16fd..3c832aec65 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.11 2020/01/23 10:48:36 beck Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.12 2020/01/23 11:47:13 jsing Exp $ */
 /*
  * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -45,6 +45,9 @@ tls13_server_init(struct tls13_ctx *ctx)
 	if (!tls1_transcript_init(s))
 		return 0;
 
+	if ((s->session = SSL_SESSION_new()) == NULL)
+		return 0;
+
 	arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);
 
 	return 1;
@@ -142,8 +145,8 @@ tls13_use_legacy_server(struct tls13_ctx *ctx)
 static int
 tls13_client_hello_is_legacy(CBS *cbs)
 {
-	CBS extensions_block, extensions, extension_data;
-	uint16_t selected_version = 0;
+	CBS extensions_block, extensions, extension_data, versions;
+	uint16_t version, max_version = 0;
 	uint16_t type;
 
 	CBS_dup(cbs, &extensions_block);
@@ -159,13 +162,19 @@ tls13_client_hello_is_legacy(CBS *cbs)
 
 		if (type != TLSEXT_TYPE_supported_versions)
 			continue;
-		if (!CBS_get_u16(&extension_data, &selected_version))
+		if (!CBS_get_u8_length_prefixed(&extension_data, &versions))
 			return 1;
+		while (CBS_len(&versions) > 0) {
+			if (!CBS_get_u16(&versions, &version))
+				return 1;
+			if (version >= max_version)
+				max_version = version;
+		}
 		if (CBS_len(&extension_data) != 0)
 			return 1;
 	}
 
-	return (selected_version < TLS1_3_VERSION);
+	return (max_version < TLS1_3_VERSION);
 }
 
 static int
@@ -182,7 +191,7 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs)
 		goto err;
 	if (!CBS_get_u8_length_prefixed(cbs, &session_id))
 		goto err;
-	if (!CBS_get_u8_length_prefixed(cbs, &cipher_suites))
+	if (!CBS_get_u16_length_prefixed(cbs, &cipher_suites))
 		goto err;
 	if (!CBS_get_u8_length_prefixed(cbs, &compression_methods))
 		goto err;
-- 
cgit v1.2.3-55-g6feb