From e841f2e08f8bcc62f31051874b1b2a491665e7c6 Mon Sep 17 00:00:00 2001 From: tb <> Date: Wed, 22 Jan 2020 02:39:45 +0000 Subject: The legacy_record_version must be set to TLS1_2_VERSION except in the ClientHello where it may be set to TLS1_VERSION. Use the minimal supported version to decide whether we choose to do so or not. Use a sent hook to set it back TLS1_2_VERSION right after the ClientHello message is on the wire. ok beck jsing --- src/lib/libssl/tls13_client.c | 13 ++++++++++++- src/lib/libssl/tls13_handshake.c | 3 ++- src/lib/libssl/tls13_internal.h | 5 ++++- src/lib/libssl/tls13_record_layer.c | 18 ++++++++++++------ 4 files changed, 30 insertions(+), 9 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index ed9a69918a..e0041eadae 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.23 2020/01/22 02:21:05 beck Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.24 2020/01/22 02:39:45 tb Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -199,6 +199,9 @@ tls13_client_hello_send(struct tls13_ctx *ctx) { CBB body; + if (ctx->hs->min_version < TLS1_2_VERSION) + tls13_record_layer_set_legacy_version(ctx->rl, TLS1_VERSION); + if (!tls13_handshake_msg_start(ctx->hs_msg, &body, TLS13_MT_CLIENT_HELLO)) return 0; if (!tls13_client_hello_build(ctx->ssl, &body)) @@ -209,6 +212,14 @@ tls13_client_hello_send(struct tls13_ctx *ctx) return 1; } +int +tls13_client_hello_sent(struct tls13_ctx *ctx) +{ + tls13_record_layer_set_legacy_version(ctx->rl, TLS1_2_VERSION); + + return 1; +} + /* * HelloRetryRequest hash - RFC 8446 section 4.1.3. */ diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c index 48a01d3ca4..ca36f879b4 100644 --- a/src/lib/libssl/tls13_handshake.c +++ b/src/lib/libssl/tls13_handshake.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_handshake.c,v 1.38 2020/01/21 03:40:05 beck Exp $ */ +/* $OpenBSD: tls13_handshake.c,v 1.39 2020/01/22 02:39:45 tb Exp $ */ /* * Copyright (c) 2018-2019 Theo Buehler * Copyright (c) 2019 Joel Sing @@ -53,6 +53,7 @@ struct tls13_handshake_action state_machine[] = { .handshake_type = TLS13_MT_CLIENT_HELLO, .sender = TLS13_HS_CLIENT, .send = tls13_client_hello_send, + .sent = tls13_client_hello_sent, .recv = tls13_client_hello_recv, }, [CLIENT_HELLO_RETRY] = { diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h index 167ed1f254..1eb05b7100 100644 --- a/src/lib/libssl/tls13_internal.h +++ b/src/lib/libssl/tls13_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_internal.h,v 1.41 2020/01/22 02:21:05 beck Exp $ */ +/* $OpenBSD: tls13_internal.h,v 1.42 2020/01/22 02:39:45 tb Exp $ */ /* * Copyright (c) 2018 Bob Beck * Copyright (c) 2018 Theo Buehler @@ -122,6 +122,8 @@ void tls13_record_layer_set_aead(struct tls13_record_layer *rl, const EVP_AEAD *aead); void tls13_record_layer_set_hash(struct tls13_record_layer *rl, const EVP_MD *hash); +void tls13_record_layer_set_legacy_version(struct tls13_record_layer *rl, + uint16_t version); void tls13_record_layer_handshake_completed(struct tls13_record_layer *rl); int tls13_record_layer_set_read_traffic_key(struct tls13_record_layer *rl, struct tls13_secret *read_key); @@ -253,6 +255,7 @@ int tls13_legacy_shutdown(SSL *ssl); int tls13_handshake_perform(struct tls13_ctx *ctx); int tls13_client_hello_send(struct tls13_ctx *ctx); +int tls13_client_hello_sent(struct tls13_ctx *ctx); int tls13_client_hello_recv(struct tls13_ctx *ctx); int tls13_client_hello_retry_send(struct tls13_ctx *ctx); int tls13_client_hello_retry_recv(struct tls13_ctx *ctx); diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c index dff5cd2bbe..600990a878 100644 --- a/src/lib/libssl/tls13_record_layer.c +++ b/src/lib/libssl/tls13_record_layer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_record_layer.c,v 1.19 2020/01/22 01:02:28 jsing Exp $ */ +/* $OpenBSD: tls13_record_layer.c,v 1.20 2020/01/22 02:39:45 tb Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -28,6 +28,7 @@ static ssize_t tls13_record_layer_write_record(struct tls13_record_layer *rl, uint8_t content_type, const uint8_t *content, size_t content_len); struct tls13_record_layer { + uint16_t legacy_version; int change_cipher_spec_seen; int handshake_completed; int phh; @@ -124,6 +125,8 @@ tls13_record_layer_new(tls13_read_cb wire_read, tls13_write_cb wire_write, if ((rl = calloc(1, sizeof(struct tls13_record_layer))) == NULL) return NULL; + rl->legacy_version = TLS1_2_VERSION; + rl->wire_read = wire_read; rl->wire_write = wire_write; rl->alert_cb = alert_cb; @@ -210,6 +213,13 @@ tls13_record_layer_set_hash(struct tls13_record_layer *rl, rl->hash = hash; } +void +tls13_record_layer_set_legacy_version(struct tls13_record_layer *rl, + uint16_t version) +{ + rl->legacy_version = version; +} + void tls13_record_layer_handshake_completed(struct tls13_record_layer *rl) { @@ -563,15 +573,11 @@ tls13_record_layer_seal_record_plaintext(struct tls13_record_layer *rl, { uint8_t *data = NULL; size_t data_len = 0; - uint16_t version; CBB cbb, body; if (rl->aead != NULL) return 0; - /* XXX - TLS1_VERSION for first client hello... */ - version = TLS1_2_VERSION; - /* * We're still operating in plaintext mode, so just copy the * content into the record. @@ -581,7 +587,7 @@ tls13_record_layer_seal_record_plaintext(struct tls13_record_layer *rl, if (!CBB_add_u8(&cbb, content_type)) goto err; - if (!CBB_add_u16(&cbb, version)) + if (!CBB_add_u16(&cbb, rl->legacy_version)) goto err; if (!CBB_add_u16_length_prefixed(&cbb, &body)) goto err; -- cgit v1.2.3-55-g6feb