diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2020-01-22 02:39:46 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2020-01-22 02:39:46 +0000 |
| commit | 97702754f8abfa5e1dea4b6067a9b7e22c5e65f2 (patch) | |
| tree | cb0ddff37fb3e11b3bd9d5bf8134602047fff5b0 | |
| parent | f81b3e73832a70e9f5997cd18d3ef1501d89a87a (diff) | |
The legacy_record_version must be set to TLS1_2_VERSION except
in the ClientHello where it may be set to TLS1_VERSION. Use
the minimal supported version to decide whether we choose to do
so or not. Use a sent hook to set it back TLS1_2_VERSION right
after the ClientHello message is on the wire.
ok beck jsing
| -rw-r--r-- | lib/libssl/tls13_client.c | 13 | ||||
| -rw-r--r-- | lib/libssl/tls13_handshake.c | 3 | ||||
| -rw-r--r-- | lib/libssl/tls13_internal.h | 5 | ||||
| -rw-r--r-- | lib/libssl/tls13_record_layer.c | 18 |
4 files changed, 30 insertions, 9 deletions
diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c index ed9a69918a6..e0041eadae8 100644 --- a/lib/libssl/tls13_client.c +++ b/lib/libssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.23 2020/01/22 02:21:05 beck Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.24 2020/01/22 02:39:45 tb Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * @@ -199,6 +199,9 @@ tls13_client_hello_send(struct tls13_ctx *ctx) { CBB body; + if (ctx->hs->min_version < TLS1_2_VERSION) + tls13_record_layer_set_legacy_version(ctx->rl, TLS1_VERSION); + if (!tls13_handshake_msg_start(ctx->hs_msg, &body, TLS13_MT_CLIENT_HELLO)) return 0; if (!tls13_client_hello_build(ctx->ssl, &body)) @@ -209,6 +212,14 @@ tls13_client_hello_send(struct tls13_ctx *ctx) return 1; } +int +tls13_client_hello_sent(struct tls13_ctx *ctx) +{ + tls13_record_layer_set_legacy_version(ctx->rl, TLS1_2_VERSION); + + return 1; +} + /* * HelloRetryRequest hash - RFC 8446 section 4.1.3. */ diff --git a/lib/libssl/tls13_handshake.c b/lib/libssl/tls13_handshake.c index 48a01d3ca4e..ca36f879b44 100644 --- a/lib/libssl/tls13_handshake.c +++ b/lib/libssl/tls13_handshake.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_handshake.c,v 1.38 2020/01/21 03:40:05 beck Exp $ */ +/* $OpenBSD: tls13_handshake.c,v 1.39 2020/01/22 02:39:45 tb Exp $ */ /* * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org> * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> @@ -53,6 +53,7 @@ struct tls13_handshake_action state_machine[] = { .handshake_type = TLS13_MT_CLIENT_HELLO, .sender = TLS13_HS_CLIENT, .send = tls13_client_hello_send, + .sent = tls13_client_hello_sent, .recv = tls13_client_hello_recv, }, [CLIENT_HELLO_RETRY] = { diff --git a/lib/libssl/tls13_internal.h b/lib/libssl/tls13_internal.h index 167ed1f2541..1eb05b71007 100644 --- a/lib/libssl/tls13_internal.h +++ b/lib/libssl/tls13_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_internal.h,v 1.41 2020/01/22 02:21:05 beck Exp $ */ +/* $OpenBSD: tls13_internal.h,v 1.42 2020/01/22 02:39:45 tb Exp $ */ /* * Copyright (c) 2018 Bob Beck <beck@openbsd.org> * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> @@ -122,6 +122,8 @@ void tls13_record_layer_set_aead(struct tls13_record_layer *rl, const EVP_AEAD *aead); void tls13_record_layer_set_hash(struct tls13_record_layer *rl, const EVP_MD *hash); +void tls13_record_layer_set_legacy_version(struct tls13_record_layer *rl, + uint16_t version); void tls13_record_layer_handshake_completed(struct tls13_record_layer *rl); int tls13_record_layer_set_read_traffic_key(struct tls13_record_layer *rl, struct tls13_secret *read_key); @@ -253,6 +255,7 @@ int tls13_legacy_shutdown(SSL *ssl); int tls13_handshake_perform(struct tls13_ctx *ctx); int tls13_client_hello_send(struct tls13_ctx *ctx); +int tls13_client_hello_sent(struct tls13_ctx *ctx); int tls13_client_hello_recv(struct tls13_ctx *ctx); int tls13_client_hello_retry_send(struct tls13_ctx *ctx); int tls13_client_hello_retry_recv(struct tls13_ctx *ctx); diff --git a/lib/libssl/tls13_record_layer.c b/lib/libssl/tls13_record_layer.c index dff5cd2bbe9..600990a878a 100644 --- a/lib/libssl/tls13_record_layer.c +++ b/lib/libssl/tls13_record_layer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_record_layer.c,v 1.19 2020/01/22 01:02:28 jsing Exp $ */ +/* $OpenBSD: tls13_record_layer.c,v 1.20 2020/01/22 02:39:45 tb Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * @@ -28,6 +28,7 @@ static ssize_t tls13_record_layer_write_record(struct tls13_record_layer *rl, uint8_t content_type, const uint8_t *content, size_t content_len); struct tls13_record_layer { + uint16_t legacy_version; int change_cipher_spec_seen; int handshake_completed; int phh; @@ -124,6 +125,8 @@ tls13_record_layer_new(tls13_read_cb wire_read, tls13_write_cb wire_write, if ((rl = calloc(1, sizeof(struct tls13_record_layer))) == NULL) return NULL; + rl->legacy_version = TLS1_2_VERSION; + rl->wire_read = wire_read; rl->wire_write = wire_write; rl->alert_cb = alert_cb; @@ -211,6 +214,13 @@ tls13_record_layer_set_hash(struct tls13_record_layer *rl, } void +tls13_record_layer_set_legacy_version(struct tls13_record_layer *rl, + uint16_t version) +{ + rl->legacy_version = version; +} + +void tls13_record_layer_handshake_completed(struct tls13_record_layer *rl) { rl->handshake_completed = 1; @@ -563,15 +573,11 @@ tls13_record_layer_seal_record_plaintext(struct tls13_record_layer *rl, { uint8_t *data = NULL; size_t data_len = 0; - uint16_t version; CBB cbb, body; if (rl->aead != NULL) return 0; - /* XXX - TLS1_VERSION for first client hello... */ - version = TLS1_2_VERSION; - /* * We're still operating in plaintext mode, so just copy the * content into the record. @@ -581,7 +587,7 @@ tls13_record_layer_seal_record_plaintext(struct tls13_record_layer *rl, if (!CBB_add_u8(&cbb, content_type)) goto err; - if (!CBB_add_u16(&cbb, version)) + if (!CBB_add_u16(&cbb, rl->legacy_version)) goto err; if (!CBB_add_u16_length_prefixed(&cbb, &body)) goto err; |