diff options
| author |   beck <beck@openbsd.org> | 2020-01-23 08:04:50 +0000 |
|---|---|---|
| committer | beck <beck@openbsd.org> | 2020-01-23 08:04:50 +0000 |
| commit | bec9724e70ae38d93d636c93560b0ca7e6028b1b (patch) | |
| tree | d15e411ac3f95d65b099388f3051d5124cb60f86 /lib/libssl/ssl_srvr.c | |
| parent | remove trailing period characters from pub/priv key pathnames - (diff) | |
| download | wireguard-openbsd-bec9724e70ae38d93d636c93560b0ca7e6028b1b.tar.xz wireguard-openbsd-bec9724e70ae38d93d636c93560b0ca7e6028b1b.zip | |
If we are building a legacy server hello, check to see if we are
downgrading from TLS 1.3. If we are, set the last 8 bytes of the
server_random value to the required values as per RFC 8446 section
4.1.3 indicating that we deliberately meant to downgrade.
ok jsing@
Diffstat (limited to 'lib/libssl/ssl_srvr.c')
| -rw-r--r-- | lib/libssl/ssl_srvr.c | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index 809f589653c..26b24f4f22a 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.68 2019/04/22 15:12:20 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.69 2020/01/23 08:04:50 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1042,6 +1042,25 @@ ssl3_get_client_hello(SSL *s) */ arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); + if (s->internal->tls13 != NULL) { + /* + * RFC 8446 section 4.1.3. If we are downgrading from TLS 1.3 + * we must set the last 8 bytes of the server random to magical + * values to indicate we meant to downgrade. + */ + size_t index = SSL3_RANDOM_SIZE - sizeof(tls13_downgrade_12); + uint8_t *magic = &s->s3->server_random[index]; + if (s->version == TLS1_2_VERSION) { + /* Indicate we chose to downgrade to 1.2. */ + memcpy(magic, tls13_downgrade_12, + sizeof(tls13_downgrade_12)); + } else { + /* Indicate we chose to downgrade to 1.1 or lower */ + memcpy(magic, tls13_downgrade_11, + sizeof(tls13_downgrade_11)); + } + } + if (!s->internal->hit && s->internal->tls_session_secret_cb) { SSL_CIPHER *pref_cipher = NULL; |