summaryrefslogtreecommitdiffstats
path: root/lib/libssl/tls13_client.c
diff options
context:
space:
mode:
authorbeck <beck@openbsd.org>2020-01-23 07:30:55 +0000
committerbeck <beck@openbsd.org>2020-01-23 07:30:55 +0000
commit709e85ff7aac016d54db6ea4e81f77a9ba741d54 (patch)
tree067a358f840e0010c61c82baaa7c3b1f779bf6bb /lib/libssl/tls13_client.c
parentdo not Xr both pppx and pppac in SEE ALSO, since they are the same page; (diff)
downloadwireguard-openbsd-709e85ff7aac016d54db6ea4e81f77a9ba741d54.tar.xz
wireguard-openbsd-709e85ff7aac016d54db6ea4e81f77a9ba741d54.zip
Add checking int the client to check the magic values which are
set by a 1.3 server when it downgrades to tls 1.2 or 1.1 as per RFC 8446 section 4.1.3 ok jsing@
Diffstat (limited to 'lib/libssl/tls13_client.c')
-rw-r--r--lib/libssl/tls13_client.c18
1 files changed, 17 insertions, 1 deletions
diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c
index cab113b8c32..477cca2e04f 100644
--- a/lib/libssl/tls13_client.c
+++ b/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.30 2020/01/23 06:15:44 beck Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.31 2020/01/23 07:30:55 beck Exp $ */
/*
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
*
@@ -285,6 +285,22 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)
goto err;
if (tls13_server_hello_is_legacy(cbs)) {
+ /*
+ * RFC 8446 section 4.1.3, We must not downgrade if
+ * the server random value contains the TLS 1.2 or 1.1
+ * magical value.
+ */
+ if (!CBS_skip(&server_random, CBS_len(&server_random) -
+ sizeof(tls13_downgrade_12)))
+ goto err;
+ if (CBS_mem_equal(&server_random, tls13_downgrade_12,
+ sizeof(tls13_downgrade_12)) ||
+ CBS_mem_equal(&server_random, tls13_downgrade_11,
+ sizeof(tls13_downgrade_11))) {
+ ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
+ goto err;
+ }
+
if (!CBS_skip(cbs, CBS_len(cbs)))
goto err;
return tls13_use_legacy_client(ctx);
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.