diff options
| author |   jsing <jsing@openbsd.org> | 2021-02-20 08:22:55 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2021-02-20 08:22:55 +0000 |
| commit | 4ddbf8556585183aac057df8d65818a2b90ef9bd (patch) | |
| tree | bf1da6bc9064b28d738597d42b0e1be7aae7ac99 /lib/libssl | |
| parent | Group HelloVerifyRequest decoding and add missing check for trailing data. (diff) | |
| download | wireguard-openbsd-4ddbf8556585183aac057df8d65818a2b90ef9bd.tar.xz wireguard-openbsd-4ddbf8556585183aac057df8d65818a2b90ef9bd.zip | |
Revise HelloVerifyRequest handling for DTLSv1.2.
Per RFC 6347 section 4.2.1, the HelloVerifyRequest should always contain
DTLSv1.0 - ensure this is the case on the server side, allow both DTLSv1.0
and DTLSv1.2 on the client.
ok tb@
Diffstat (limited to 'lib/libssl')
| -rw-r--r-- | lib/libssl/ssl_clnt.c | 9 | ||||
| -rw-r--r-- | lib/libssl/ssl_srvr.c | 9 |
2 files changed, 14 insertions, 4 deletions
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index 680cafa8e56..7d55c0dd524 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.79 2021/02/20 08:19:01 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.80 2021/02/20 08:22:55 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -817,7 +817,12 @@ ssl3_get_dtls_hello_verify(SSL *s) if (CBS_len(&hello_verify_request) != 0) goto truncated; - if (ssl_version != s->version) { + /* + * Per RFC 6347 section 4.2.1, the HelloVerifyRequest should always + * contain DTLSv1.0 the version that is going to be negotiated. + * Tolerate DTLSv1.2 just in case. + */ + if (ssl_version != DTLS1_VERSION && ssl_version != DTLS1_2_VERSION) { SSLerror(s, SSL_R_WRONG_SSL_VERSION); s->version = (s->version & 0xff00) | (ssl_version & 0xff); al = SSL_AD_PROTOCOL_VERSION; diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index 15768bb5650..06ad42c8ff1 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.91 2021/02/07 15:04:10 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.92 2021/02/20 08:22:55 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1171,10 +1171,15 @@ ssl3_send_dtls_hello_verify_request(SSL *s) return 0; } + /* + * Per RFC 6347 section 4.2.1, the HelloVerifyRequest should + * always contain DTLSv1.0 regardless of the version that is + * going to be negotiated. + */ if (!ssl3_handshake_msg_start(s, &cbb, &verify, DTLS1_MT_HELLO_VERIFY_REQUEST)) goto err; - if (!CBB_add_u16(&verify, s->version)) + if (!CBB_add_u16(&verify, DTLS1_VERSION)) goto err; if (!CBB_add_u8_length_prefixed(&verify, &cookie)) goto err; |