diff options
author | jsing <jsing@openbsd.org> | 2021-03-11 17:14:46 +0000 |
---|---|---|
committer | jsing <jsing@openbsd.org> | 2021-03-11 17:14:46 +0000 |
commit | 1927d7790dff19472852783a67316f330febbddb (patch) | |
tree | 6259fed46a2f2eac2f4109f1042e2eac48975bed /lib | |
parent | There is no need to try to attach IPv6 to an interface when the (diff) | |
download | wireguard-openbsd-1927d7790dff19472852783a67316f330febbddb.tar.xz wireguard-openbsd-1927d7790dff19472852783a67316f330febbddb.zip |
Remove ssl_downgrade_max_version().
Now that we store our maximum TLS version at the start of the handshake,
we can check against that directly.
ok inoguchi@ tb@
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libssl/ssl_ciphers.c | 9 | ||||
-rw-r--r-- | lib/libssl/ssl_clnt.c | 11 | ||||
-rw-r--r-- | lib/libssl/ssl_locl.h | 3 | ||||
-rw-r--r-- | lib/libssl/ssl_srvr.c | 12 | ||||
-rw-r--r-- | lib/libssl/ssl_versions.c | 34 |
5 files changed, 15 insertions, 54 deletions
diff --git a/lib/libssl/ssl_ciphers.c b/lib/libssl/ssl_ciphers.c index 85c60b1abb0..4e4a0d93a4a 100644 --- a/lib/libssl/ssl_ciphers.c +++ b/lib/libssl/ssl_ciphers.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciphers.c,v 1.10 2021/02/25 17:06:05 jsing Exp $ */ +/* $OpenBSD: ssl_ciphers.c,v 1.11 2021/03/11 17:14:46 jsing Exp $ */ /* * Copyright (c) 2015-2017 Doug Hogan <doug@openbsd.org> * Copyright (c) 2015-2018, 2020 Joel Sing <jsing@openbsd.org> @@ -93,7 +93,7 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs) { STACK_OF(SSL_CIPHER) *ciphers = NULL; const SSL_CIPHER *cipher; - uint16_t cipher_value, max_version; + uint16_t cipher_value; unsigned long cipher_id; S3I(s)->send_connection_binding = 0; @@ -134,9 +134,8 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs) * Fail if the current version is an unexpected * downgrade. */ - if (!ssl_downgrade_max_version(s, &max_version)) - goto err; - if (s->version < max_version) { + if (S3I(s)->hs.negotiated_tls_version < + S3I(s)->hs.our_max_tls_version) { SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INAPPROPRIATE_FALLBACK); diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index 97418f1ac74..06941530c6e 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.85 2021/03/10 18:27:01 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.86 2021/03/11 17:14:46 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -859,7 +859,6 @@ ssl3_get_server_hello(SSL *s) { CBS cbs, server_random, session_id; uint16_t server_version, cipher_suite; - uint16_t max_version; uint8_t compression_method; const SSL_CIPHER *cipher; const SSL_METHOD *method; @@ -930,10 +929,8 @@ ssl3_get_server_hello(SSL *s) sizeof(s->s3->server_random), NULL)) goto err; - if (!ssl_downgrade_max_version(s, &max_version)) - goto err; - if (!SSL_is_dtls(s) && max_version >= TLS1_2_VERSION && - s->version < max_version) { + if (S3I(s)->hs.our_max_tls_version >= TLS1_2_VERSION && + S3I(s)->hs.negotiated_tls_version < S3I(s)->hs.our_max_tls_version) { /* * RFC 8446 section 4.1.3. We must not downgrade if the server * random value contains the TLS 1.2 or TLS 1.1 magical value. @@ -941,7 +938,7 @@ ssl3_get_server_hello(SSL *s) if (!CBS_skip(&server_random, CBS_len(&server_random) - sizeof(tls13_downgrade_12))) goto err; - if (s->version == TLS1_2_VERSION && + if (S3I(s)->hs.negotiated_tls_version == TLS1_2_VERSION && CBS_mem_equal(&server_random, tls13_downgrade_12, sizeof(tls13_downgrade_12))) { al = SSL_AD_ILLEGAL_PARAMETER; diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 6f66a8932e7..fed14b4b196 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.325 2021/03/10 18:27:01 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.326 2021/03/11 17:14:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1131,7 +1131,6 @@ int ssl_enabled_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver); int ssl_supported_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver); uint16_t ssl_tls_version(uint16_t version); uint16_t ssl_effective_tls_version(SSL *s); -int ssl_downgrade_max_version(SSL *s, uint16_t *max_ver); int ssl_max_supported_version(SSL *s, uint16_t *max_ver); int ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver); int ssl_check_version_from_server(SSL *s, uint16_t server_version); diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index 373a20d61b4..19fedde87ab 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.96 2021/03/10 18:27:02 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.97 2021/03/11 17:14:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -799,7 +799,7 @@ ssl3_get_client_hello(SSL *s) STACK_OF(SSL_CIPHER) *ciphers = NULL; unsigned long alg_k; const SSL_METHOD *method; - uint16_t max_version, shared_version; + uint16_t shared_version; /* * We do this so that we will respond with our native type. @@ -850,8 +850,6 @@ ssl3_get_client_hello(SSL *s) * Use version from inside client hello, not from record header. * (may differ: see RFC 2246, Appendix E, second paragraph) */ - if (!ssl_downgrade_max_version(s, &max_version)) - goto err; if (!ssl_max_shared_version(s, client_version, &shared_version)) { if ((s->client_version >> 8) == SSL3_VERSION_MAJOR && !tls12_record_layer_write_protected(s->internal->rl)) { @@ -1051,8 +1049,8 @@ ssl3_get_client_hello(SSL *s) */ arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); - if (!SSL_is_dtls(s) && max_version >= TLS1_2_VERSION && - s->version < max_version) { + if (S3I(s)->hs.our_max_tls_version >= TLS1_2_VERSION && + S3I(s)->hs.negotiated_tls_version < S3I(s)->hs.our_max_tls_version) { /* * RFC 8446 section 4.1.3. If we are downgrading from TLS 1.3 * we must set the last 8 bytes of the server random to magical @@ -1061,7 +1059,7 @@ ssl3_get_client_hello(SSL *s) */ size_t index = SSL3_RANDOM_SIZE - sizeof(tls13_downgrade_12); uint8_t *magic = &s->s3->server_random[index]; - if (s->version == TLS1_2_VERSION) { + if (S3I(s)->hs.negotiated_tls_version == TLS1_2_VERSION) { /* Indicate we chose to downgrade to 1.2. */ memcpy(magic, tls13_downgrade_12, sizeof(tls13_downgrade_12)); diff --git a/lib/libssl/ssl_versions.c b/lib/libssl/ssl_versions.c index 37957fd0ab4..45e468f0d8b 100644 --- a/lib/libssl/ssl_versions.c +++ b/lib/libssl/ssl_versions.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_versions.c,v 1.14 2021/03/10 18:27:02 jsing Exp $ */ +/* $OpenBSD: ssl_versions.c,v 1.15 2021/03/11 17:14:47 jsing Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> * @@ -252,38 +252,6 @@ ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver) } int -ssl_downgrade_max_version(SSL *s, uint16_t *max_ver) -{ - uint16_t min_version, max_version; - - /* - * The downgrade maximum version is based on the versions that are - * enabled, however we also have to then limit to the versions - * supported by the method. The SSL method will be changed during - * version negotiation and when switching from the new stack to - * the legacy context, as such we want to use the method from the - * context. - */ - - if (SSL_is_dtls(s)) { - *max_ver = DTLS1_VERSION; - return 1; - } - - if (!ssl_enabled_tls_version_range(s, &min_version, &max_version)) - return 0; - - if (!ssl_clamp_tls_version_range(&min_version, &max_version, - s->ctx->method->internal->min_tls_version, - s->ctx->method->internal->max_tls_version)) - return 0; - - *max_ver = max_version; - - return 1; -} - -int ssl_check_version_from_server(SSL *s, uint16_t server_version) { uint16_t min_version, max_version; |