diff options
| author | Matt Caswell <matt@openssl.org> | 2017-12-05 10:16:25 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-12-14 15:06:37 +0000 |
| commit | 426dfc9ff7c1afaf1ed5981a9c7846e310c7ae3e (patch) | |
| tree | f3fbe2897ccb9fc9e506e6f0ff16b49dbd59a715 /ssl | |
| parent | e7dd763e513f576b8e4e32bb5d08abc37bb08a40 (diff) | |
Send supported_versions in an HRR
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/ssl_err.c | 1 | ||||
| -rw-r--r-- | ssl/statem/extensions_clnt.c | 15 | ||||
| -rw-r--r-- | ssl/statem/statem_srvr.c | 2 |
3 files changed, 17 insertions, 1 deletions
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 08f6696163..1e3eb2cc72 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -706,6 +706,7 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HANDSHAKE_STATE), "bad handshake state"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HELLO_REQUEST), "bad hello request"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HRR_VERSION), "bad hrr version"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_KEY_SHARE), "bad key share"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_KEY_UPDATE), "bad key update"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_LENGTH), "bad length"}, diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 1fbf9f6e0e..f357396d81 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -1657,6 +1657,21 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context, if (version == TLS1_3_VERSION_DRAFT) version = TLS1_3_VERSION; + /* We ignore this extension for HRRs except to sanity check it */ + if (context == SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) { + /* + * The only protocol version we support which has an HRR message is + * TLSv1.3, therefore we shouldn't be getting an HRR for anything else. + */ + if (version != TLS1_3_VERSION) { + *al = SSL_AD_PROTOCOL_VERSION; + SSLerr(SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS, + SSL_R_BAD_HRR_VERSION); + return 0; + } + return 1; + } + /* We just set it here. We validate it in ssl_choose_client_version */ s->version = version; diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 7d1d15dcc1..4f0487cc0f 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2274,7 +2274,7 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) compm = s->s3->tmp.new_compression->id; #endif - if (!WPACKET_sub_memcpy_u8(pkt, session_id, sl) + if (!WPACKET_sub_memcpy_u8(pkt, session_id, sl) || !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, pkt, &len) || !WPACKET_put_bytes_u8(pkt, compm) || !tls_construct_extensions(s, pkt, |