Commit 426dfc9f authored by Matt Caswell's avatar Matt Caswell
Browse files

Send supported_versions in an HRR 



Reviewed-by: default avatarBen Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)
parent e7dd763e

crypto/err/openssl.txt

+1 −0
Original line number Diff line number Diff line
@@ -2361,6 +2361,7 @@ SSL_R_BAD_EXTENSION:110:bad extension 
SSL_R_BAD_HANDSHAKE_LENGTH:332:bad handshake length

SSL_R_BAD_HANDSHAKE_STATE:236:bad handshake state

SSL_R_BAD_HELLO_REQUEST:105:bad hello request

SSL_R_BAD_HRR_VERSION:263:bad hrr version

SSL_R_BAD_KEY_SHARE:108:bad key share

SSL_R_BAD_KEY_UPDATE:122:bad key update

SSL_R_BAD_LENGTH:271:bad length

include/openssl/sslerr.h

+1 −0
Original line number Diff line number Diff line
@@ -444,6 +444,7 @@ int ERR_load_SSL_strings(void); 
# define SSL_R_BAD_HANDSHAKE_LENGTH                       332

# define SSL_R_BAD_HANDSHAKE_STATE                        236

# define SSL_R_BAD_HELLO_REQUEST                          105

# define SSL_R_BAD_HRR_VERSION                            263

# define SSL_R_BAD_KEY_SHARE                              108

# define SSL_R_BAD_KEY_UPDATE                             122

# define SSL_R_BAD_LENGTH                                 271

ssl/ssl_err.c

+1 −0
Original line number Diff line number Diff line
@@ -706,6 +706,7 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { 
    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HANDSHAKE_STATE),

    "bad handshake state"},

    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HELLO_REQUEST), "bad hello request"},

    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HRR_VERSION), "bad hrr version"},

    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_KEY_SHARE), "bad key share"},

    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_KEY_UPDATE), "bad key update"},

    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_LENGTH), "bad length"},

ssl/statem/extensions_clnt.c

+15 −0
Original line number Diff line number Diff line
@@ -1657,6 +1657,21 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context, 
    if (version == TLS1_3_VERSION_DRAFT)

        version = TLS1_3_VERSION;



    /* We ignore this extension for HRRs except to sanity check it */

    if (context == SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) {

        /*

         * The only protocol version we support which has an HRR message is

         * TLSv1.3, therefore we shouldn't be getting an HRR for anything else.

         */

        if (version != TLS1_3_VERSION) {

            *al = SSL_AD_PROTOCOL_VERSION;

            SSLerr(SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS,

                   SSL_R_BAD_HRR_VERSION);

            return 0;

        }

        return 1;

    }



    /* We just set it here. We validate it in ssl_choose_client_version */

    s->version = version;

test/recipes/70-test_tls13kexmodes.t

+2 −0
Original line number Diff line number Diff line
@@ -90,6 +90,8 @@ $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); 
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK,

        checkhandshake::PSK_CLI_EXTENSION],



    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,

        checkhandshake::KEY_SHARE_HRR_EXTENSION],