From: jsing <jsing@openbsd.org>
Date: Sat, 20 Feb 2021 08:22:55 +0000 (+0000)
Subject: Revise HelloVerifyRequest handling for DTLSv1.2.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=4ddbf8556585183aac057df8d65818a2b90ef9bd;p=openbsd

Revise HelloVerifyRequest handling for DTLSv1.2.

Per RFC 6347 section 4.2.1, the HelloVerifyRequest should always contain
DTLSv1.0 - ensure this is the case on the server side, allow both DTLSv1.0
and DTLSv1.2 on the client.

ok tb@
---

diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index 680cafa8e56..7d55c0dd524 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.79 2021/02/20 08:19:01 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.80 2021/02/20 08:22:55 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -817,7 +817,12 @@ ssl3_get_dtls_hello_verify(SSL *s)
 	if (CBS_len(&hello_verify_request) != 0)
 		goto truncated;
 
-	if (ssl_version != s->version) {
+	/*
+	 * Per RFC 6347 section 4.2.1, the HelloVerifyRequest should always
+	 * contain DTLSv1.0 the version that is going to be negotiated.
+	 * Tolerate DTLSv1.2 just in case.
+	 */
+	if (ssl_version != DTLS1_VERSION && ssl_version != DTLS1_2_VERSION) {
 		SSLerror(s, SSL_R_WRONG_SSL_VERSION);
 		s->version = (s->version & 0xff00) | (ssl_version & 0xff);
 		al = SSL_AD_PROTOCOL_VERSION;
diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c
index 15768bb5650..06ad42c8ff1 100644
--- a/lib/libssl/ssl_srvr.c
+++ b/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.91 2021/02/07 15:04:10 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.92 2021/02/20 08:22:55 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1171,10 +1171,15 @@ ssl3_send_dtls_hello_verify_request(SSL *s)
 			return 0;
 		}
 
+		/*
+		 * Per RFC 6347 section 4.2.1, the HelloVerifyRequest should
+		 * always contain DTLSv1.0 regardless of the version that is
+		 * going to be negotiated.
+		 */
 		if (!ssl3_handshake_msg_start(s, &cbb, &verify,
 		    DTLS1_MT_HELLO_VERIFY_REQUEST))
 			goto err;
-		if (!CBB_add_u16(&verify, s->version))
+		if (!CBB_add_u16(&verify, DTLS1_VERSION))
 			goto err;
 		if (!CBB_add_u8_length_prefixed(&verify, &cookie))
 			goto err;