From 0c16ef4b294cdfbaa0e71770b29ce9b66c941628 Mon Sep 17 00:00:00 2001 From: Tesfa Mael Date: Thu, 22 Apr 2021 14:52:57 -0700 Subject: [PATCH] Check for TLS downgrade --- examples/client/client.c | 21 +++++++++++++++------ src/tls13.c | 4 ++++ tests/suites.c | 2 ++ tests/test-tls-downgrade.conf | 30 ++++++++++++++++++++++++++++++ 4 files changed, 51 insertions(+), 6 deletions(-) create mode 100644 tests/test-tls-downgrade.conf diff --git a/examples/client/client.c b/examples/client/client.c index 6ee68ad04..a6267d7f9 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -19,7 +19,6 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - #ifdef HAVE_CONFIG_H #include #endif @@ -1521,6 +1520,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) int ch; #endif int version = CLIENT_INVALID_VERSION; + int minVersion = CLIENT_INVALID_VERSION; + int setMinVersion = 0; int usePsk = 0; int useAnon = 0; int sendGET = 0; @@ -1719,7 +1720,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) while ((ch = mygetopt(argc, argv, "?:" "ab:c:defgh:i;jk:l:mnop:q:rstu;v:wxyz" "A:B:CDE:F:GH:IJKL:M:NO:PQRS:TUVW:XYZ:" - "01:23:45689" + "01:23:4567:89" "@#")) != -1) { switch (ch) { case '?' : @@ -2186,7 +2187,14 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) nonBlocking = 1; simulateWantWrite = 1; break; - + case '7' : + setMinVersion = 1; + minVersion = atoi(myoptarg); + if (minVersion < 0 || minVersion > 4) { + Usage(); + XEXIT_T(MY_EX_USAGE); + } + break; case '8' : #ifdef HAVE_CURVE448 useX448 = 1; @@ -2466,9 +2474,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) err_sys("unable to get ctx"); } #endif - - if (simulateWantWrite) - { + if (setMinVersion) { + wolfSSL_CTX_SetMinVersion(ctx, minVersion); + } + if (simulateWantWrite) { wolfSSL_CTX_SetIOSend(ctx, SimulateWantWriteIOSendCb); } diff --git a/src/tls13.c b/src/tls13.c index 1097cf385..41f02066e 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -3116,6 +3116,10 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->version.minor = pv.minor; } + if (foundVersion && ssl->options.downgrade && (pv.minor < ssl->options.minDowngrade)) { + return VERSION_ERROR; + } + /* Parse and handle extensions. */ ret = TLSX_Parse(ssl, input + i, totalExtSz, *extMsgType, NULL); if (ret != 0) diff --git a/tests/suites.c b/tests/suites.c index f48b8d494..531978855 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -82,6 +82,8 @@ static int GetTlsVersion(const char* line) if (begin) { begin += 3; + if (*begin == 'd' || *begin == 'e') + begin += 2; version = atoi(begin); } diff --git a/tests/test-tls-downgrade.conf b/tests/test-tls-downgrade.conf new file mode 100644 index 000000000..509ecda9b --- /dev/null +++ b/tests/test-tls-downgrade.conf @@ -0,0 +1,30 @@ +# server TLSv1.3 +-v 4 +-l ECDHE-RSA-AES256-GCM-SHA384 +-H exitWithRet + +# client TLSv1.2, should fail +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 +-H exitWithRet + +# server TLSv1.2 +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 +-H exitWithRet + +# client TLSv1.3, should fail +-v 4 +-l ECDHE-RSA-AES256-GCM-SHA384 +-H exitWithRet + +# server TLSv1.2 +-v d 3 +-l ECDHE-RSA-AES256-GCM-SHA384 +-H exitWithRet + +# client TLSv1.3 with downgrade option, set downgrade to TLSv1.3, should fail +-7 4 +-v d 4 +-l ECDHE-RSA-AES256-GCM-SHA384 +-H exitWithRet