Merge pull request #1409 from SparkiDev/tls13_old_ver_fix

Fix downgrading when WOLFSSL_TLS13 is defined (despite NO_OLD_TLS being defined)

src/tls.c

@@ -4645,10 +4645,9 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL *ssl, byte* input,
                 if (!ssl->options.downgrade)
                     continue;
 
-#ifdef NO_OLD_TLS
+                if (minor < ssl->options.minDowngrade)
-                if (minor < TLSv1_2_MINOR)
                     continue;
-#endif
+
                 /* Downgrade the version. */
                 ssl->version.minor = minor;
             }
@@ -4699,10 +4698,9 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL *ssl, byte* input,
             if (!ssl->options.downgrade)
                 return VERSION_ERROR;
 
-#ifdef NO_OLD_TLS
+            if (minor < ssl->options.minDowngrade)
-            if (minor < TLSv1_2_MINOR)
                 return VERSION_ERROR;
-#endif
+
             /* Downgrade the version. */
             ssl->version.minor = minor;
         }
@@ -9012,7 +9010,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
             InitSSL_Method(method, MakeTLSv1_1());
     #endif
 #endif
-#ifndef NO_OLD_TLS
+#if !defined(NO_OLD_TLS) || defined(WOLFSSL_TLS13)
             method->downgrade = 1;
 #endif
         }
@@ -9136,7 +9134,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
             #error Must have SHA256, SHA384 or SHA512 enabled for TLS 1.2
     #endif
 #endif
-#ifndef NO_OLD_TLS
+#if !defined(NO_OLD_TLS) || defined(WOLFSSL_TLS13)
             method->downgrade = 1;
 #endif
             method->side      = WOLFSSL_SERVER_END;

src/tls13.c

@@ -2643,6 +2643,11 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         return VERSION_ERROR;
     }
 #else
+    if (pv.major == ssl->version.major  && pv.minor < TLSv1_2_MINOR &&
+                                                       ssl->options.downgrade) {
+        ssl->version.minor = TLSv1_2_MINOR;
+        return DoServerHello(ssl, input, inOutIdx, helloSz);
+    }
     if (pv.major != ssl->version.major || pv.minor != TLSv1_2_MINOR)
         return VERSION_ERROR;
 #endif
@@ -3622,9 +3627,13 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
     if (TLSX_Find(ssl->extensions, TLSX_SUPPORTED_VERSIONS) == NULL) {
         if (!ssl->options.downgrade) {
-            WOLFSSL_MSG("Client trying to connect with lesser version");
+            WOLFSSL_MSG("Client trying to connect with lesser version than "
+                        "TLS v1.3");
             return VERSION_ERROR;
         }
+
+        if (pv.minor < ssl->options.minDowngrade)
+            return VERSION_ERROR;
         ssl->version.minor = pv.minor;
     }
 

wolfssl/internal.h

@@ -1261,7 +1261,11 @@ enum Misc {
 
 /* minimum Downgrade Minor version */
 #ifndef WOLFSSL_MIN_DOWNGRADE
-    #define WOLFSSL_MIN_DOWNGRADE TLSv1_MINOR
+    #ifndef NO_OLD_TLS
+        #define WOLFSSL_MIN_DOWNGRADE TLSv1_MINOR
+    #else
+        #define WOLFSSL_MIN_DOWNGRADE TLSv1_2_MINOR
+    #endif
 #endif
 
 /* Set max implicit IV size for AEAD cipher suites */