forked from wolfSSL/wolfssl
Merge pull request #1180 from SparkiDev/tls13_nd
Fixed DRAFT_18 define and fixed downgrading with TLS v1.3
This commit is contained in:
toddouska
GitHub
@@ -260,7 +260,7 @@ AC_ARG_ENABLE([tls13-draft18],
|
|||||||
)
|
)
|
||||||
if test "$ENABLED_TLS13_DRAFT18" = "yes"
|
if test "$ENABLED_TLS13_DRAFT18" = "yes"
|
||||||
then
|
then
|
||||||
AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT18 $AM_CFLAGS"
|
AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT_18 $AM_CFLAGS"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -363,7 +363,7 @@ create_port
|
|||||||
./examples/client/client -v 3 -p $port
|
./examples/client/client -v 3 -p $port
|
||||||
RESULT=$?
|
RESULT=$?
|
||||||
remove_ready_file
|
remove_ready_file
|
||||||
if [ $RESULT -ne 0 ]; then
|
if [ $RESULT -eq 0 ]; then
|
||||||
echo -e "\n\nIssue with TLS v1.3 server downgrading to TLS v1.2"
|
echo -e "\n\nIssue with TLS v1.3 server downgrading to TLS v1.2"
|
||||||
do_cleanup
|
do_cleanup
|
||||||
exit 1
|
exit 1
|
||||||
@@ -371,7 +371,7 @@ fi
|
|||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
# TLS 1.2 server / TLS 1.3 client.
|
# TLS 1.2 server / TLS 1.3 client.
|
||||||
echo -e "\n\nTLS v1.3 client downgrading to TLS v1.2"
|
echo -e "\n\nTLS v1.3 client upgrading server to TLS v1.3"
|
||||||
port=0
|
port=0
|
||||||
./examples/server/server -v 3 -R $ready_file -p $port &
|
./examples/server/server -v 3 -R $ready_file -p $port &
|
||||||
server_pid=$!
|
server_pid=$!
|
||||||
@@ -380,7 +380,7 @@ create_port
|
|||||||
RESULT=$?
|
RESULT=$?
|
||||||
remove_ready_file
|
remove_ready_file
|
||||||
if [ $RESULT -ne 0 ]; then
|
if [ $RESULT -ne 0 ]; then
|
||||||
echo -e "\n\nIssue with TLS v1.3 client downgrading to TLS v1.2"
|
echo -e "\n\nIssue with TLS v1.3 client upgrading server to TLS v1.3"
|
||||||
do_cleanup
|
do_cleanup
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|||||||
@@ -8425,10 +8425,8 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
|
|||||||
XMALLOC(sizeof(WOLFSSL_METHOD), heap,
|
XMALLOC(sizeof(WOLFSSL_METHOD), heap,
|
||||||
DYNAMIC_TYPE_METHOD);
|
DYNAMIC_TYPE_METHOD);
|
||||||
(void)heap;
|
(void)heap;
|
||||||
if (method) {
|
if (method)
|
||||||
InitSSL_Method(method, MakeTLSv1_3());
|
InitSSL_Method(method, MakeTLSv1_3());
|
||||||
method->downgrade = 1;
|
|
||||||
}
|
|
||||||
return method;
|
return method;
|
||||||
}
|
}
|
||||||
#endif /* WOLFSSL_TLS13 */
|
#endif /* WOLFSSL_TLS13 */
|
||||||
|
|||||||
54
src/tls13.c
54
src/tls13.c
@@ -1208,7 +1208,7 @@ end:
|
|||||||
*/
|
*/
|
||||||
word32 TimeNowInMilliseconds(void)
|
word32 TimeNowInMilliseconds(void)
|
||||||
{
|
{
|
||||||
return (word32) (SYS_TMR_TickCountGet() /
|
return (word32)(SYS_TMR_TickCountGet() /
|
||||||
(SYS_TMR_TickCounterFrequencyGet() / 1000));
|
(SYS_TMR_TickCounterFrequencyGet() / 1000));
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
@@ -1220,7 +1220,7 @@ end:
|
|||||||
*/
|
*/
|
||||||
word32 TimeNowInMilliseconds(void)
|
word32 TimeNowInMilliseconds(void)
|
||||||
{
|
{
|
||||||
return (word32) (SYS_TICK_Get() / (SYS_TICK_TicksPerSecondGet() / 1000));
|
return (word32)(SYS_TICK_Get() / (SYS_TICK_TicksPerSecondGet() / 1000));
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
@@ -1420,7 +1420,8 @@ static void AddTls13HandShakeHeader(byte* output, word32 length,
|
|||||||
* type The type of record layer message.
|
* type The type of record layer message.
|
||||||
* ssl The SSL/TLS object. (DTLS)
|
* ssl The SSL/TLS object. (DTLS)
|
||||||
*/
|
*/
|
||||||
static void AddTls13Headers(byte* output, word32 length, byte type, WOLFSSL* ssl)
|
static void AddTls13Headers(byte* output, word32 length, byte type,
|
||||||
|
WOLFSSL* ssl)
|
||||||
{
|
{
|
||||||
word32 lengthAdj = HANDSHAKE_HEADER_SZ;
|
word32 lengthAdj = HANDSHAKE_HEADER_SZ;
|
||||||
word32 outputAdj = RECORD_HEADER_SZ;
|
word32 outputAdj = RECORD_HEADER_SZ;
|
||||||
@@ -1846,7 +1847,8 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz)
|
|||||||
input + dataSz, macSz, NULL, 0);
|
input + dataSz, macSz, NULL, 0);
|
||||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||||
if (ret == WC_PENDING_E) {
|
if (ret == WC_PENDING_E) {
|
||||||
ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.aes->asyncDev);
|
ret = wolfSSL_AsyncPush(ssl,
|
||||||
|
&ssl->decrypt.aes->asyncDev);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
break;
|
break;
|
||||||
@@ -1868,7 +1870,8 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz)
|
|||||||
input + dataSz, macSz, NULL, 0);
|
input + dataSz, macSz, NULL, 0);
|
||||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||||
if (ret == WC_PENDING_E) {
|
if (ret == WC_PENDING_E) {
|
||||||
ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.aes->asyncDev);
|
ret = wolfSSL_AsyncPush(ssl,
|
||||||
|
&ssl->decrypt.aes->asyncDev);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
break;
|
break;
|
||||||
@@ -2526,11 +2529,11 @@ static int DoTls13HelloRetryRequest(WOLFSSL* ssl, const byte* input,
|
|||||||
/* Set the cipher suite from the message. */
|
/* Set the cipher suite from the message. */
|
||||||
ssl->options.cipherSuite0 = input[i++];
|
ssl->options.cipherSuite0 = input[i++];
|
||||||
ssl->options.cipherSuite = input[i++];
|
ssl->options.cipherSuite = input[i++];
|
||||||
#endif
|
|
||||||
|
|
||||||
ret = SetCipherSpecs(ssl);
|
ret = SetCipherSpecs(ssl);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return ret;
|
return ret;
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Length of extension data. */
|
/* Length of extension data. */
|
||||||
ato16(&input[i], &totalExtSz);
|
ato16(&input[i], &totalExtSz);
|
||||||
@@ -2604,10 +2607,15 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return ret;
|
return ret;
|
||||||
if (!IsAtLeastTLSv1_3(pv) && pv.major != TLS_DRAFT_MAJOR) {
|
if (!IsAtLeastTLSv1_3(pv) && pv.major != TLS_DRAFT_MAJOR) {
|
||||||
|
if (ssl->options.downgrade) {
|
||||||
ssl->version = pv;
|
ssl->version = pv;
|
||||||
return DoServerHello(ssl, input, inOutIdx, helloSz);
|
return DoServerHello(ssl, input, inOutIdx, helloSz);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
WOLFSSL_MSG("CLient using higher version, fatal error");
|
||||||
|
return VERSION_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
/* Random, cipher suite and extensions length check. */
|
/* Random, cipher suite and extensions length check. */
|
||||||
if ((i - begin) + RAN_LEN + OPAQUE16_LEN + OPAQUE16_LEN > helloSz)
|
if ((i - begin) + RAN_LEN + OPAQUE16_LEN + OPAQUE16_LEN > helloSz)
|
||||||
return BUFFER_ERROR;
|
return BUFFER_ERROR;
|
||||||
@@ -3305,10 +3313,8 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
ssl->chVersion = pv; /* store */
|
ssl->chVersion = pv; /* store */
|
||||||
i += OPAQUE16_LEN;
|
i += OPAQUE16_LEN;
|
||||||
|
|
||||||
if (ssl->version.major == SSLv3_MAJOR &&
|
if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor < TLSv1_3_MINOR)
|
||||||
ssl->version.minor < TLSv1_3_MINOR) {
|
|
||||||
return DoClientHello(ssl, input, inOutIdx, helloSz);
|
return DoClientHello(ssl, input, inOutIdx, helloSz);
|
||||||
}
|
|
||||||
|
|
||||||
/* Client random */
|
/* Client random */
|
||||||
XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN);
|
XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN);
|
||||||
@@ -3385,8 +3391,13 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
return ret;
|
return ret;
|
||||||
#endif /*HAVE_STUNNEL*/
|
#endif /*HAVE_STUNNEL*/
|
||||||
|
|
||||||
if (TLSX_Find(ssl->extensions, TLSX_SUPPORTED_VERSIONS) == NULL)
|
if (TLSX_Find(ssl->extensions, TLSX_SUPPORTED_VERSIONS) == NULL) {
|
||||||
|
if (!ssl->options.downgrade) {
|
||||||
|
WOLFSSL_MSG("Client trying to connect with lesser version");
|
||||||
|
return VERSION_ERROR;
|
||||||
|
}
|
||||||
ssl->version.minor = pv.minor;
|
ssl->version.minor = pv.minor;
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef WOLFSSL_SEND_HRR_COOKIE
|
#ifdef WOLFSSL_SEND_HRR_COOKIE
|
||||||
if (ssl->options.sendCookie &&
|
if (ssl->options.sendCookie &&
|
||||||
@@ -3478,8 +3489,13 @@ int SendTls13HelloRetryRequest(WOLFSSL* ssl)
|
|||||||
if (len == 0)
|
if (len == 0)
|
||||||
return MISSING_HANDSHAKE_DATA;
|
return MISSING_HANDSHAKE_DATA;
|
||||||
|
|
||||||
|
#ifndef WOLFSSL_TLS13_DRAFT_18
|
||||||
/* Protocol version + CipherSuite + Extensions */
|
/* Protocol version + CipherSuite + Extensions */
|
||||||
length = OPAQUE16_LEN + OPAQUE16_LEN + len;
|
length = OPAQUE16_LEN + OPAQUE16_LEN + len;
|
||||||
|
#else
|
||||||
|
/* Protocol version + Extensions */
|
||||||
|
length = OPAQUE16_LEN + len;
|
||||||
|
#endif
|
||||||
sendSz = idx + length;
|
sendSz = idx + length;
|
||||||
|
|
||||||
/* Check buffers are big enough and grow if needed. */
|
/* Check buffers are big enough and grow if needed. */
|
||||||
@@ -4551,7 +4567,8 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
|
|||||||
{
|
{
|
||||||
/* idx is used to track verify pointer offset to output */
|
/* idx is used to track verify pointer offset to output */
|
||||||
args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
|
args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
|
||||||
args->verify = &args->output[RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ];
|
args->verify =
|
||||||
|
&args->output[RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ];
|
||||||
|
|
||||||
ret = DecodePrivateKey(ssl, &args->length);
|
ret = DecodePrivateKey(ssl, &args->length);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
@@ -4722,11 +4739,11 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
|
|||||||
case TLS_ASYNC_FINALIZE:
|
case TLS_ASYNC_FINALIZE:
|
||||||
{
|
{
|
||||||
/* Put the record and handshake headers on. */
|
/* Put the record and handshake headers on. */
|
||||||
AddTls13Headers(args->output, args->length + HASH_SIG_SIZE + VERIFY_HEADER,
|
AddTls13Headers(args->output, args->length + HASH_SIG_SIZE +
|
||||||
certificate_verify, ssl);
|
VERIFY_HEADER, certificate_verify, ssl);
|
||||||
|
|
||||||
args->sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + args->length +
|
args->sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ +
|
||||||
HASH_SIG_SIZE + VERIFY_HEADER;
|
args->length + HASH_SIG_SIZE + VERIFY_HEADER;
|
||||||
|
|
||||||
/* Advance state and proceed */
|
/* Advance state and proceed */
|
||||||
ssl->options.asyncState = TLS_ASYNC_END;
|
ssl->options.asyncState = TLS_ASYNC_END;
|
||||||
@@ -6468,9 +6485,14 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
|
|||||||
if (ssl->options.certOnly)
|
if (ssl->options.certOnly)
|
||||||
return WOLFSSL_SUCCESS;
|
return WOLFSSL_SUCCESS;
|
||||||
|
|
||||||
if (!ssl->options.tls1_3)
|
if (!ssl->options.tls1_3) {
|
||||||
|
if (ssl->options.downgrade)
|
||||||
return wolfSSL_connect(ssl);
|
return wolfSSL_connect(ssl);
|
||||||
|
|
||||||
|
WOLFSSL_MSG("Client using higher version, fatal error");
|
||||||
|
return VERSION_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
if (ssl->options.serverState == SERVER_HELLO_RETRY_REQUEST) {
|
if (ssl->options.serverState == SERVER_HELLO_RETRY_REQUEST) {
|
||||||
ssl->options.serverState = NULL_STATE;
|
ssl->options.serverState = NULL_STATE;
|
||||||
/* Try again with different security parameters. */
|
/* Try again with different security parameters. */
|
||||||
|
|||||||
Reference in New Issue
Block a user