feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #1183 from SparkiDev/tls13_nu

Browse Source 
Disallow upgrading to TLS v1.3
This commit is contained in:
toddouska
2017-10-18 08:53:00 -07:00
committed by GitHub
parent 9bea6cca52 9e4e58fe8c
commit ccda176bfa
3 changed files with 37 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/tls13.test
View File

@@ -379,7 +379,7 @@ create_port
./examples/client/client -v 4 -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
if [ $RESULT -eq 0 ]; then
echo -e "\n\nIssue with TLS v1.3 client upgrading server to TLS v1.3"
do_cleanup
exit 1

10
src/internal.c
View File

@@ -22776,13 +22776,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#ifdef WOLFSSL_TLS13
if (TLSX_Find(ssl->extensions,
TLSX_SUPPORTED_VERSIONS) != NULL) {
TLSX_FreeAll(ssl->extensions, ssl->heap);
ssl->extensions = NULL;
ssl->version.minor = TLSv1_3_MINOR;
*inOutIdx = begin;
if ((ret = InitHandshakeHashes(ssl)) != 0)
return ret;
return DoTls13ClientHello(ssl, input, inOutIdx, helloSz);
WOLFSSL_MSG(
"Client attempting to connect with higher version");
return VERSION_ERROR;
}
#endif
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)

57
src/tls.c
View File

@@ -4308,7 +4308,7 @@ int TLSX_UseQSHScheme(TLSX** extensions, word16 name, byte* pKey, word16 pkeySz,
*/
static word16 TLSX_SupportedVersions_GetSize(void* data)
{
(void)data;
WOLFSSL* ssl = (WOLFSSL*)data;
/* TLS v1.2 and TLS v1.3 */
int cnt = 2;
@@ -4318,6 +4318,9 @@ static word16 TLSX_SupportedVersions_GetSize(void* data)
cnt += 2;
#endif
if (!ssl->options.downgrade)
cnt = 1;
return OPAQUE8_LEN + cnt * OPAQUE16_LEN;
}
@@ -4340,6 +4343,9 @@ static word16 TLSX_SupportedVersions_Write(void* data, byte* output)
cnt += 2;
#endif
if (!ssl->options.downgrade)
cnt = 1;
*(output++) = cnt * OPAQUE16_LEN;
for (i = 0; i < cnt; i++) {
/* TODO: [TLS13] Remove code when TLS v1.3 becomes an RFC. */
@@ -4370,8 +4376,9 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL *ssl, byte* input,
{
ProtocolVersion pv = ssl->ctx->method->version;
int i;
int ret = 0;
int ret = VERSION_ERROR;
int len;
byte major, minor;
/* Must contain a length and at least one version. */
if (length < OPAQUE8_LEN + OPAQUE16_LEN || (length & 1) != 1)
@@ -4387,39 +4394,41 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL *ssl, byte* input,
/* Find first match. */
for (i = 0; i < len; i += OPAQUE16_LEN) {
major = input[i];
minor = input[i + OPAQUE8_LEN];
/* TODO: [TLS13] Remove code when TLS v1.3 becomes an RFC. */
if (input[i] == TLS_DRAFT_MAJOR &&
input[i + OPAQUE8_LEN] == TLS_DRAFT_MINOR) {
ssl->version.minor = TLSv1_3_MINOR;
ssl->options.tls1_3 = 1;
TLSX_Push(&ssl->extensions, TLSX_SUPPORTED_VERSIONS, input,
ssl->heap);
break;
if (major == TLS_DRAFT_MAJOR && minor == TLS_DRAFT_MINOR) {
major = SSLv3_MAJOR;
minor = TLSv1_3_MINOR;
}
if (input[i] != pv.major)
if (major != pv.major)
continue;
#ifndef NO_OLD_TLS
if (input[i + OPAQUE8_LEN] == TLSv1_MINOR ||
input[i + OPAQUE8_LEN] == TLSv1_1_MINOR) {
ssl->version.minor = input[i + OPAQUE8_LEN];
break;
}
/* No upgrade allowed. */
if (ssl->version.minor > minor)
continue;
/* Check downgrade. */
if (ssl->version.minor < minor) {
if (!ssl->options.downgrade)
continue;
#ifdef NO_OLD_TLS
if (minor < TLSv1_2_MINOR)
continue;
#endif
if (input[i + OPAQUE8_LEN] == TLSv1_2_MINOR) {
ssl->version.minor = input[i + OPAQUE8_LEN];
TLSX_Push(&ssl->extensions, TLSX_SUPPORTED_VERSIONS, input,
ssl->heap);
break;
/* Downgrade the version. */
ssl->version.minor = minor;
}
if (input[i + OPAQUE8_LEN] == TLSv1_3_MINOR) {
ssl->version.minor = input[i + OPAQUE8_LEN];
if (minor >= TLSv1_3_MINOR) {
ssl->options.tls1_3 = 1;
TLSX_Push(&ssl->extensions, TLSX_SUPPORTED_VERSIONS, input,
ssl->heap);
break;
}
ret = 0;
break;
}
return ret;