feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

TLS EMS: Set haveEMS when we negotiate TLS 1.3

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2025-02-21 13:44:05 +01:00
parent 2c585d73c8
commit f15ff6861c
4 changed files with 85 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/ssl_sess.c
View File

@@ -3561,6 +3561,15 @@ void SetupSession(WOLFSSL* ssl)
session->side = (byte)ssl->options.side; session->side = (byte)ssl->options.side;
if (!IsAtLeastTLSv1_3(ssl->version) && ssl->arrays != NULL) if (!IsAtLeastTLSv1_3(ssl->version) && ssl->arrays != NULL)
XMEMCPY(session->masterSecret, ssl->arrays->masterSecret, SECRET_LEN); XMEMCPY(session->masterSecret, ssl->arrays->masterSecret, SECRET_LEN);
/* RFC8446 Appendix D.
* implementations which support both TLS 1.3 and earlier versions SHOULD
* indicate the use of the Extended Master Secret extension in their APIs
* whenever TLS 1.3 is used.
* Set haveEMS so that we send the extension in subsequent connections that
* offer downgrades. */
if (IsAtLeastTLSv1_3(ssl->version))
session->haveEMS = 1;
else
session->haveEMS = ssl->options.haveEMS; session->haveEMS = ssl->options.haveEMS;
#ifdef WOLFSSL_SESSION_ID_CTX #ifdef WOLFSSL_SESSION_ID_CTX
/* If using compatibility layer then check for and copy over session context /* If using compatibility layer then check for and copy over session context

1
tests/api.c
View File

@@ -67624,6 +67624,7 @@ TEST_CASE testCases[] = {
/* Uses Assert in handshake callback. */ /* Uses Assert in handshake callback. */
TEST_DECL(test_wolfSSL_set_alpn_protos), TEST_DECL(test_wolfSSL_set_alpn_protos),
#endif #endif
TEST_DECL(test_tls_ems_downgrade),
TEST_DECL(test_wolfSSL_DisableExtendedMasterSecret), TEST_DECL(test_wolfSSL_DisableExtendedMasterSecret),
TEST_DECL(test_wolfSSL_wolfSSL_UseSecureRenegotiation), TEST_DECL(test_wolfSSL_wolfSSL_UseSecureRenegotiation),
TEST_DECL(test_wolfSSL_SCR_Reconnect), TEST_DECL(test_wolfSSL_SCR_Reconnect),

73
tests/api/test_tls_ext.c
View File

@@ -35,9 +35,82 @@
#include <wolfcrypt/src/misc.c> #include <wolfcrypt/src/misc.c>
#endif #endif
#include <wolfssl/internal.h>
#include <tests/unit.h> #include <tests/unit.h>
#include <tests/utils.h>
#include <tests/api/test_tls_ext.h> #include <tests/api/test_tls_ext.h>
int test_tls_ems_downgrade(void)
{
EXPECT_DECLS;
#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_TLS12) && \
defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
defined(HAVE_SESSION_TICKET)
struct test_memio_ctx test_ctx;
WOLFSSL_CTX *ctx_c = NULL;
WOLFSSL_CTX *ctx_s = NULL;
WOLFSSL *ssl_c = NULL;
WOLFSSL *ssl_s = NULL;
WOLFSSL_SESSION* session = NULL;
/* TLS EMS extension in binary form */
const char ems_ext[] = { 0x00, 0x17, 0x00, 0x00 };
char data = 0;
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
wolfTLS_client_method, wolfTLS_server_method), 0);
ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
/* Verify that the EMS extension is present in Client's message */
ExpectNotNull(mymemmem(test_ctx.s_buff, test_ctx.s_len,
ems_ext, sizeof(ems_ext)));
ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
ExpectIntEQ(wolfSSL_version(ssl_c), TLS1_3_VERSION);
/* Do a round of reads to exchange the ticket message */
ExpectIntEQ(wolfSSL_read(ssl_s, &data, sizeof(data)), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
ExpectIntEQ(wolfSSL_read(ssl_c, &data, sizeof(data)), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
ExpectNotNull(session = wolfSSL_get1_session(ssl_c));
ExpectTrue(session->haveEMS);
wolfSSL_free(ssl_c);
ssl_c = NULL;
wolfSSL_free(ssl_s);
ssl_s = NULL;
ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
wolfTLS_client_method, wolfTLS_server_method), 0);
/* Resuming the connection */
ExpectIntEQ(wolfSSL_set_session(ssl_c, session), WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
/* Verify that the EMS extension is still present in the resumption CH
* even though we used TLS 1.3 */
ExpectNotNull(mymemmem(test_ctx.s_buff, test_ctx.s_len,
ems_ext, sizeof(ems_ext)));
ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
ExpectIntEQ(wolfSSL_version(ssl_c), TLS1_3_VERSION);
wolfSSL_SESSION_free(session);
wolfSSL_free(ssl_c);
wolfSSL_free(ssl_s);
wolfSSL_CTX_free(ctx_c);
wolfSSL_CTX_free(ctx_s);
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_DisableExtendedMasterSecret(void) int test_wolfSSL_DisableExtendedMasterSecret(void)
{ {
EXPECT_DECLS; EXPECT_DECLS;

1
tests/api/test_tls_ext.h
View File

@@ -22,6 +22,7 @@
#ifndef TESTS_API_TEST_TLS_EMS_H #ifndef TESTS_API_TEST_TLS_EMS_H
#define TESTS_API_TEST_TLS_EMS_H #define TESTS_API_TEST_TLS_EMS_H
int test_tls_ems_downgrade(void);
int test_wolfSSL_DisableExtendedMasterSecret(void); int test_wolfSSL_DisableExtendedMasterSecret(void);
#endif /* TESTS_API_TEST_TLS_EMS_H */ #endif /* TESTS_API_TEST_TLS_EMS_H */