wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-04 05:04:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed DRAFT_18 define and fixed downgrading with TLS v1.3

Browse Source 
Changed the define in configure.ac to match the one used in the code.
Fixed downgrading to disallow unless ssl->options.downgrade is set.
TLS 1.3 client method does not have downgrade on anymore.
Test changed to not expect downgrading to work.
Test of TLS v1.3 client downgrade is actually upgrading on server.
Fixed 80 character line problems.
This commit is contained in:
Sean Parkinson
2017-10-11 12:17:28 +10:00
parent c945e65479
commit 7dca25ea88
4 changed files with 49 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@@ -260,7 +260,7 @@ AC_ARG_ENABLE([tls13-draft18],
) )
if test "$ENABLED_TLS13_DRAFT18" = "yes" if test "$ENABLED_TLS13_DRAFT18" = "yes"
then then
AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT18 $AM_CFLAGS" AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT_18 $AM_CFLAGS"
fi fi

6
scripts/tls13.test
View File

@@ -363,7 +363,7 @@ create_port
./examples/client/client -v 3 -p $port ./examples/client/client -v 3 -p $port
RESULT=$? RESULT=$?
remove_ready_file remove_ready_file
if [ $RESULT -ne 0 ]; then if [ $RESULT -eq 0 ]; then
echo -e "\n\nIssue with TLS v1.3 server downgrading to TLS v1.2" echo -e "\n\nIssue with TLS v1.3 server downgrading to TLS v1.2"
do_cleanup do_cleanup
exit 1 exit 1
@@ -371,7 +371,7 @@ fi
echo "" echo ""
# TLS 1.2 server / TLS 1.3 client. # TLS 1.2 server / TLS 1.3 client.
echo -e "\n\nTLS v1.3 client downgrading to TLS v1.2" echo -e "\n\nTLS v1.3 client upgrading server to TLS v1.3"
port=0 port=0
./examples/server/server -v 3 -R $ready_file -p $port & ./examples/server/server -v 3 -R $ready_file -p $port &
server_pid=$! server_pid=$!
@@ -380,7 +380,7 @@ create_port
RESULT=$? RESULT=$?
remove_ready_file remove_ready_file
if [ $RESULT -ne 0 ]; then if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 client downgrading to TLS v1.2" echo -e "\n\nIssue with TLS v1.3 client upgrading server to TLS v1.3"
do_cleanup do_cleanup
exit 1 exit 1
fi fi

4
src/tls.c
View File

@@ -8429,10 +8429,8 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
XMALLOC(sizeof(WOLFSSL_METHOD), heap, XMALLOC(sizeof(WOLFSSL_METHOD), heap,
DYNAMIC_TYPE_METHOD); DYNAMIC_TYPE_METHOD);
(void)heap; (void)heap;
if (method) { if (method)
InitSSL_Method(method, MakeTLSv1_3()); InitSSL_Method(method, MakeTLSv1_3());
method->downgrade = 1;
}
return method; return method;
} }
#endif /* WOLFSSL_TLS13 */ #endif /* WOLFSSL_TLS13 */

54
src/tls13.c
View File

@@ -1208,7 +1208,7 @@ end:
*/ */
word32 TimeNowInMilliseconds(void) word32 TimeNowInMilliseconds(void)
{ {
return (word32) (SYS_TMR_TickCountGet() / return (word32)(SYS_TMR_TickCountGet() /
(SYS_TMR_TickCounterFrequencyGet() / 1000)); (SYS_TMR_TickCounterFrequencyGet() / 1000));
} }
#else #else
@@ -1220,7 +1220,7 @@ end:
*/ */
word32 TimeNowInMilliseconds(void) word32 TimeNowInMilliseconds(void)
{ {
return (word32) (SYS_TICK_Get() / (SYS_TICK_TicksPerSecondGet() / 1000)); return (word32)(SYS_TICK_Get() / (SYS_TICK_TicksPerSecondGet() / 1000));
} }
#endif #endif
@@ -1420,7 +1420,8 @@ static void AddTls13HandShakeHeader(byte* output, word32 length,
* type The type of record layer message. * type The type of record layer message.
* ssl The SSL/TLS object. (DTLS) * ssl The SSL/TLS object. (DTLS)
*/ */
static void AddTls13Headers(byte* output, word32 length, byte type, WOLFSSL* ssl) static void AddTls13Headers(byte* output, word32 length, byte type,
WOLFSSL* ssl)
{ {
word32 lengthAdj = HANDSHAKE_HEADER_SZ; word32 lengthAdj = HANDSHAKE_HEADER_SZ;
word32 outputAdj = RECORD_HEADER_SZ; word32 outputAdj = RECORD_HEADER_SZ;
@@ -1846,7 +1847,8 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz)
input + dataSz, macSz, NULL, 0); input + dataSz, macSz, NULL, 0);
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
if (ret == WC_PENDING_E) { if (ret == WC_PENDING_E) {
ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.aes->asyncDev); ret = wolfSSL_AsyncPush(ssl,
&ssl->decrypt.aes->asyncDev);
} }
#endif #endif
break; break;
@@ -1868,7 +1870,8 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz)
input + dataSz, macSz, NULL, 0); input + dataSz, macSz, NULL, 0);
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
if (ret == WC_PENDING_E) { if (ret == WC_PENDING_E) {
ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.aes->asyncDev); ret = wolfSSL_AsyncPush(ssl,
&ssl->decrypt.aes->asyncDev);
} }
#endif #endif
break; break;
@@ -2526,11 +2529,11 @@ static int DoTls13HelloRetryRequest(WOLFSSL* ssl, const byte* input,
/* Set the cipher suite from the message. */ /* Set the cipher suite from the message. */
ssl->options.cipherSuite0 = input[i++]; ssl->options.cipherSuite0 = input[i++];
ssl->options.cipherSuite = input[i++]; ssl->options.cipherSuite = input[i++];
#endif
ret = SetCipherSpecs(ssl); ret = SetCipherSpecs(ssl);
if (ret != 0) if (ret != 0)
return ret; return ret;
#endif
/* Length of extension data. */ /* Length of extension data. */
ato16(&input[i], &totalExtSz); ato16(&input[i], &totalExtSz);
@@ -2604,10 +2607,15 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (ret != 0) if (ret != 0)
return ret; return ret;
if (!IsAtLeastTLSv1_3(pv) && pv.major != TLS_DRAFT_MAJOR) { if (!IsAtLeastTLSv1_3(pv) && pv.major != TLS_DRAFT_MAJOR) {
if (ssl->options.downgrade) {
ssl->version = pv; ssl->version = pv;
return DoServerHello(ssl, input, inOutIdx, helloSz); return DoServerHello(ssl, input, inOutIdx, helloSz);
} }
WOLFSSL_MSG("CLient using higher version, fatal error");
return VERSION_ERROR;
}
/* Random, cipher suite and extensions length check. */ /* Random, cipher suite and extensions length check. */
if ((i - begin) + RAN_LEN + OPAQUE16_LEN + OPAQUE16_LEN > helloSz) if ((i - begin) + RAN_LEN + OPAQUE16_LEN + OPAQUE16_LEN > helloSz)
return BUFFER_ERROR; return BUFFER_ERROR;
@@ -3305,10 +3313,8 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ssl->chVersion = pv; /* store */ ssl->chVersion = pv; /* store */
i += OPAQUE16_LEN; i += OPAQUE16_LEN;
if (ssl->version.major == SSLv3_MAJOR && if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor < TLSv1_3_MINOR)
ssl->version.minor < TLSv1_3_MINOR) {
return DoClientHello(ssl, input, inOutIdx, helloSz); return DoClientHello(ssl, input, inOutIdx, helloSz);
}
/* Client random */ /* Client random */
XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN); XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN);
@@ -3385,8 +3391,13 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
return ret; return ret;
#endif /*HAVE_STUNNEL*/ #endif /*HAVE_STUNNEL*/
if (TLSX_Find(ssl->extensions, TLSX_SUPPORTED_VERSIONS) == NULL) if (TLSX_Find(ssl->extensions, TLSX_SUPPORTED_VERSIONS) == NULL) {
if (!ssl->options.downgrade) {
WOLFSSL_MSG("Client trying to connect with lesser version");
return VERSION_ERROR;
}
ssl->version.minor = pv.minor; ssl->version.minor = pv.minor;
}
#ifdef WOLFSSL_SEND_HRR_COOKIE #ifdef WOLFSSL_SEND_HRR_COOKIE
if (ssl->options.sendCookie && if (ssl->options.sendCookie &&
@@ -3478,8 +3489,13 @@ int SendTls13HelloRetryRequest(WOLFSSL* ssl)
if (len == 0) if (len == 0)
return MISSING_HANDSHAKE_DATA; return MISSING_HANDSHAKE_DATA;
#ifndef WOLFSSL_TLS13_DRAFT_18
/* Protocol version + CipherSuite + Extensions */ /* Protocol version + CipherSuite + Extensions */
length = OPAQUE16_LEN + OPAQUE16_LEN + len; length = OPAQUE16_LEN + OPAQUE16_LEN + len;
#else
/* Protocol version + Extensions */
length = OPAQUE16_LEN + len;
#endif
sendSz = idx + length; sendSz = idx + length;
/* Check buffers are big enough and grow if needed. */ /* Check buffers are big enough and grow if needed. */
@@ -4551,7 +4567,8 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
{ {
/* idx is used to track verify pointer offset to output */ /* idx is used to track verify pointer offset to output */
args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
args->verify = &args->output[RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ]; args->verify =
&args->output[RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ];
ret = DecodePrivateKey(ssl, &args->length); ret = DecodePrivateKey(ssl, &args->length);
if (ret != 0) if (ret != 0)
@@ -4722,11 +4739,11 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
case TLS_ASYNC_FINALIZE: case TLS_ASYNC_FINALIZE:
{ {
/* Put the record and handshake headers on. */ /* Put the record and handshake headers on. */
AddTls13Headers(args->output, args->length + HASH_SIG_SIZE + VERIFY_HEADER, AddTls13Headers(args->output, args->length + HASH_SIG_SIZE +
certificate_verify, ssl); VERIFY_HEADER, certificate_verify, ssl);
args->sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + args->length + args->sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ +
HASH_SIG_SIZE + VERIFY_HEADER; args->length + HASH_SIG_SIZE + VERIFY_HEADER;
/* Advance state and proceed */ /* Advance state and proceed */
ssl->options.asyncState = TLS_ASYNC_END; ssl->options.asyncState = TLS_ASYNC_END;
@@ -6468,9 +6485,14 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
if (ssl->options.certOnly) if (ssl->options.certOnly)
return SSL_SUCCESS; return SSL_SUCCESS;
if (!ssl->options.tls1_3) if (!ssl->options.tls1_3) {
if (ssl->options.downgrade)
return wolfSSL_connect(ssl); return wolfSSL_connect(ssl);
WOLFSSL_MSG("Client using higher version, fatal error");
return VERSION_ERROR;
}
if (ssl->options.serverState == SERVER_HELLO_RETRY_REQUEST) { if (ssl->options.serverState == SERVER_HELLO_RETRY_REQUEST) {
ssl->options.serverState = NULL_STATE; ssl->options.serverState = NULL_STATE;
/* Try again with different security parameters. */ /* Try again with different security parameters. */