mirrors
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed DRAFT_18 define and fixed downgrading with TLS v1.3 

Changed the define in configure.ac to match the one used in the code.
Fixed downgrading to disallow unless ssl->options.downgrade is set.
TLS 1.3 client method does not have downgrade on anymore.
Test changed to not expect downgrading to work.
Test of TLS v1.3 client downgrade is actually upgrading on server.
Fixed 80 character line problems.
This commit is contained in:
Sean Parkinson 2017-10-11 12:17:28 +10:00
parent c945e65479
commit 7dca25ea88
4 changed files with 49 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@ -260,7 +260,7 @@ AC_ARG_ENABLE([tls13-draft18],
)
if test "$ENABLED_TLS13_DRAFT18" = "yes"
then
AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT18 $AM_CFLAGS"
AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT_18 $AM_CFLAGS"
fi

6
scripts/tls13.test
View File

@ -363,7 +363,7 @@ create_port
./examples/client/client -v 3 -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
if [ $RESULT -eq 0 ]; then
echo -e "\n\nIssue with TLS v1.3 server downgrading to TLS v1.2"
do_cleanup
exit 1
@ -371,7 +371,7 @@ fi
echo ""
# TLS 1.2 server / TLS 1.3 client.
echo -e "\n\nTLS v1.3 client downgrading to TLS v1.2"
echo -e "\n\nTLS v1.3 client upgrading server to TLS v1.3"
port=0
./examples/server/server -v 3 -R $ready_file -p $port &
server_pid=$!
@ -380,7 +380,7 @@ create_port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 client downgrading to TLS v1.2"
echo -e "\n\nIssue with TLS v1.3 client upgrading server to TLS v1.3"
do_cleanup
exit 1
fi

4
src/tls.c
View File

@ -8429,10 +8429,8 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
XMALLOC(sizeof(WOLFSSL_METHOD), heap,
DYNAMIC_TYPE_METHOD);
(void)heap;
if (method) {
if (method)
InitSSL_Method(method, MakeTLSv1_3());
method->downgrade = 1;
}
return method;
}
#endif /* WOLFSSL_TLS13 */

66
src/tls13.c
View File

@ -1208,8 +1208,8 @@ end:
*/
word32 TimeNowInMilliseconds(void)
{
return (word32) (SYS_TMR_TickCountGet() /
(SYS_TMR_TickCounterFrequencyGet() / 1000));
return (word32)(SYS_TMR_TickCountGet() /
(SYS_TMR_TickCounterFrequencyGet() / 1000));
}
#else
/* The time in milliseconds.
@ -1220,7 +1220,7 @@ end:
*/
word32 TimeNowInMilliseconds(void)
{
return (word32) (SYS_TICK_Get() / (SYS_TICK_TicksPerSecondGet() / 1000));
return (word32)(SYS_TICK_Get() / (SYS_TICK_TicksPerSecondGet() / 1000));
}
#endif
@ -1420,7 +1420,8 @@ static void AddTls13HandShakeHeader(byte* output, word32 length,
* type The type of record layer message.
* ssl The SSL/TLS object. (DTLS)
*/
static void AddTls13Headers(byte* output, word32 length, byte type, WOLFSSL* ssl)
static void AddTls13Headers(byte* output, word32 length, byte type,
WOLFSSL* ssl)
{
word32 lengthAdj = HANDSHAKE_HEADER_SZ;
word32 outputAdj = RECORD_HEADER_SZ;
@ -1601,7 +1602,7 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
if (ssl->encrypt.nonce == NULL)
ssl->encrypt.nonce = (byte*)XMALLOC(AEAD_NONCE_SZ,
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
if (ssl->encrypt.nonce == NULL)
return MEMORY_E;
@ -1815,7 +1816,7 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz)
if (ssl->decrypt.nonce == NULL)
ssl->decrypt.nonce = (byte*)XMALLOC(AEAD_NONCE_SZ,
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
if (ssl->decrypt.nonce == NULL)
return MEMORY_E;
@ -1846,7 +1847,8 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz)
input + dataSz, macSz, NULL, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (ret == WC_PENDING_E) {
ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.aes->asyncDev);
ret = wolfSSL_AsyncPush(ssl,
&ssl->decrypt.aes->asyncDev);
}
#endif
break;
@ -1868,7 +1870,8 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz)
input + dataSz, macSz, NULL, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (ret == WC_PENDING_E) {
ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.aes->asyncDev);
ret = wolfSSL_AsyncPush(ssl,
&ssl->decrypt.aes->asyncDev);
}
#endif
break;
@ -2526,11 +2529,11 @@ static int DoTls13HelloRetryRequest(WOLFSSL* ssl, const byte* input,
/* Set the cipher suite from the message. */
ssl->options.cipherSuite0 = input[i++];
ssl->options.cipherSuite = input[i++];
#endif
ret = SetCipherSpecs(ssl);
if (ret != 0)
return ret;
#endif
/* Length of extension data. */
ato16(&input[i], &totalExtSz);
@ -2604,8 +2607,13 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (ret != 0)
return ret;
if (!IsAtLeastTLSv1_3(pv) && pv.major != TLS_DRAFT_MAJOR) {
ssl->version = pv;
return DoServerHello(ssl, input, inOutIdx, helloSz);
if (ssl->options.downgrade) {
ssl->version = pv;
return DoServerHello(ssl, input, inOutIdx, helloSz);
}
WOLFSSL_MSG("CLient using higher version, fatal error");
return VERSION_ERROR;
}
/* Random, cipher suite and extensions length check. */
@ -3305,10 +3313,8 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ssl->chVersion = pv; /* store */
i += OPAQUE16_LEN;
if (ssl->version.major == SSLv3_MAJOR &&
ssl->version.minor < TLSv1_3_MINOR) {
if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor < TLSv1_3_MINOR)
return DoClientHello(ssl, input, inOutIdx, helloSz);
}
/* Client random */
XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN);
@ -3385,8 +3391,13 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
return ret;
#endif /*HAVE_STUNNEL*/
if (TLSX_Find(ssl->extensions, TLSX_SUPPORTED_VERSIONS) == NULL)
if (TLSX_Find(ssl->extensions, TLSX_SUPPORTED_VERSIONS) == NULL) {
if (!ssl->options.downgrade) {
WOLFSSL_MSG("Client trying to connect with lesser version");
return VERSION_ERROR;
}
ssl->version.minor = pv.minor;
}
#ifdef WOLFSSL_SEND_HRR_COOKIE
if (ssl->options.sendCookie &&
@ -3478,8 +3489,13 @@ int SendTls13HelloRetryRequest(WOLFSSL* ssl)
if (len == 0)
return MISSING_HANDSHAKE_DATA;
#ifndef WOLFSSL_TLS13_DRAFT_18
/* Protocol version + CipherSuite + Extensions */
length = OPAQUE16_LEN + OPAQUE16_LEN + len;
#else
/* Protocol version + Extensions */
length = OPAQUE16_LEN + len;
#endif
sendSz = idx + length;
/* Check buffers are big enough and grow if needed. */
@ -4551,7 +4567,8 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
{
/* idx is used to track verify pointer offset to output */
args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
args->verify = &args->output[RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ];
args->verify =
&args->output[RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ];
ret = DecodePrivateKey(ssl, &args->length);
if (ret != 0)
@ -4722,11 +4739,11 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
case TLS_ASYNC_FINALIZE:
{
/* Put the record and handshake headers on. */
AddTls13Headers(args->output, args->length + HASH_SIG_SIZE + VERIFY_HEADER,
certificate_verify, ssl);
AddTls13Headers(args->output, args->length + HASH_SIG_SIZE +
VERIFY_HEADER, certificate_verify, ssl);
args->sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + args->length +
HASH_SIG_SIZE + VERIFY_HEADER;
args->sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ +
args->length + HASH_SIG_SIZE + VERIFY_HEADER;
/* Advance state and proceed */
ssl->options.asyncState = TLS_ASYNC_END;
@ -6468,8 +6485,13 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
if (ssl->options.certOnly)
return SSL_SUCCESS;
if (!ssl->options.tls1_3)
return wolfSSL_connect(ssl);
if (!ssl->options.tls1_3) {
if (ssl->options.downgrade)
return wolfSSL_connect(ssl);
WOLFSSL_MSG("Client using higher version, fatal error");
return VERSION_ERROR;
}
if (ssl->options.serverState == SERVER_HELLO_RETRY_REQUEST) {
ssl->options.serverState = NULL_STATE;