Merge pull request #1409 from SparkiDev/tls13_old_ver_fix

Fix downgrading when WOLFSSL_TLS13 is defined (despite NO_OLD_TLS being defined)
2018-03-08 13:59:59 -08:00 · 2018-03-08 13:59:59 -08:00 · 1f9583c59c
parent 200077c62c d6ffa0dd8e
commit 1f9583c59c
3 changed files with 21 additions and 10 deletions
--- a/src/tls.c
+++ b/src/tls.c
@ -4645,10 +4645,9 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL *ssl, byte* input,
                if (!ssl->options.downgrade)
                    continue;

-#ifdef NO_OLD_TLS
-                if (minor < TLSv1_2_MINOR)
+                if (minor < ssl->options.minDowngrade)
                    continue;
-#endif
+
                /* Downgrade the version. */
                ssl->version.minor = minor;
            }
@ -4699,10 +4698,9 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL *ssl, byte* input,
            if (!ssl->options.downgrade)
                return VERSION_ERROR;

-#ifdef NO_OLD_TLS
-            if (minor < TLSv1_2_MINOR)
+            if (minor < ssl->options.minDowngrade)
                return VERSION_ERROR;
-#endif
+
            /* Downgrade the version. */
            ssl->version.minor = minor;
        }
@ -9012,7 +9010,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
            InitSSL_Method(method, MakeTLSv1_1());
    #endif
 #endif
-#ifndef NO_OLD_TLS
+#if !defined(NO_OLD_TLS) || defined(WOLFSSL_TLS13)
            method->downgrade = 1;
 #endif
        }
@ -9136,7 +9134,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
            #error Must have SHA256, SHA384 or SHA512 enabled for TLS 1.2
    #endif
 #endif
-#ifndef NO_OLD_TLS
+#if !defined(NO_OLD_TLS) || defined(WOLFSSL_TLS13)
            method->downgrade = 1;
 #endif
            method->side      = WOLFSSL_SERVER_END;
--- a/src/tls13.c
+++ b/src/tls13.c
@ -2643,6 +2643,11 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
        return VERSION_ERROR;
    }
 #else
+    if (pv.major == ssl->version.major  && pv.minor < TLSv1_2_MINOR &&
+                                                       ssl->options.downgrade) {
+        ssl->version.minor = TLSv1_2_MINOR;
+        return DoServerHello(ssl, input, inOutIdx, helloSz);
+    }
    if (pv.major != ssl->version.major || pv.minor != TLSv1_2_MINOR)
        return VERSION_ERROR;
 #endif
@ -3622,9 +3627,13 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,

    if (TLSX_Find(ssl->extensions, TLSX_SUPPORTED_VERSIONS) == NULL) {
        if (!ssl->options.downgrade) {
-            WOLFSSL_MSG("Client trying to connect with lesser version");
+            WOLFSSL_MSG("Client trying to connect with lesser version than "
+                        "TLS v1.3");
            return VERSION_ERROR;
        }
+
+        if (pv.minor < ssl->options.minDowngrade)
+            return VERSION_ERROR;
        ssl->version.minor = pv.minor;
    }

--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -1261,7 +1261,11 @@ enum Misc {

 /* minimum Downgrade Minor version */
 #ifndef WOLFSSL_MIN_DOWNGRADE
-    #define WOLFSSL_MIN_DOWNGRADE TLSv1_MINOR
+    #ifndef NO_OLD_TLS
+        #define WOLFSSL_MIN_DOWNGRADE TLSv1_MINOR
+    #else
+        #define WOLFSSL_MIN_DOWNGRADE TLSv1_2_MINOR
+    #endif
 #endif

 /* Set max implicit IV size for AEAD cipher suites */