AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #5631 from gstrauss/enum-tls-vers

Browse Source 
Unify internal/external TLS protocol version enums
This commit is contained in:
Paul Elliott 2022-04-19 17:05:26 +01:00 committed by GitHub
commit a2da9c7e45
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 1235 additions and 1549 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog.d/mbedtls_tlsver_enum.txt Normal file
View File

@ -0,0 +1,6 @@
Features
* Unify internal/external TLS protocol version enums
* Deprecate mbedtls_ssl_conf_max_version()
Replaced with mbedtls_ssl_conf_max_tls_version()
* Deprecate mbedtls_ssl_conf_min_version()
Replaced with mbedtls_ssl_conf_min_tls_version()

105
include/mbedtls/ssl.h
View File

@ -243,6 +243,7 @@
* Various constants
*/
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/* These are the high an low bytes of ProtocolVersion as defined by:
* - RFC 5246: ProtocolVersion version = { 3, 3 }; // TLS v1.2
* - RFC 8446: see section 4.2.1
@ -250,6 +251,7 @@
#define MBEDTLS_SSL_MAJOR_VERSION_3 3
#define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
#define MBEDTLS_SSL_MINOR_VERSION_4 4 /*!< TLS v1.3 */
#endif /* MBEDTLS_DEPRECATED_REMOVED */
#define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */
#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */
@ -1099,6 +1101,14 @@ mbedtls_dtls_srtp_info;
#endif /* MBEDTLS_SSL_DTLS_SRTP */
/** Human-friendly representation of the (D)TLS protocol version. */
typedef enum
{
MBEDTLS_SSL_VERSION_UNKNOWN, /*!< Context not in use or version not yet negotiated. */
MBEDTLS_SSL_VERSION_TLS1_2 = 0x0303, /*!< (D)TLS 1.2 */
MBEDTLS_SSL_VERSION_TLS1_3 = 0x0304, /*!< (D)TLS 1.3 */
} mbedtls_ssl_protocol_version;
/*
* This structure is used for storing current session data.
*
@ -1118,11 +1128,10 @@ struct mbedtls_ssl_session
unsigned char MBEDTLS_PRIVATE(exported);
/*!< Minor version negotiated in the session. Used if and when
* renegotiating or resuming a session instead of the configured minor
* version.
/*!< TLS version negotiated in the session. Used if and when renegotiating
* or resuming a session instead of the configured minor TLS version.
*/
unsigned char MBEDTLS_PRIVATE(minor_ver);
mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version);
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< starting time */
@ -1161,14 +1170,6 @@ struct mbedtls_ssl_session
#endif
};
/** Human-friendly representation of the (D)TLS protocol version. */
typedef enum
{
MBEDTLS_SSL_VERSION_UNKNOWN, /*!< Context not in use or version not yet negotiated. */
MBEDTLS_SSL_VERSION_1_2, /*!< (D)TLS 1.2 */
MBEDTLS_SSL_VERSION_1_3, /*!< (D)TLS 1.3 */
} mbedtls_ssl_protocol_version;
/*
* Identifiers for PRFs used in various versions of TLS.
*/
@ -1259,10 +1260,8 @@ struct mbedtls_ssl_config
* so that elements tend to be in the 128-element direct access window
* on Arm Thumb, which reduces the code size. */
unsigned char MBEDTLS_PRIVATE(max_major_ver); /*!< max. major version used */
unsigned char MBEDTLS_PRIVATE(max_minor_ver); /*!< max. minor version used */
unsigned char MBEDTLS_PRIVATE(min_major_ver); /*!< min. major version used */
unsigned char MBEDTLS_PRIVATE(min_minor_ver); /*!< min. minor version used */
mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(max_tls_version); /*!< max. TLS version used */
mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(min_tls_version); /*!< min. TLS version used */
/*
* Flags (could be bit-fields to save RAM, but separate bytes make
@ -1515,24 +1514,21 @@ struct mbedtls_ssl_context
renego_max_records is < 0 */
#endif /* MBEDTLS_SSL_RENEGOTIATION */
/*!< Equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
int MBEDTLS_PRIVATE(major_ver);
/*!< Server: Negotiated minor version.
* Client: Maximum minor version to be negotiated, then negotiated minor
/*!< Server: Negotiated TLS protocol version.
* Client: Maximum TLS version to be negotiated, then negotiated TLS
* version.
*
* It is initialized as the maximum minor version to be negotiated in the
* It is initialized as the maximum TLS version to be negotiated in the
* ClientHello writing preparation stage and used throughout the
* ClientHello writing. For a fresh handshake not linked to any previous
* handshake, it is initialized to the configured maximum minor version
* handshake, it is initialized to the configured maximum TLS version
* to be negotiated. When renegotiating or resuming a session, it is
* initialized to the previously negotiated minor version.
* initialized to the previously negotiated TLS version.
*
* Updated to the negotiated minor version as soon as the ServerHello is
* Updated to the negotiated TLS version as soon as the ServerHello is
* received.
*/
int MBEDTLS_PRIVATE(minor_ver);
mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version);
unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received */
@ -3847,6 +3843,7 @@ void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ss
mbedtls_dtls_srtp_info *dtls_srtp_info );
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/**
* \brief Set the maximum supported version sent from the client side
* and/or accepted at the server side.
@ -3855,14 +3852,37 @@ void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ss
*
* \note This ignores ciphersuites from higher versions.
*
* \note This function is deprecated and has been replaced by
* \c mbedtls_ssl_conf_max_tls_version().
*
* \param conf SSL configuration
* \param major Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3)
* \param minor Minor version number
* (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2,
* #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3)
*/
void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor );
void MBEDTLS_DEPRECATED mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor );
#endif /* MBEDTLS_DEPRECATED_REMOVED */
/**
* \brief Set the maximum supported version sent from the client side
* and/or accepted at the server side.
*
* \note After the handshake, you can call
* mbedtls_ssl_get_version_number() to see what version was
* negotiated.
*
* \param conf SSL configuration
* \param tls_version TLS protocol version number (\p mbedtls_ssl_protocol_version)
* (#MBEDTLS_SSL_VERSION_UNKNOWN is not valid)
*/
static inline void mbedtls_ssl_conf_max_tls_version( mbedtls_ssl_config *conf,
mbedtls_ssl_protocol_version tls_version )
{
conf->MBEDTLS_PRIVATE(max_tls_version) = tls_version;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/**
* \brief Set the minimum accepted SSL/TLS protocol version
*
@ -3888,13 +3908,35 @@ void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int mino
* mbedtls_ssl_get_version_number() to see what version was
* negotiated.
*
* \note This function is deprecated and has been replaced by
* \c mbedtls_ssl_conf_min_tls_version().
*
* \param conf SSL configuration
* \param major Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3)
* \param minor Minor version number
* (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2,
* #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3)
*/
void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor );
void MBEDTLS_DEPRECATED mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor );
#endif /* MBEDTLS_DEPRECATED_REMOVED */
/**
* \brief Set the minimum supported version sent from the client side
* and/or accepted at the server side.
*
* \note After the handshake, you can call
* mbedtls_ssl_get_version_number() to see what version was
* negotiated.
*
* \param conf SSL configuration
* \param tls_version TLS protocol version number (\p mbedtls_ssl_protocol_version)
* (#MBEDTLS_SSL_VERSION_UNKNOWN is not valid)
*/
static inline void mbedtls_ssl_conf_min_tls_version( mbedtls_ssl_config *conf,
mbedtls_ssl_protocol_version tls_version )
{
conf->MBEDTLS_PRIVATE(min_tls_version) = tls_version;
}
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
/**
@ -4225,8 +4267,11 @@ const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl );
* \param ssl The SSL context to query.
* \return The negotiated protocol version.
*/
mbedtls_ssl_protocol_version mbedtls_ssl_get_version_number(
const mbedtls_ssl_context *ssl );
static inline mbedtls_ssl_protocol_version mbedtls_ssl_get_version_number(
const mbedtls_ssl_context *ssl )
{
return ssl->MBEDTLS_PRIVATE(tls_version);
}
/**
* \brief Return the current TLS version

19
include/mbedtls/ssl_ciphersuites.h
View File

@ -363,22 +363,23 @@ typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t;
/**
* \brief This structure is used for storing ciphersuite information
*
* \note members are defined using integral types instead of enums
* in order to pack structure and reduce memory usage by internal
* \c ciphersuite_definitions[]
*/
struct mbedtls_ssl_ciphersuite_t
{
int MBEDTLS_PRIVATE(id);
const char * MBEDTLS_PRIVATE(name);
mbedtls_cipher_type_t MBEDTLS_PRIVATE(cipher);
mbedtls_md_type_t MBEDTLS_PRIVATE(mac);
mbedtls_key_exchange_type_t MBEDTLS_PRIVATE(key_exchange);
uint8_t MBEDTLS_PRIVATE(cipher); /* mbedtls_cipher_type_t */
uint8_t MBEDTLS_PRIVATE(mac); /* mbedtls_md_type_t */
uint8_t MBEDTLS_PRIVATE(key_exchange); /* mbedtls_key_exchange_type_t */
uint8_t MBEDTLS_PRIVATE(flags);
int MBEDTLS_PRIVATE(min_major_ver);
int MBEDTLS_PRIVATE(min_minor_ver);
int MBEDTLS_PRIVATE(max_major_ver);
int MBEDTLS_PRIVATE(max_minor_ver);
unsigned char MBEDTLS_PRIVATE(flags);
uint16_t MBEDTLS_PRIVATE(min_tls_version); /* mbedtls_ssl_protocol_version */
uint16_t MBEDTLS_PRIVATE(max_tls_version); /* mbedtls_ssl_protocol_version */
};
const int *mbedtls_ssl_list_ciphersuites( void );

952
library/ssl_ciphersuites.c
View File

File diff suppressed because it is too large Load Diff

42
library/ssl_client.c
View File

@ -416,15 +416,16 @@ static int ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
int mbedtls_ssl_validate_ciphersuite(
const mbedtls_ssl_context *ssl,
const mbedtls_ssl_ciphersuite_t *suite_info,
int min_minor_ver, int max_minor_ver )
mbedtls_ssl_protocol_version min_tls_version,
mbedtls_ssl_protocol_version max_tls_version )
{
(void) ssl;
if( suite_info == NULL )
return( -1 );
if( ( suite_info->min_minor_ver > max_minor_ver ) ||
( suite_info->max_minor_ver < min_minor_ver ) )
if( ( suite_info->min_tls_version > max_tls_version ) ||
( suite_info->max_tls_version < min_tls_version ) )
{
return( -1 );
}
@ -492,8 +493,8 @@ static int ssl_write_client_hello_cipher_suites(
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
if( mbedtls_ssl_validate_ciphersuite( ssl, ciphersuite_info,
ssl->handshake->min_minor_ver,
ssl->minor_ver ) != 0 )
ssl->handshake->min_tls_version,
ssl->tls_version ) != 0 )
continue;
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
@ -584,15 +585,15 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
unsigned char propose_tls12 =
( handshake->min_minor_ver <= MBEDTLS_SSL_MINOR_VERSION_3 )
( handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 )
&&
( MBEDTLS_SSL_MINOR_VERSION_3 <= ssl->minor_ver );
( MBEDTLS_SSL_VERSION_TLS1_2 <= ssl->tls_version );
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
unsigned char propose_tls13 =
( handshake->min_minor_ver <= MBEDTLS_SSL_MINOR_VERSION_4 )
( handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3 )
&&
( MBEDTLS_SSL_MINOR_VERSION_4 <= ssl->minor_ver );
( MBEDTLS_SSL_VERSION_TLS1_3 <= ssl->tls_version );
#endif
/*
@ -601,9 +602,8 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl,
* In all cases this is the TLS 1.2 version.
*/
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
mbedtls_ssl_write_version( MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_3,
ssl->conf->transport, p );
mbedtls_ssl_write_version( p, ssl->conf->transport,
MBEDTLS_SSL_VERSION_TLS1_2 );
p += 2;
/* ...
@ -816,7 +816,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
* TLS 1.3 case:
* opaque Random[32];
*/
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 )
{
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t gmt_unix_time = mbedtls_time( NULL );
@ -851,21 +851,19 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl )
*/
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
ssl->handshake->min_minor_ver = ssl->minor_ver;
ssl->handshake->min_tls_version = ssl->tls_version;
else
#endif
{
ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
if( ssl->handshake->resume )
{
ssl->minor_ver = ssl->session_negotiate->minor_ver;
ssl->handshake->min_minor_ver = ssl->minor_ver;
ssl->tls_version = ssl->session_negotiate->tls_version;
ssl->handshake->min_tls_version = ssl->tls_version;
}
else
{
ssl->minor_ver = ssl->conf->max_minor_ver;
ssl->handshake->min_minor_ver = ssl->conf->min_minor_ver;
ssl->tls_version = ssl->conf->max_tls_version;
ssl->handshake->min_tls_version = ssl->conf->min_tls_version;
}
}
@ -896,7 +894,7 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl )
session_id_len = ssl->session_negotiate->id_len;
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 )
{
if( session_id_len < 16 || session_id_len > 32 ||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
@ -927,7 +925,7 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl )
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{
/*
* Create a legacy session identifier for the purpose of middlebox

11
library/ssl_client.h
View File

@ -31,17 +31,18 @@
/**
* \brief Validate cipher suite against config in SSL context.
*
* \param ssl SSL context
* \param suite_info Cipher suite to validate
* \param min_minor_ver Minimal minor version to accept a cipher suite
* \param max_minor_ver Maximal minor version to accept a cipher suite
* \param ssl SSL context
* \param suite_info Cipher suite to validate
* \param min_tls_version Minimal TLS version to accept a cipher suite
* \param max_tls_version Maximal TLS version to accept a cipher suite
*
* \return 0 if valid, negative value otherwise.
*/
int mbedtls_ssl_validate_ciphersuite(
const mbedtls_ssl_context *ssl,
const mbedtls_ssl_ciphersuite_t *suite_info,
int min_minor_ver, int max_minor_ver );
mbedtls_ssl_protocol_version min_tls_version,
mbedtls_ssl_protocol_version max_tls_version );
int mbedtls_ssl_write_client_hello( mbedtls_ssl_context *ssl );

121
library/ssl_misc.h
View File

@ -59,35 +59,6 @@
#define inline __inline
#endif
/* Legacy minor version numbers as defined by:
* - RFC 2246: ProtocolVersion version = { 3, 1 }; // TLS v1.0
* - RFC 4346: ProtocolVersion version = { 3, 2 }; // TLS v1.1
*
* We no longer support these versions, but some code still references those
* constants as part of negotiating with the peer, so keep them available
* internally.
*/
#define MBEDTLS_SSL_MINOR_VERSION_1 1
#define MBEDTLS_SSL_MINOR_VERSION_2 2
/* Determine minimum supported version */
#define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_4
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
/* Determine maximum supported version */
#define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_4
#elif defined(MBEDTLS_SSL_PROTO_TLS1_2)
#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
/* Shorthand for restartable ECC */
#if defined(MBEDTLS_ECP_RESTARTABLE) && \
defined(MBEDTLS_SSL_CLI_C) && \
@ -534,8 +505,16 @@ struct mbedtls_ssl_handshake_params
uint8_t resume; /*!< session resume indicator*/
uint8_t cli_exts; /*!< client extension presence*/
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
uint8_t sni_authmode; /*!< authmode from SNI callback */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
uint8_t new_session_ticket; /*!< use NewSessionTicket? */
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_CLI_C)
/*!< Minimum minor version to be negotiated.
/*!< Minimum TLS version to be negotiated.
*
* It is set up in the ClientHello writing preparation stage and used
* throughout the ClientHello writing. Not relevant anymore as soon as
@ -546,24 +525,16 @@ struct mbedtls_ssl_handshake_params
* renegotiating or resuming a session, it is equal to the previously
* negotiated minor version.
*
* There is no maximum minor version field in this handshake context.
* There is no maximum TLS version field in this handshake context.
* From the start of the handshake, we need to define a current protocol
* version for the record layer which we define as the maximum minor
* version to be negotiated. The `minor_ver` field of the SSL context is
* version for the record layer which we define as the maximum TLS
* version to be negotiated. The `tls_version` field of the SSL context is
* used to store this maximum value until it contains the actual
* negotiated value.
*/
unsigned char min_minor_ver;
mbedtls_ssl_protocol_version min_tls_version;
#endif
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
uint8_t sni_authmode; /*!< authmode from SNI callback */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
uint8_t new_session_ticket; /*!< use NewSessionTicket? */
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
uint8_t extended_ms; /*!< use Extended Master Secret? */
#endif
@ -947,7 +918,7 @@ typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;
* and indicates the length of the static part of the IV which is
* constant throughout the communication, and which is stored in
* the first fixed_ivlen bytes of the iv_{enc/dec} arrays.
* - minor_ver denotes the SSL/TLS version
* - tls_version denotes the 2-byte TLS version
* - For stream/CBC transformations, maclen denotes the length of the
* authentication tag, while taglen is unused and 0.
* - For AEAD transformations, taglen denotes the length of the
@ -988,7 +959,7 @@ struct mbedtls_ssl_transform
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
int minor_ver;
mbedtls_ssl_protocol_version tls_version;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t psa_key_enc; /*!< psa encryption key */
@ -1457,10 +1428,10 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
uint32_t *flags );
#endif /* MBEDTLS_X509_CRT_PARSE_C */
void mbedtls_ssl_write_version( int major, int minor, int transport,
unsigned char ver[2] );
void mbedtls_ssl_read_version( int *major, int *minor, int transport,
const unsigned char ver[2] );
void mbedtls_ssl_write_version( unsigned char version[2], int transport,
mbedtls_ssl_protocol_version tls_version );
uint16_t mbedtls_ssl_read_version( const unsigned char version[2],
int transport );
static inline size_t mbedtls_ssl_in_hdr_len( const mbedtls_ssl_context *ssl )
{
@ -1601,14 +1572,8 @@ void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight );
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
static inline int mbedtls_ssl_conf_is_tls13_only( const mbedtls_ssl_config *conf )
{
if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
conf->min_minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 &&
conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
{
return( 1 );
}
return( 0 );
return( conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
@ -1616,14 +1581,8 @@ static inline int mbedtls_ssl_conf_is_tls13_only( const mbedtls_ssl_config *conf
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
static inline int mbedtls_ssl_conf_is_tls12_only( const mbedtls_ssl_config *conf )
{
if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
conf->min_minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
return( 1 );
}
return( 0 );
return( conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_2 &&
conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_2 );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@ -1631,14 +1590,8 @@ static inline int mbedtls_ssl_conf_is_tls12_only( const mbedtls_ssl_config *conf
static inline int mbedtls_ssl_conf_is_tls13_enabled( const mbedtls_ssl_config *conf )
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
conf->min_minor_ver <= MBEDTLS_SSL_MINOR_VERSION_4 &&
conf->max_minor_ver >= MBEDTLS_SSL_MINOR_VERSION_4 )
{
return( 1 );
}
return( 0 );
return( conf->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3 &&
conf->max_tls_version >= MBEDTLS_SSL_VERSION_TLS1_3 );
#else
((void) conf);
return( 0 );
@ -1648,14 +1601,8 @@ static inline int mbedtls_ssl_conf_is_tls13_enabled( const mbedtls_ssl_config *c
static inline int mbedtls_ssl_conf_is_tls12_enabled( const mbedtls_ssl_config *conf )
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
conf->min_minor_ver <= MBEDTLS_SSL_MINOR_VERSION_3 &&
conf->max_minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
{
return( 1 );
}
return( 0 );
return( conf->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 &&
conf->max_tls_version >= MBEDTLS_SSL_VERSION_TLS1_2 );
#else
((void) conf);
return( 0 );
@ -1665,14 +1612,8 @@ static inline int mbedtls_ssl_conf_is_tls12_enabled( const mbedtls_ssl_config *c
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_config *conf )
{
if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
conf->min_minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
{
return( 1 );
}
return( 0 );
return( conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_2 &&
conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3 */
@ -2077,7 +2018,7 @@ static inline int mbedtls_ssl_sig_alg_is_supported(
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3)
if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 )
{
/* High byte is hash */
unsigned char hash = MBEDTLS_BYTE_1( sig_alg );
@ -2140,7 +2081,7 @@ static inline int mbedtls_ssl_sig_alg_is_supported(
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4)
if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{
mbedtls_pk_type_t pk_type;
mbedtls_md_type_t md_alg;

109
library/ssl_msg.c
View File

@ -382,7 +382,8 @@ static int ssl_parse_inner_plaintext( unsigned char const *content,
static void ssl_extract_add_data_from_record( unsigned char* add_data,
size_t *add_data_len,
mbedtls_record *rec,
unsigned minor_ver,
mbedtls_ssl_protocol_version
tls_version,
size_t taglen )
{
/* Quoting RFC 5246 (TLS 1.2):
@ -421,7 +422,7 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
size_t ad_len_field = rec->data_len;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
if( tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{
/* In TLS 1.3, the AAD contains the length of the TLSCiphertext,
* which differs from the length of the TLSInnerPlaintext
@ -431,7 +432,7 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
else
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
{
((void) minor_ver);
((void) tls_version);
((void) taglen);
memcpy( cur, rec->ctr, sizeof( rec->ctr ) );
cur += sizeof( rec->ctr );
@ -596,7 +597,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
* is hence no risk of double-addition of the inner plaintext.
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
if( transform->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{
size_t padding =
ssl_compute_padding_length( rec->data_len,
@ -680,7 +681,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_USE_PSA_CRYPTO */
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
transform->minor_ver,
transform->tls_version,
transform->taglen );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@ -817,7 +818,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
* This depends on the TLS version.
*/
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
transform->minor_ver,
transform->tls_version,
transform->taglen );
MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)",
@ -1050,7 +1051,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
}
ssl_extract_add_data_from_record( add_data, &add_data_len,
rec, transform->minor_ver,
rec, transform->tls_version,
transform->taglen );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
@ -1270,7 +1271,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
* This depends on the TLS version.
*/
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
transform->minor_ver,
transform->tls_version,
transform->taglen );
MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
add_data, add_data_len );
@ -1412,7 +1413,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
* Further, we still know that data_len > minlen */
rec->data_len -= transform->maclen;
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
transform->minor_ver,
transform->tls_version,
transform->taglen );
/* Calculate expected MAC. */
@ -1697,7 +1698,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
*/
rec->data_len -= transform->maclen;
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
transform->minor_ver,
transform->tls_version,
transform->taglen );
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
@ -1775,7 +1776,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
if( transform->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{
/* Remove inner padding and infer true content type. */
ret = ssl_parse_inner_plaintext( data, &rec->data_len,
@ -2674,15 +2675,15 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush )
#endif
/* Skip writing the record content type to after the encryption,
* as it may change when using the CID extension. */
int minor_ver = ssl->minor_ver;
mbedtls_ssl_protocol_version tls_ver = ssl->tls_version;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/* TLS 1.3 still uses the TLS 1.2 version identifier
* for backwards compatibility. */
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
if( tls_ver == MBEDTLS_SSL_VERSION_TLS1_3 )
tls_ver = MBEDTLS_SSL_VERSION_TLS1_2;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
mbedtls_ssl_write_version( ssl->major_ver, minor_ver,
ssl->conf->transport, ssl->out_hdr + 1 );
mbedtls_ssl_write_version( ssl->out_hdr + 1, ssl->conf->transport,
tls_ver );
memcpy( ssl->out_ctr, ssl->cur_out_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN );
MBEDTLS_PUT_UINT16_BE( len, ssl->out_len, 0);
@ -2697,8 +2698,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush )
rec.data_offset = ssl->out_msg - rec.buf;
memcpy( &rec.ctr[0], ssl->out_ctr, sizeof( rec.ctr ) );
mbedtls_ssl_write_version( ssl->major_ver, minor_ver,
ssl->conf->transport, rec.ver );
mbedtls_ssl_write_version( rec.ver, ssl->conf->transport, tls_ver );
rec.type = ssl->out_msgtype;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@ -3420,7 +3420,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
size_t len,
mbedtls_record *rec )
{
int major_ver, minor_ver;
mbedtls_ssl_protocol_version tls_version;
size_t const rec_hdr_type_offset = 0;
size_t const rec_hdr_type_len = 1;
@ -3530,19 +3530,12 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
rec->ver[0] = buf[ rec_hdr_version_offset + 0 ];
rec->ver[1] = buf[ rec_hdr_version_offset + 1 ];
mbedtls_ssl_read_version( &major_ver, &minor_ver,
ssl->conf->transport,
&rec->ver[0] );
tls_version = mbedtls_ssl_read_version( buf + rec_hdr_version_offset,
ssl->conf->transport );
if( major_ver != ssl->major_ver )
if( tls_version > ssl->conf->max_tls_version )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "major version mismatch" ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
if( minor_ver > ssl->conf->max_minor_ver )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) );
MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS version mismatch" ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
@ -3574,9 +3567,8 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", buf, rec->data_offset );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %u, "
"version = [%d:%d], msglen = %" MBEDTLS_PRINTF_SIZET,
rec->type,
major_ver, minor_ver, rec->data_len ) );
"version = [0x%x], msglen = %" MBEDTLS_PRINTF_SIZET,
rec->type, (unsigned)tls_version, rec->data_len ) );
rec->buf = buf;
rec->buf_len = rec->data_offset + rec->data_len;
@ -3692,7 +3684,7 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( ssl->transform_in != NULL &&
ssl->transform_in->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
ssl->transform_in->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{
if( rec->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
done = 1;
@ -3748,7 +3740,7 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,
if( rec->data_len == 0 )
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3
if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2
&& rec->type != MBEDTLS_SSL_MSG_APPLICATION_DATA )
{
/* TLS v1.2 explicitly disallows zero-length messages which are not application data */
@ -4751,7 +4743,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
MBEDTLS_SSL_DEBUG_MSG( 1,
@ -4970,9 +4962,6 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
static size_t ssl_transform_get_explicit_iv_len(
mbedtls_ssl_transform const *transform )
{
if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
return( 0 );
return( transform->ivlen - transform->fixed_ivlen );
}
@ -5814,51 +5803,35 @@ static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl,
* and, for DTLS, to/from TLS equivalent.
*
* For TLS this is the identity.
* For DTLS, use 1's complement (v -> 255 - v, and then map as follows:
* For DTLS, map as follows, then use 1's complement (v -> ~v):
* 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2)
* DTLS 1.0 is stored as TLS 1.1 internally
*/
void mbedtls_ssl_write_version( int major, int minor, int transport,
unsigned char ver[2] )
void mbedtls_ssl_write_version( unsigned char version[2], int transport,
mbedtls_ssl_protocol_version tls_version )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
if( minor == MBEDTLS_SSL_MINOR_VERSION_2 )
--minor; /* DTLS 1.0 stored as TLS 1.1 internally */
ver[0] = (unsigned char)( 255 - ( major - 2 ) );
ver[1] = (unsigned char)( 255 - ( minor - 1 ) );
}
else
tls_version =
~( tls_version - ( tls_version == 0x0302 ? 0x0202 : 0x0201 ) );
#else
((void) transport);
#endif
{
ver[0] = (unsigned char) major;
ver[1] = (unsigned char) minor;
}
MBEDTLS_PUT_UINT16_BE( tls_version, version, 0 );
}
void mbedtls_ssl_read_version( int *major, int *minor, int transport,
const unsigned char ver[2] )
uint16_t mbedtls_ssl_read_version( const unsigned char version[2],
int transport )
{
uint16_t tls_version = MBEDTLS_GET_UINT16_BE( version, 0 );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
*major = 255 - ver[0] + 2;
*minor = 255 - ver[1] + 1;
if( *minor == MBEDTLS_SSL_MINOR_VERSION_1 )
++*minor; /* DTLS 1.0 stored as TLS 1.1 internally */
}
else
tls_version =
~( tls_version - ( tls_version == 0xfeff ? 0x0202 : 0x0201 ) );
#else
((void) transport);
#endif
{
*major = ver[0];
*minor = ver[1];
}
return tls_version;
}
/*

166
library/ssl_tls.c
View File

@ -390,7 +390,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
MBEDTLS_SSL_SOME_SUITES_USE_MAC */
ssl_tls_prf_t tls_prf,
const unsigned char randbytes[64],
int minor_ver,
mbedtls_ssl_protocol_version tls_version,
unsigned endpoint,
const mbedtls_ssl_context *ssl );
@ -2147,14 +2147,12 @@ void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ss
void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor )
{
conf->max_major_ver = major;
conf->max_minor_ver = minor;
conf->max_tls_version = (major << 8) | minor;
}
void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor )
{
conf->min_major_ver = major;
conf->min_minor_ver = minor;
conf->min_tls_version = (major << 8) | minor;
}
#if defined(MBEDTLS_SSL_SRV_C)
@ -2313,42 +2311,26 @@ const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl )
return mbedtls_ssl_get_ciphersuite_name( ssl->session->ciphersuite );
}
mbedtls_ssl_protocol_version mbedtls_ssl_get_version_number(
const mbedtls_ssl_context *ssl )
{
/* For major_ver, only 3 is supported, so skip checking it. */
switch( ssl->minor_ver )
{
case MBEDTLS_SSL_MINOR_VERSION_3:
return( MBEDTLS_SSL_VERSION_1_2 );
case MBEDTLS_SSL_MINOR_VERSION_4:
return( MBEDTLS_SSL_VERSION_1_3 );
default:
return( MBEDTLS_SSL_VERSION_UNKNOWN );
}
}
const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
switch( ssl->minor_ver )
switch( ssl->tls_version )
{
case MBEDTLS_SSL_MINOR_VERSION_3:
case MBEDTLS_SSL_VERSION_TLS1_2:
return( "DTLSv1.2" );
default:
return( "unknown (DTLS)" );
}
}
#endif
switch( ssl->minor_ver )
switch( ssl->tls_version )
{
case MBEDTLS_SSL_MINOR_VERSION_3:
case MBEDTLS_SSL_VERSION_TLS1_2:
return( "TLSv1.2" );
case MBEDTLS_SSL_MINOR_VERSION_4:
case MBEDTLS_SSL_VERSION_TLS1_3:
return( "TLSv1.3" );
default:
return( "unknown" );
@ -2642,12 +2624,12 @@ static unsigned char ssl_serialized_session_header[] = {
* // configuration options which influence
* // the structure of mbedtls_ssl_session.
*
* uint8_t minor_ver; // Protocol-version. Possible values:
* // - TLS 1.2 (MBEDTLS_SSL_MINOR_VERSION_3)
* uint8_t minor_ver; // Protocol minor version. Possible values:
* // - TLS 1.2 (3)
*
* select (serialized_session.minor_ver) {
* select (serialized_session.tls_version) {
*
* case MBEDTLS_SSL_MINOR_VERSION_3: // TLS 1.2
* case MBEDTLS_SSL_VERSION_TLS1_2:
* serialized_session_tls12 data;
*
* };
@ -2687,14 +2669,14 @@ static int ssl_session_save( const mbedtls_ssl_session *session,
used += 1;
if( used <= buf_len )
{
*p++ = session->minor_ver;
*p++ = MBEDTLS_BYTE_0( session->tls_version );
}
/* Forward to version-specific serialization routine. */
switch( session->minor_ver )
switch( session->tls_version )
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
case MBEDTLS_SSL_MINOR_VERSION_3:
case MBEDTLS_SSL_VERSION_TLS1_2:
{
size_t remaining_len = used <= buf_len ? buf_len - used : 0;
used += ssl_session_save_tls12( session, p, remaining_len );
@ -2760,13 +2742,13 @@ static int ssl_session_load( mbedtls_ssl_session *session,
*/
if( 1 > (size_t)( end - p ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
session->minor_ver = *p++;
session->tls_version = 0x0300 | *p++;
/* Dispatch according to TLS version. */
switch( session->minor_ver )
switch( session->tls_version )
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
case MBEDTLS_SSL_MINOR_VERSION_3: /* TLS 1.2 */
case MBEDTLS_SSL_VERSION_TLS1_2:
{
size_t remaining_len = ( end - p );
return( ssl_session_load_tls12( session, p, remaining_len ) );
@ -2868,7 +2850,7 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
default:
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
ret = mbedtls_ssl_tls13_handshake_client_step( ssl );
else
ret = mbedtls_ssl_handshake_client_step( ssl );
@ -3375,12 +3357,7 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
/* Version must be 1.2 */
if( ssl->major_ver != MBEDTLS_SSL_MAJOR_VERSION_3 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only version 1.2 supported" ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
if( ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_2 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only version 1.2 supported" ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@ -3569,10 +3546,8 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
* least check it matches the requirements for serializing.
*/
if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
ssl->conf->max_major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 ||
ssl->conf->min_major_ver > MBEDTLS_SSL_MAJOR_VERSION_3 ||
ssl->conf->max_minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ||
ssl->conf->min_minor_ver > MBEDTLS_SSL_MINOR_VERSION_3 ||
ssl->conf->max_tls_version < MBEDTLS_SSL_VERSION_TLS1_2 ||
ssl->conf->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 ||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED ||
#endif
@ -3652,7 +3627,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_SOME_SUITES_USE_MAC */
ssl_tls12prf_from_cs( ssl->session->ciphersuite ),
p, /* currently pointing to randbytes */
MBEDTLS_SSL_MINOR_VERSION_3, /* (D)TLS 1.2 is forced */
MBEDTLS_SSL_VERSION_TLS1_2, /* (D)TLS 1.2 is forced */
ssl->conf->endpoint,
ssl );
if( ret != 0 )
@ -3778,9 +3753,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
* mbedtls_ssl_reset(), so we only need to set the remaining ones.
*/
ssl->state = MBEDTLS_SSL_HANDSHAKE_OVER;
ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
ssl->minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
/* Adjust pointers for header fields of outgoing records to
* the given transform, accounting for explicit IV and CID. */
@ -4242,6 +4215,32 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
conf->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
if( ( endpoint == MBEDTLS_SSL_IS_SERVER ) ||
( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) )
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
#else
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
#endif
}
else
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
#elif defined(MBEDTLS_SSL_PROTO_TLS1_2)
conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
#else
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
#endif
}
/*
* Preset-specific defaults
*/
@ -4251,30 +4250,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
* NSA Suite B
*/
case MBEDTLS_SSL_PRESET_SUITEB:
conf->min_major_ver = MBEDTLS_SSL_MIN_MAJOR_VERSION;
conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
if( ( endpoint == MBEDTLS_SSL_IS_SERVER ) ||
( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) )
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
{
conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
conf->max_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
}
#else
{
conf->min_major_ver = 0;
conf->max_major_ver = 0;
conf->min_minor_ver = 0;
conf->max_minor_ver = 0;
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
#endif
else
{
conf->min_minor_ver = MBEDTLS_SSL_MIN_MINOR_VERSION;
conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
}
conf->ciphersuite_list = ssl_preset_suiteb_ciphersuites;
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@ -4303,30 +4279,6 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
* Default
*/
default:
conf->min_major_ver = MBEDTLS_SSL_MIN_MAJOR_VERSION;
conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
if( ( endpoint == MBEDTLS_SSL_IS_SERVER ) ||
( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) )
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
{
conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
conf->max_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
}
#else
{
conf->min_major_ver = 0;
conf->max_major_ver = 0;
conf->min_minor_ver = 0;
conf->max_minor_ver = 0;
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
#endif
else
{
conf->min_minor_ver = MBEDTLS_SSL_MIN_MINOR_VERSION;
conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
}
conf->ciphersuite_list = mbedtls_ssl_list_ciphersuites();
@ -5245,7 +5197,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_SOME_SUITES_USE_MAC */
ssl->handshake->tls_prf,
ssl->handshake->randbytes,
ssl->minor_ver,
ssl->tls_version,
ssl->conf->endpoint,
ssl );
if( ret != 0 )
@ -6818,7 +6770,7 @@ static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
* - [in] compression
* - [in] tls_prf: pointer to PRF to use for key derivation
* - [in] randbytes: buffer holding ServerHello.random + ClientHello.random
* - [in] minor_ver: SSL/TLS minor version
* - [in] tls_version: TLS version
* - [in] endpoint: client or server
* - [in] ssl: used for:
* - ssl->conf->{f,p}_export_keys
@ -6835,7 +6787,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
MBEDTLS_SSL_SOME_SUITES_USE_MAC */
ssl_tls_prf_t tls_prf,
const unsigned char randbytes[64],
int minor_ver,
mbedtls_ssl_protocol_version tls_version,
unsigned endpoint,
const mbedtls_ssl_context *ssl )
{
@ -6879,14 +6831,14 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
transform->encrypt_then_mac = encrypt_then_mac;
#endif
transform->minor_ver = minor_ver;
transform->tls_version = tls_version;
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
memcpy( transform->randbytes, randbytes, sizeof( transform->randbytes ) );
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
if( tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{
/* At the moment, we keep TLS <= 1.2 and TLS 1.3 transform
* generation separate. This should never happen. */
@ -7056,7 +7008,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
- transform->maclen % cipher_info->block_size;
}
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
if( tls_version == MBEDTLS_SSL_VERSION_TLS1_2 )
{
transform->minlen += transform->ivlen;
}
@ -7093,9 +7045,6 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
mac_enc = keyblk;
mac_dec = keyblk + mac_key_len;
/*
* This is not used in TLS v1.1.
*/
iv_copy_len = ( transform->fixed_ivlen ) ?
transform->fixed_ivlen : transform->ivlen;
memcpy( transform->iv_enc, key2 + keylen, iv_copy_len );
@ -7113,9 +7062,6 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
mac_enc = keyblk + mac_key_len;
mac_dec = keyblk;
/*
* This is not used in TLS v1.1.
*/
iv_copy_len = ( transform->fixed_ivlen ) ?
transform->fixed_ivlen : transform->ivlen;
memcpy( transform->iv_dec, key1 + keylen, iv_copy_len );

48
library/ssl_tls12_client.c
View File

@ -1121,7 +1121,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
{
const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
int major_ver, minor_ver;
uint16_t dtls_legacy_version;
unsigned char cookie_len;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse hello verify request" ) );
@ -1146,17 +1146,15 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
* } HelloVerifyRequest;
*/
MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, p );
dtls_legacy_version = MBEDTLS_GET_UINT16_BE( p, 0 );
p += 2;
/*
* Since the RFC is not clear on this point, accept DTLS 1.0 (TLS 1.1)
* even is lower than our min version.
* Since the RFC is not clear on this point, accept DTLS 1.0 (0xfeff)
* The DTLS 1.3 (current draft) renames ProtocolVersion server_version to
* legacy_version and locks the value of legacy_version to 0xfefd (DTLS 1.2)
*/
if( major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 ||
minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ||
major_ver > ssl->conf->max_major_ver ||
minor_ver > ssl->conf->max_minor_ver )
if( dtls_legacy_version != 0xfefd && dtls_legacy_version != 0xfeff )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server version" ) );
@ -1297,23 +1295,18 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
*/
buf += mbedtls_ssl_hs_hdr_len( ssl );
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", buf + 0, 2 );
mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver,
ssl->conf->transport, buf + 0 );
ssl->session_negotiate->minor_ver = ssl->minor_ver;
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", buf, 2 );
ssl->tls_version = mbedtls_ssl_read_version( buf, ssl->conf->transport );
ssl->session_negotiate->tls_version = ssl->tls_version;
if( ssl->major_ver < ssl->conf->min_major_ver ||
ssl->minor_ver < ssl->conf->min_minor_ver ||
ssl->major_ver > ssl->conf->max_major_ver ||
ssl->minor_ver > ssl->conf->max_minor_ver )
if( ssl->tls_version < ssl->conf->min_tls_version ||
ssl->tls_version > ssl->conf->max_tls_version )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "server version out of bounds - min: [%d:%d], server: [%d:%d], max: [%d:%d]",
ssl->conf->min_major_ver,
ssl->conf->min_minor_ver,
ssl->major_ver, ssl->minor_ver,
ssl->conf->max_major_ver,
ssl->conf->max_minor_ver ) );
( "server version out of bounds - min: [0x%x], server: [0x%x], max: [0x%x]",
(unsigned)ssl->conf->min_tls_version,
(unsigned)ssl->tls_version,
(unsigned)ssl->conf->max_tls_version ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
@ -1475,8 +1468,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
suite_info = mbedtls_ssl_ciphersuite_from_id(
ssl->session_negotiate->ciphersuite );
if( mbedtls_ssl_validate_ciphersuite( ssl, suite_info, ssl->minor_ver,
ssl->minor_ver ) != 0 )
if( mbedtls_ssl_validate_ciphersuite( ssl, suite_info, ssl->tls_version,
ssl->tls_version ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
mbedtls_ssl_send_alert_message(
@ -1491,7 +1484,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA &&
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 )
{
ssl->handshake->ecrs_enabled = 1;
}
@ -1992,9 +1985,8 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
* opaque random[46];
* } PreMasterSecret;
*/
mbedtls_ssl_write_version( MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_3,
ssl->conf->transport, p );
mbedtls_ssl_write_version( p, ssl->conf->transport,
MBEDTLS_SSL_VERSION_TLS1_2 );
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p + 2, 46 ) ) != 0 )
{

41
library/ssl_tls12_server.c
View File

@ -951,7 +951,7 @@ static int ssl_check_key_curve( mbedtls_pk_context *pk,
static int ssl_pick_cert( mbedtls_ssl_context *ssl,
const mbedtls_ssl_ciphersuite_t * ciphersuite_info )
{
mbedtls_ssl_key_cert *cur, *list, *fallback = NULL;
mbedtls_ssl_key_cert *cur, *list;
mbedtls_pk_type_t pk_alg =
mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
uint32_t flags;
@ -1015,9 +1015,6 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
break;
}
if( cur == NULL )
cur = fallback;
/* Do not update ssl->handshake->key_cert unless there is a match */
if( cur != NULL )
{
@ -1054,8 +1051,8 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %#04x (%s)",
(unsigned int) suite_id, suite_info->name ) );
if( suite_info->min_minor_ver > ssl->minor_ver ||
suite_info->max_minor_ver < ssl->minor_ver )
if( suite_info->min_tls_version > ssl->tls_version ||
suite_info->max_tls_version < ssl->tls_version )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: version" ) );
return( 0 );
@ -1147,7 +1144,6 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl )
int handshake_failure = 0;
const int *ciphersuites;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
int major, minor;
/* If there is no signature-algorithm extension present,
* we need to fall back to the default values for allowed
@ -1206,18 +1202,6 @@ read_record_header:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, protocol version: [%d:%d]",
buf[1], buf[2] ) );
mbedtls_ssl_read_version( &major, &minor, ssl->conf->transport, buf + 1 );
/* According to RFC 5246 Appendix E.1, the version here is typically
* "{03,00}, the lowest version number supported by the client, [or] the
* value of ClientHello.client_version", so the only meaningful check here
* is the major version shouldn't be less than 3 */
if( major < MBEDTLS_SSL_MAJOR_VERSION_3 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
return( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
}
/* For DTLS if this is the initial handshake, remember the client sequence
* number to use it in our next message (RFC 6347 4.2.1) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@ -1405,12 +1389,10 @@ read_record_header:
*/
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, version", buf, 2 );
mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver,
ssl->conf->transport, buf );
ssl->session_negotiate->minor_ver = ssl->minor_ver;
ssl->tls_version = mbedtls_ssl_read_version( buf, ssl->conf->transport );
ssl->session_negotiate->tls_version = ssl->tls_version;
if( ( ssl->major_ver != MBEDTLS_SSL_MAJOR_VERSION_3 ) ||
( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) )
if( ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_2 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "server only supports TLS 1.2" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
@ -2355,8 +2337,7 @@ static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl )
/* The RFC is not clear on this point, but sending the actual negotiated
* version looks like the most interoperable thing to do. */
mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
ssl->conf->transport, p );
mbedtls_ssl_write_version( p, ssl->conf->transport, ssl->tls_version );
MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
p += 2;
@ -2495,8 +2476,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
buf = ssl->out_msg;
p = buf + 4;
mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
ssl->conf->transport, p );
mbedtls_ssl_write_version( p, ssl->conf->transport, ssl->tls_version );
p += 2;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen version: [%d:%d]",
@ -3736,9 +3716,8 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
return( ret );
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
mbedtls_ssl_write_version( MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_3,
ssl->conf->transport, ver );
mbedtls_ssl_write_version( ver, ssl->conf->transport,
ssl->session_negotiate->tls_version );
/* Avoid data-dependent branches while checking for invalid
* padding, to protect against timing-based Bleichenbacher-type

34
library/ssl_tls13_client.c
View File

@ -49,8 +49,8 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
size_t *out_len )
{
unsigned char *p = buf;
unsigned char versions_len = ( ssl->handshake->min_minor_ver <=
MBEDTLS_SSL_MINOR_VERSION_3 ) ? 4 : 2;
unsigned char versions_len = ( ssl->handshake->min_tls_version <=
MBEDTLS_SSL_VERSION_TLS1_2 ) ? 4 : 2;
*out_len = 0;
@ -75,17 +75,15 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
* They are defined by the configuration.
* Currently, we advertise only TLS 1.3 or both TLS 1.3 and TLS 1.2.
*/
mbedtls_ssl_write_version( MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_4,
MBEDTLS_SSL_TRANSPORT_STREAM, p );
mbedtls_ssl_write_version( p, MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_VERSION_TLS1_3 );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [3:4]" ) );
if( ssl->handshake->min_minor_ver <= MBEDTLS_SSL_MINOR_VERSION_3 )
if( ssl->handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 )
{
mbedtls_ssl_write_version( MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_TRANSPORT_STREAM, p + 2 );
mbedtls_ssl_write_version( p + 2, MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_VERSION_TLS1_2 );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [3:3]" ) );
}
@ -101,8 +99,8 @@ static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
((void) ssl);
MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, 2 );
if( buf[0] != MBEDTLS_SSL_MAJOR_VERSION_3 ||
buf[1] != MBEDTLS_SSL_MINOR_VERSION_4 )
if( mbedtls_ssl_read_version( buf, ssl->conf->transport ) !=
MBEDTLS_SSL_VERSION_TLS1_3 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "unexpected version" ) );
@ -861,7 +859,7 @@ static int ssl_tls13_server_hello_coordinate( mbedtls_ssl_context *ssl,
* expecting it, abort the handshake. Otherwise, switch to TLS 1.2
* handshake.
*/
if( ssl->handshake->min_minor_ver > MBEDTLS_SSL_MINOR_VERSION_3 )
if( ssl->handshake->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 )
{
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
@ -869,7 +867,7 @@ static int ssl_tls13_server_hello_coordinate( mbedtls_ssl_context *ssl,
}
ssl->keep_current_message = 1;
ssl->minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_SERVER_HELLO,
*buf, *buf_len );
@ -1026,8 +1024,8 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
* with ProtocolVersion defined as:
* uint16 ProtocolVersion;
*/
if( !( p[0] == MBEDTLS_SSL_MAJOR_VERSION_3 &&
p[1] == MBEDTLS_SSL_MINOR_VERSION_3 ) )
if( mbedtls_ssl_read_version( p, ssl->conf->transport ) !=
MBEDTLS_SSL_VERSION_TLS1_2 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unsupported version of TLS." ) );
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION,
@ -1077,8 +1075,9 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
/*
* Check whether this ciphersuite is valid and offered.
*/
if( ( mbedtls_ssl_validate_ciphersuite(
ssl, ciphersuite_info, ssl->minor_ver, ssl->minor_ver ) != 0 ) ||
if( ( mbedtls_ssl_validate_ciphersuite( ssl, ciphersuite_info,
ssl->tls_version,
ssl->tls_version ) != 0 ) ||
!ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) )
{
fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER;
@ -1411,7 +1410,6 @@ static int ssl_tls13_process_server_hello( mbedtls_ssl_context *ssl )
* - Make sure it's either a ServerHello or a HRR.
* - Switch processing routine in case of HRR
*/
ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
ret = ssl_tls13_server_hello_coordinate( ssl, &buf, &buf_len );

2
library/ssl_tls13_keys.c
View File

@ -1106,7 +1106,7 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
transform->ivlen = traffic_keys->iv_len;
transform->maclen = 0;
transform->fixed_ivlen = transform->ivlen;
transform->minor_ver = MBEDTLS_SSL_MINOR_VERSION_4;
transform->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
/* We add the true record content type (1 Byte) to the plaintext and
* then pad to the configured granularity. The mimimum length of the

44
programs/ssl/ssl_client2.c
View File

@ -1132,10 +1132,10 @@ int main( int argc, char *argv[] )
{
if( strcmp( q, "tls12" ) == 0 ||
strcmp( q, "dtls12" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else
goto usage;
@ -1144,10 +1144,10 @@ int main( int argc, char *argv[] )
{
if( strcmp( q, "tls12" ) == 0 ||
strcmp( q, "dtls12" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else
goto usage;
@ -1165,20 +1165,20 @@ int main( int argc, char *argv[] )
{
if( strcmp( q, "tls12" ) == 0 )
{
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
}
else if( strcmp( q, "dtls12" ) == 0 )
{
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 )
{
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3;
opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else
@ -1372,14 +1372,14 @@ int main( int argc, char *argv[] )
mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
if( opt.max_version != -1 &&
ciphersuite_info->min_minor_ver > opt.max_version )
ciphersuite_info->min_tls_version > opt.max_version )
{
mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2;
goto usage;
}
if( opt.min_version != -1 &&
ciphersuite_info->max_minor_ver < opt.min_version )
ciphersuite_info->max_tls_version < opt.min_version )
{
mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2;
@ -1389,17 +1389,17 @@ int main( int argc, char *argv[] )
/* If the server selects a version that's not supported by
* this suite, then there will be no common ciphersuite... */
if( opt.max_version == -1 ||
opt.max_version > ciphersuite_info->max_minor_ver )
opt.max_version > ciphersuite_info->max_tls_version )
{
opt.max_version = ciphersuite_info->max_minor_ver;
opt.max_version = ciphersuite_info->max_tls_version;
}
if( opt.min_version < ciphersuite_info->min_minor_ver )
if( opt.min_version < ciphersuite_info->min_tls_version )
{
opt.min_version = ciphersuite_info->min_minor_ver;
opt.min_version = ciphersuite_info->min_tls_version;
/* DTLS starts with TLS 1.2 */
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
opt.min_version < MBEDTLS_SSL_MINOR_VERSION_3 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.min_version < MBEDTLS_SSL_VERSION_TLS1_2 )
opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@ -1410,7 +1410,7 @@ int main( int argc, char *argv[] )
* the ciphersuite in advance to set the correct policy for the
* PSK key slot. This limitation might go away in the future. */
if( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK ||
opt.min_version != MBEDTLS_SSL_MINOR_VERSION_3 )
opt.min_version != MBEDTLS_SSL_VERSION_TLS1_2 )
{
mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" );
ret = 2;
@ -1967,12 +1967,10 @@ int main( int argc, char *argv[] )
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
if( opt.min_version != DFL_MIN_VERSION )
mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3,
opt.min_version );
mbedtls_ssl_conf_min_tls_version( &conf, opt.min_version );
if( opt.max_version != DFL_MAX_VERSION )
mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3,
opt.max_version );
mbedtls_ssl_conf_max_tls_version( &conf, opt.max_version );
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{

38
programs/ssl/ssl_server2.c
View File

@ -1845,10 +1845,10 @@ int main( int argc, char *argv[] )
{
if( strcmp( q, "tls12" ) == 0 ||
strcmp( q, "dtls12" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else
goto usage;
@ -1857,10 +1857,10 @@ int main( int argc, char *argv[] )
{
if( strcmp( q, "tls12" ) == 0 ||
strcmp( q, "dtls12" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else
goto usage;
@ -1878,20 +1878,20 @@ int main( int argc, char *argv[] )
{
if( strcmp( q, "tls12" ) == 0 )
{
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
}
else if( strcmp( q, "dtls12" ) == 0 )
{
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 )
{
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3;
opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else
@ -2164,14 +2164,14 @@ int main( int argc, char *argv[] )
mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
if( opt.max_version != -1 &&
ciphersuite_info->min_minor_ver > opt.max_version )
ciphersuite_info->min_tls_version > opt.max_version )
{
mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2;
goto usage;
}
if( opt.min_version != -1 &&
ciphersuite_info->max_minor_ver < opt.min_version )
ciphersuite_info->max_tls_version < opt.min_version )
{
mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2;
@ -2181,13 +2181,13 @@ int main( int argc, char *argv[] )
/* If we select a version that's not supported by
* this suite, then there will be no common ciphersuite... */
if( opt.max_version == -1 ||
opt.max_version > ciphersuite_info->max_minor_ver )
opt.max_version > ciphersuite_info->max_tls_version )
{
opt.max_version = ciphersuite_info->max_minor_ver;
opt.max_version = ciphersuite_info->max_tls_version;
}
if( opt.min_version < ciphersuite_info->min_minor_ver )
if( opt.min_version < ciphersuite_info->min_tls_version )
{
opt.min_version = ciphersuite_info->min_minor_ver;
opt.min_version = ciphersuite_info->min_tls_version;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@ -2198,7 +2198,7 @@ int main( int argc, char *argv[] )
* the ciphersuite in advance to set the correct policy for the
* PSK key slot. This limitation might go away in the future. */
if( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK ||
opt.min_version != MBEDTLS_SSL_MINOR_VERSION_3 )
opt.min_version != MBEDTLS_SSL_VERSION_TLS1_2 )
{
mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" );
ret = 2;
@ -3086,10 +3086,10 @@ int main( int argc, char *argv[] )
#endif
if( opt.min_version != DFL_MIN_VERSION )
mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
mbedtls_ssl_conf_min_tls_version( &conf, opt.min_version );
if( opt.max_version != DFL_MIN_VERSION )
mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
mbedtls_ssl_conf_max_tls_version( &conf, opt.max_version );
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{

926
tests/suites/test_suite_ssl.data
View File

File diff suppressed because it is too large Load Diff

120
tests/suites/test_suite_ssl.function
View File

@ -52,17 +52,14 @@ void log_analyzer( void *ctx, int level,
}
}
/* Invalid minor version used when not specifying a min/max version or expecting a test to fail */
#define TEST_SSL_MINOR_VERSION_NONE -1
typedef struct handshake_test_options
{
const char *cipher;
int client_min_version;
int client_max_version;
int server_min_version;
int server_max_version;
int expected_negotiated_version;
mbedtls_ssl_protocol_version client_min_version;
mbedtls_ssl_protocol_version client_max_version;
mbedtls_ssl_protocol_version server_min_version;
mbedtls_ssl_protocol_version server_max_version;
mbedtls_ssl_protocol_version expected_negotiated_version;
int pk_alg;
data_t *psk_str;
int dtls;
@ -85,11 +82,11 @@ typedef struct handshake_test_options
void init_handshake_options( handshake_test_options *opts )
{
opts->cipher = "";
opts->client_min_version = TEST_SSL_MINOR_VERSION_NONE;
opts->client_max_version = TEST_SSL_MINOR_VERSION_NONE;
opts->server_min_version = TEST_SSL_MINOR_VERSION_NONE;
opts->server_max_version = TEST_SSL_MINOR_VERSION_NONE;
opts->expected_negotiated_version = MBEDTLS_SSL_MINOR_VERSION_3;
opts->client_min_version = MBEDTLS_SSL_VERSION_UNKNOWN;
opts->client_max_version = MBEDTLS_SSL_VERSION_UNKNOWN;
opts->server_min_version = MBEDTLS_SSL_VERSION_UNKNOWN;
opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN;
opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2;
opts->pk_alg = MBEDTLS_PK_RSA;
opts->psk_str = NULL;
opts->dtls = 0;
@ -1183,16 +1180,16 @@ void set_ciphersuite( mbedtls_ssl_config *conf, const char *cipher,
mbedtls_ssl_ciphersuite_from_id( forced_ciphersuite[0] );
TEST_ASSERT( ciphersuite_info != NULL );
TEST_ASSERT( ciphersuite_info->min_minor_ver <= conf->max_minor_ver );
TEST_ASSERT( ciphersuite_info->max_minor_ver >= conf->min_minor_ver );
TEST_ASSERT( ciphersuite_info->min_tls_version <= conf->max_tls_version );
TEST_ASSERT( ciphersuite_info->max_tls_version >= conf->min_tls_version );
if( conf->max_minor_ver > ciphersuite_info->max_minor_ver )
if( conf->max_tls_version > ciphersuite_info->max_tls_version )
{
conf->max_minor_ver = ciphersuite_info->max_minor_ver;
conf->max_tls_version = ciphersuite_info->max_tls_version;
}
if( conf->min_minor_ver < ciphersuite_info->min_minor_ver )
if( conf->min_tls_version < ciphersuite_info->min_tls_version )
{
conf->min_minor_ver = ciphersuite_info->min_minor_ver;
conf->min_tls_version = ciphersuite_info->min_tls_version;
}
mbedtls_ssl_conf_ciphersuites( conf, forced_ciphersuite );
@ -1265,7 +1262,8 @@ static int psa_cipher_encrypt_helper( mbedtls_ssl_transform *transform,
static int build_transforms( mbedtls_ssl_transform *t_in,
mbedtls_ssl_transform *t_out,
int cipher_type, int hash_id,
int etm, int tag_mode, int ver,
int etm, int tag_mode,
mbedtls_ssl_protocol_version tls_version,
size_t cid0_len,
size_t cid1_len )
{
@ -1442,8 +1440,8 @@ static int build_transforms( mbedtls_ssl_transform *t_in,
((void) etm);
#endif
t_out->minor_ver = ver;
t_in->minor_ver = ver;
t_out->tls_version = tls_version;
t_in->tls_version = tls_version;
t_out->ivlen = ivlen;
t_in->ivlen = ivlen;
@ -1452,7 +1450,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in,
case MBEDTLS_MODE_GCM:
case MBEDTLS_MODE_CCM:
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( ver == MBEDTLS_SSL_MINOR_VERSION_4 )
if( tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{
t_out->fixed_ivlen = 12;
t_in->fixed_ivlen = 12;
@ -1637,7 +1635,7 @@ static int ssl_populate_session_tls12( mbedtls_ssl_session *session,
#if defined(MBEDTLS_HAVE_TIME)
session->start = mbedtls_time( NULL ) - 42;
#endif
session->minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
session->tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
session->ciphersuite = 0xabcd;
session->compression = 1;
session->id_len = sizeof( session->id );
@ -1864,15 +1862,17 @@ int exchange_data( mbedtls_ssl_context *ssl_1,
ssl_2, 256, 1 );
}
int check_ssl_version( int expected_negotiated_version,
const mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C)
static int check_ssl_version( mbedtls_ssl_protocol_version expected_negotiated_version,
const mbedtls_ssl_context *ssl )
{
const char *version_string = mbedtls_ssl_get_version( ssl );
mbedtls_ssl_protocol_version version_number =
mbedtls_ssl_get_version_number( ssl );
TEST_EQUAL( ssl->major_ver, MBEDTLS_SSL_MAJOR_VERSION_3 );
TEST_EQUAL( ssl->minor_ver, expected_negotiated_version );
TEST_EQUAL( ssl->tls_version, expected_negotiated_version );
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
@ -1882,13 +1882,13 @@ int check_ssl_version( int expected_negotiated_version,
switch( expected_negotiated_version )
{
case MBEDTLS_SSL_MINOR_VERSION_3:
TEST_EQUAL( version_number, MBEDTLS_SSL_VERSION_1_2 );
case MBEDTLS_SSL_VERSION_TLS1_2:
TEST_EQUAL( version_number, MBEDTLS_SSL_VERSION_TLS1_2 );
TEST_ASSERT( strcmp( version_string, "TLSv1.2" ) == 0 );
break;
case MBEDTLS_SSL_MINOR_VERSION_4:
TEST_EQUAL( version_number, MBEDTLS_SSL_VERSION_1_3 );
case MBEDTLS_SSL_VERSION_TLS1_3:
TEST_EQUAL( version_number, MBEDTLS_SSL_VERSION_TLS1_3 );
TEST_ASSERT( strcmp( version_string, "TLSv1.3" ) == 0 );
break;
@ -1901,6 +1901,7 @@ int check_ssl_version( int expected_negotiated_version,
exit:
return( 0 );
}
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
@ -1954,15 +1955,15 @@ void perform_handshake( handshake_test_options* options )
NULL, NULL ) == 0 );
}
if( options->client_min_version != TEST_SSL_MINOR_VERSION_NONE )
if( options->client_min_version != MBEDTLS_SSL_VERSION_UNKNOWN )
{
mbedtls_ssl_conf_min_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
mbedtls_ssl_conf_min_tls_version( &client.conf,
options->client_min_version );
}
if( options->client_max_version != TEST_SSL_MINOR_VERSION_NONE )
if( options->client_max_version != MBEDTLS_SSL_VERSION_UNKNOWN )
{
mbedtls_ssl_conf_max_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
mbedtls_ssl_conf_max_tls_version( &client.conf,
options->client_max_version );
}
@ -2002,15 +2003,15 @@ void perform_handshake( handshake_test_options* options )
mbedtls_ssl_conf_authmode( &server.conf, options->srv_auth_mode );
if( options->server_min_version != TEST_SSL_MINOR_VERSION_NONE )
if( options->server_min_version != MBEDTLS_SSL_VERSION_UNKNOWN )
{
mbedtls_ssl_conf_min_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
mbedtls_ssl_conf_min_tls_version( &server.conf,
options->server_min_version );
}
if( options->server_max_version != TEST_SSL_MINOR_VERSION_NONE )
if( options->server_max_version != MBEDTLS_SSL_VERSION_UNKNOWN )
{
mbedtls_ssl_conf_max_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
mbedtls_ssl_conf_max_tls_version( &server.conf,
options->server_max_version );
}
@ -2078,7 +2079,7 @@ void perform_handshake( handshake_test_options* options )
}
#endif
if( options->expected_negotiated_version == TEST_SSL_MINOR_VERSION_NONE )
if( options->expected_negotiated_version == MBEDTLS_SSL_VERSION_UNKNOWN )
{
expected_handshake_result = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
}
@ -3509,7 +3510,7 @@ void ssl_crypt_record( int cipher_type, int hash_id,
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
if( t_enc->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{
/* TLS 1.3 hides the real content type and
* always uses Application Data as the content type
@ -3678,7 +3679,7 @@ void ssl_crypt_record_small( int cipher_type, int hash_id,
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
if( t_enc->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{
/* TLS 1.3 hides the real content type and
* always uses Application Data as the content type
@ -3763,7 +3764,7 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
/* Set up transforms with dummy keys */
ret = build_transforms( &t0, &t1, cipher_type, hash_id,
0, trunc_hmac,
MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_VERSION_TLS1_2,
0 , 0 );
TEST_ASSERT( ret == 0 );
@ -3803,8 +3804,8 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
/* Prepare a dummy record header */
memset( rec.ctr, 0, sizeof( rec.ctr ) );
rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA;
rec.ver[0] = MBEDTLS_SSL_MAJOR_VERSION_3;
rec.ver[1] = MBEDTLS_SSL_MINOR_VERSION_3;
mbedtls_ssl_write_version( rec.ver, MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_VERSION_TLS1_2 );
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
rec.cid_len = 0;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
@ -4464,10 +4465,9 @@ void ssl_tls13_record_protection( int ciphersuite,
rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA;
/* TLS 1.3 uses the version identifier from TLS 1.2 on the wire. */
mbedtls_ssl_write_version( MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_3,
mbedtls_ssl_write_version( rec.ver,
MBEDTLS_SSL_TRANSPORT_STREAM,
rec.ver );
MBEDTLS_SSL_VERSION_TLS1_2 );
/* Copy plaintext into record structure */
rec.buf = buf;
@ -4587,7 +4587,7 @@ void ssl_serialize_session_save_load( int ticket_len, char *crt_file )
#if defined(MBEDTLS_HAVE_TIME)
TEST_ASSERT( original.start == restored.start );
#endif
TEST_ASSERT( original.minor_ver == restored.minor_ver );
TEST_ASSERT( original.tls_version == restored.tls_version );
TEST_ASSERT( original.ciphersuite == restored.ciphersuite );
TEST_ASSERT( original.compression == restored.compression );
TEST_ASSERT( original.id_len == restored.id_len );
@ -4921,7 +4921,6 @@ void handshake_version( int dtls, int client_min_version, int client_max_version
options.client_max_version = client_max_version;
options.server_min_version = server_min_version;
options.server_max_version = server_max_version;
options.expected_negotiated_version = expected_negotiated_version;
options.dtls = dtls;
@ -5407,8 +5406,7 @@ exit:
/* BEGIN_CASE */
void conf_version( int endpoint, int transport,
int min_version_major, int min_version_minor,
int max_version_major, int max_version_minor,
int min_tls_version, int max_tls_version,
int expected_ssl_setup_result )
{
mbedtls_ssl_config conf;
@ -5419,8 +5417,8 @@ void conf_version( int endpoint, int transport,
mbedtls_ssl_conf_endpoint( &conf, endpoint );
mbedtls_ssl_conf_transport( &conf, transport );
mbedtls_ssl_conf_min_version( &conf, min_version_major, min_version_minor );
mbedtls_ssl_conf_max_version( &conf, max_version_major, max_version_minor );
mbedtls_ssl_conf_min_tls_version( &conf, min_tls_version );
mbedtls_ssl_conf_max_tls_version( &conf, max_tls_version );
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == expected_ssl_setup_result );
@ -5445,11 +5443,11 @@ void conf_curve()
mbedtls_ssl_config conf;
mbedtls_ssl_config_init( &conf );
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
mbedtls_ssl_conf_max_version( &conf, 3, 3 );
mbedtls_ssl_conf_min_version( &conf, 3, 3 );
mbedtls_ssl_conf_max_tls_version( &conf, MBEDTLS_SSL_VERSION_TLS1_2 );
mbedtls_ssl_conf_min_tls_version( &conf, MBEDTLS_SSL_VERSION_TLS1_2 );
#else
mbedtls_ssl_conf_max_version( &conf, 3, 4 );
mbedtls_ssl_conf_min_version( &conf, 3, 4 );
mbedtls_ssl_conf_max_tls_version( &conf, MBEDTLS_SSL_VERSION_TLS1_3 );
mbedtls_ssl_conf_min_tls_version( &conf, MBEDTLS_SSL_VERSION_TLS1_3 );
#endif
mbedtls_ssl_conf_curves( &conf, curve_list );
@ -5481,8 +5479,8 @@ void conf_group()
mbedtls_ssl_config conf;
mbedtls_ssl_config_init( &conf );
mbedtls_ssl_conf_max_version( &conf, 3, 3 );
mbedtls_ssl_conf_min_version( &conf, 3, 3 );
mbedtls_ssl_conf_max_tls_version( &conf, MBEDTLS_SSL_VERSION_TLS1_2 );
mbedtls_ssl_conf_min_tls_version( &conf, MBEDTLS_SSL_VERSION_TLS1_2 );
mbedtls_ssl_conf_groups( &conf, iana_tls_group_list );