mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-16 08:42:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #5631 from gstrauss/enum-tls-vers

Browse Source 
Unify internal/external TLS protocol version enums
This commit is contained in:
Paul Elliott 2022-04-19 17:05:26 +01:00 committed by GitHub
commit a2da9c7e45
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 1235 additions and 1549 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog.d/mbedtls_tlsver_enum.txt Normal file
View File

@ -0,0 +1,6 @@
Features
* Unify internal/external TLS protocol version enums
* Deprecate mbedtls_ssl_conf_max_version()
Replaced with mbedtls_ssl_conf_max_tls_version()
* Deprecate mbedtls_ssl_conf_min_version()
Replaced with mbedtls_ssl_conf_min_tls_version()

105
include/mbedtls/ssl.h
View File

@ -243,6 +243,7 @@
* Various constants * Various constants
*/ */
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/* These are the high an low bytes of ProtocolVersion as defined by: /* These are the high an low bytes of ProtocolVersion as defined by:
* - RFC 5246: ProtocolVersion version = { 3, 3 }; // TLS v1.2 * - RFC 5246: ProtocolVersion version = { 3, 3 }; // TLS v1.2
* - RFC 8446: see section 4.2.1 * - RFC 8446: see section 4.2.1
@ -250,6 +251,7 @@
#define MBEDTLS_SSL_MAJOR_VERSION_3 3 #define MBEDTLS_SSL_MAJOR_VERSION_3 3
#define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */ #define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
#define MBEDTLS_SSL_MINOR_VERSION_4 4 /*!< TLS v1.3 */ #define MBEDTLS_SSL_MINOR_VERSION_4 4 /*!< TLS v1.3 */
#endif /* MBEDTLS_DEPRECATED_REMOVED */
#define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */ #define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */
#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ #define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */
@ -1099,6 +1101,14 @@ mbedtls_dtls_srtp_info;
#endif /* MBEDTLS_SSL_DTLS_SRTP */ #endif /* MBEDTLS_SSL_DTLS_SRTP */
/** Human-friendly representation of the (D)TLS protocol version. */
typedef enum
{
MBEDTLS_SSL_VERSION_UNKNOWN, /*!< Context not in use or version not yet negotiated. */
MBEDTLS_SSL_VERSION_TLS1_2 = 0x0303, /*!< (D)TLS 1.2 */
MBEDTLS_SSL_VERSION_TLS1_3 = 0x0304, /*!< (D)TLS 1.3 */
} mbedtls_ssl_protocol_version;
/* /*
* This structure is used for storing current session data. * This structure is used for storing current session data.
* *
@ -1118,11 +1128,10 @@ struct mbedtls_ssl_session
unsigned char MBEDTLS_PRIVATE(exported); unsigned char MBEDTLS_PRIVATE(exported);
/*!< Minor version negotiated in the session. Used if and when /*!< TLS version negotiated in the session. Used if and when renegotiating
* renegotiating or resuming a session instead of the configured minor * or resuming a session instead of the configured minor TLS version.
* version.
*/ */
unsigned char MBEDTLS_PRIVATE(minor_ver); mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version);
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< starting time */ mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< starting time */
@ -1161,14 +1170,6 @@ struct mbedtls_ssl_session
#endif #endif
}; };
/** Human-friendly representation of the (D)TLS protocol version. */
typedef enum
{
MBEDTLS_SSL_VERSION_UNKNOWN, /*!< Context not in use or version not yet negotiated. */
MBEDTLS_SSL_VERSION_1_2, /*!< (D)TLS 1.2 */
MBEDTLS_SSL_VERSION_1_3, /*!< (D)TLS 1.3 */
} mbedtls_ssl_protocol_version;
/* /*
* Identifiers for PRFs used in various versions of TLS. * Identifiers for PRFs used in various versions of TLS.
*/ */
@ -1259,10 +1260,8 @@ struct mbedtls_ssl_config
* so that elements tend to be in the 128-element direct access window * so that elements tend to be in the 128-element direct access window
* on Arm Thumb, which reduces the code size. */ * on Arm Thumb, which reduces the code size. */
unsigned char MBEDTLS_PRIVATE(max_major_ver); /*!< max. major version used */ mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(max_tls_version); /*!< max. TLS version used */
unsigned char MBEDTLS_PRIVATE(max_minor_ver); /*!< max. minor version used */ mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(min_tls_version); /*!< min. TLS version used */
unsigned char MBEDTLS_PRIVATE(min_major_ver); /*!< min. major version used */
unsigned char MBEDTLS_PRIVATE(min_minor_ver); /*!< min. minor version used */
/* /*
* Flags (could be bit-fields to save RAM, but separate bytes make * Flags (could be bit-fields to save RAM, but separate bytes make
@ -1515,24 +1514,21 @@ struct mbedtls_ssl_context
renego_max_records is < 0 */ renego_max_records is < 0 */
#endif /* MBEDTLS_SSL_RENEGOTIATION */ #endif /* MBEDTLS_SSL_RENEGOTIATION */
/*!< Equal to MBEDTLS_SSL_MAJOR_VERSION_3 */ /*!< Server: Negotiated TLS protocol version.
int MBEDTLS_PRIVATE(major_ver); * Client: Maximum TLS version to be negotiated, then negotiated TLS
/*!< Server: Negotiated minor version.
* Client: Maximum minor version to be negotiated, then negotiated minor
* version. * version.
* *
* It is initialized as the maximum minor version to be negotiated in the * It is initialized as the maximum TLS version to be negotiated in the
* ClientHello writing preparation stage and used throughout the * ClientHello writing preparation stage and used throughout the
* ClientHello writing. For a fresh handshake not linked to any previous * ClientHello writing. For a fresh handshake not linked to any previous
* handshake, it is initialized to the configured maximum minor version * handshake, it is initialized to the configured maximum TLS version
* to be negotiated. When renegotiating or resuming a session, it is * to be negotiated. When renegotiating or resuming a session, it is
* initialized to the previously negotiated minor version. * initialized to the previously negotiated TLS version.
* *
* Updated to the negotiated minor version as soon as the ServerHello is * Updated to the negotiated TLS version as soon as the ServerHello is
* received. * received.
*/ */
int MBEDTLS_PRIVATE(minor_ver); mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version);
unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received */ unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received */
@ -3847,6 +3843,7 @@ void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ss
mbedtls_dtls_srtp_info *dtls_srtp_info ); mbedtls_dtls_srtp_info *dtls_srtp_info );
#endif /* MBEDTLS_SSL_DTLS_SRTP */ #endif /* MBEDTLS_SSL_DTLS_SRTP */
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/** /**
* \brief Set the maximum supported version sent from the client side * \brief Set the maximum supported version sent from the client side
* and/or accepted at the server side. * and/or accepted at the server side.
@ -3855,14 +3852,37 @@ void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ss
* *
* \note This ignores ciphersuites from higher versions. * \note This ignores ciphersuites from higher versions.
* *
* \note This function is deprecated and has been replaced by
* \c mbedtls_ssl_conf_max_tls_version().
*
* \param conf SSL configuration * \param conf SSL configuration
* \param major Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3) * \param major Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3)
* \param minor Minor version number * \param minor Minor version number
* (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2, * (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2,
* #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3) * #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3)
*/ */
void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor ); void MBEDTLS_DEPRECATED mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor );
#endif /* MBEDTLS_DEPRECATED_REMOVED */
/**
* \brief Set the maximum supported version sent from the client side
* and/or accepted at the server side.
*
* \note After the handshake, you can call
* mbedtls_ssl_get_version_number() to see what version was
* negotiated.
*
* \param conf SSL configuration
* \param tls_version TLS protocol version number (\p mbedtls_ssl_protocol_version)
* (#MBEDTLS_SSL_VERSION_UNKNOWN is not valid)
*/
static inline void mbedtls_ssl_conf_max_tls_version( mbedtls_ssl_config *conf,
mbedtls_ssl_protocol_version tls_version )
{
conf->MBEDTLS_PRIVATE(max_tls_version) = tls_version;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/** /**
* \brief Set the minimum accepted SSL/TLS protocol version * \brief Set the minimum accepted SSL/TLS protocol version
* *
@ -3888,13 +3908,35 @@ void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int mino
* mbedtls_ssl_get_version_number() to see what version was * mbedtls_ssl_get_version_number() to see what version was
* negotiated. * negotiated.
* *
* \note This function is deprecated and has been replaced by
* \c mbedtls_ssl_conf_min_tls_version().
*
* \param conf SSL configuration * \param conf SSL configuration
* \param major Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3) * \param major Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3)
* \param minor Minor version number * \param minor Minor version number
* (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2, * (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2,
* #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3) * #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3)
*/ */
void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor ); void MBEDTLS_DEPRECATED mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor );
#endif /* MBEDTLS_DEPRECATED_REMOVED */
/**
* \brief Set the minimum supported version sent from the client side
* and/or accepted at the server side.
*
* \note After the handshake, you can call
* mbedtls_ssl_get_version_number() to see what version was
* negotiated.
*
* \param conf SSL configuration
* \param tls_version TLS protocol version number (\p mbedtls_ssl_protocol_version)
* (#MBEDTLS_SSL_VERSION_UNKNOWN is not valid)
*/
static inline void mbedtls_ssl_conf_min_tls_version( mbedtls_ssl_config *conf,
mbedtls_ssl_protocol_version tls_version )
{
conf->MBEDTLS_PRIVATE(min_tls_version) = tls_version;
}
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
/** /**
@ -4225,8 +4267,11 @@ const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl );
* \param ssl The SSL context to query. * \param ssl The SSL context to query.
* \return The negotiated protocol version. * \return The negotiated protocol version.
*/ */
mbedtls_ssl_protocol_version mbedtls_ssl_get_version_number( static inline mbedtls_ssl_protocol_version mbedtls_ssl_get_version_number(
const mbedtls_ssl_context *ssl ); const mbedtls_ssl_context *ssl )
{
return ssl->MBEDTLS_PRIVATE(tls_version);
}
/** /**
* \brief Return the current TLS version * \brief Return the current TLS version

19
include/mbedtls/ssl_ciphersuites.h
View File

@ -363,22 +363,23 @@ typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t;
/** /**
* \brief This structure is used for storing ciphersuite information * \brief This structure is used for storing ciphersuite information
*
* \note members are defined using integral types instead of enums
* in order to pack structure and reduce memory usage by internal
* \c ciphersuite_definitions[]
*/ */
struct mbedtls_ssl_ciphersuite_t struct mbedtls_ssl_ciphersuite_t
{ {
int MBEDTLS_PRIVATE(id); int MBEDTLS_PRIVATE(id);
const char * MBEDTLS_PRIVATE(name); const char * MBEDTLS_PRIVATE(name);
mbedtls_cipher_type_t MBEDTLS_PRIVATE(cipher); uint8_t MBEDTLS_PRIVATE(cipher); /* mbedtls_cipher_type_t */
mbedtls_md_type_t MBEDTLS_PRIVATE(mac); uint8_t MBEDTLS_PRIVATE(mac); /* mbedtls_md_type_t */
mbedtls_key_exchange_type_t MBEDTLS_PRIVATE(key_exchange); uint8_t MBEDTLS_PRIVATE(key_exchange); /* mbedtls_key_exchange_type_t */
uint8_t MBEDTLS_PRIVATE(flags);
int MBEDTLS_PRIVATE(min_major_ver); uint16_t MBEDTLS_PRIVATE(min_tls_version); /* mbedtls_ssl_protocol_version */
int MBEDTLS_PRIVATE(min_minor_ver); uint16_t MBEDTLS_PRIVATE(max_tls_version); /* mbedtls_ssl_protocol_version */
int MBEDTLS_PRIVATE(max_major_ver);
int MBEDTLS_PRIVATE(max_minor_ver);
unsigned char MBEDTLS_PRIVATE(flags);
}; };
const int *mbedtls_ssl_list_ciphersuites( void ); const int *mbedtls_ssl_list_ciphersuites( void );

952
library/ssl_ciphersuites.c
View File

File diff suppressed because it is too large Load Diff

42
library/ssl_client.c
View File

@ -416,15 +416,16 @@ static int ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
int mbedtls_ssl_validate_ciphersuite( int mbedtls_ssl_validate_ciphersuite(
const mbedtls_ssl_context *ssl, const mbedtls_ssl_context *ssl,
const mbedtls_ssl_ciphersuite_t *suite_info, const mbedtls_ssl_ciphersuite_t *suite_info,
int min_minor_ver, int max_minor_ver ) mbedtls_ssl_protocol_version min_tls_version,
mbedtls_ssl_protocol_version max_tls_version )
{ {
(void) ssl; (void) ssl;
if( suite_info == NULL ) if( suite_info == NULL )
return( -1 ); return( -1 );
if( ( suite_info->min_minor_ver > max_minor_ver ) || if( ( suite_info->min_tls_version > max_tls_version ) ||
( suite_info->max_minor_ver < min_minor_ver ) ) ( suite_info->max_tls_version < min_tls_version ) )
{ {
return( -1 ); return( -1 );
} }
@ -492,8 +493,8 @@ static int ssl_write_client_hello_cipher_suites(
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite ); ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
if( mbedtls_ssl_validate_ciphersuite( ssl, ciphersuite_info, if( mbedtls_ssl_validate_ciphersuite( ssl, ciphersuite_info,
ssl->handshake->min_minor_ver, ssl->handshake->min_tls_version,
ssl->minor_ver ) != 0 ) ssl->tls_version ) != 0 )
continue; continue;
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
@ -584,15 +585,15 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
unsigned char propose_tls12 = unsigned char propose_tls12 =
( handshake->min_minor_ver <= MBEDTLS_SSL_MINOR_VERSION_3 ) ( handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 )
&& &&
( MBEDTLS_SSL_MINOR_VERSION_3 <= ssl->minor_ver ); ( MBEDTLS_SSL_VERSION_TLS1_2 <= ssl->tls_version );
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
unsigned char propose_tls13 = unsigned char propose_tls13 =
( handshake->min_minor_ver <= MBEDTLS_SSL_MINOR_VERSION_4 ) ( handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3 )
&& &&
( MBEDTLS_SSL_MINOR_VERSION_4 <= ssl->minor_ver ); ( MBEDTLS_SSL_VERSION_TLS1_3 <= ssl->tls_version );
#endif #endif
/* /*
@ -601,9 +602,8 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl,
* In all cases this is the TLS 1.2 version. * In all cases this is the TLS 1.2 version.
*/ */
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
mbedtls_ssl_write_version( MBEDTLS_SSL_MAJOR_VERSION_3, mbedtls_ssl_write_version( p, ssl->conf->transport,
MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_VERSION_TLS1_2 );
ssl->conf->transport, p );
p += 2; p += 2;
/* ... /* ...
@ -816,7 +816,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
* TLS 1.3 case: * TLS 1.3 case:
* opaque Random[32]; * opaque Random[32];
*/ */
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 )
{ {
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t gmt_unix_time = mbedtls_time( NULL ); mbedtls_time_t gmt_unix_time = mbedtls_time( NULL );
@ -851,21 +851,19 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl )
*/ */
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
ssl->handshake->min_minor_ver = ssl->minor_ver; ssl->handshake->min_tls_version = ssl->tls_version;
else else
#endif #endif
{ {
ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
if( ssl->handshake->resume ) if( ssl->handshake->resume )
{ {
ssl->minor_ver = ssl->session_negotiate->minor_ver; ssl->tls_version = ssl->session_negotiate->tls_version;
ssl->handshake->min_minor_ver = ssl->minor_ver; ssl->handshake->min_tls_version = ssl->tls_version;
} }
else else
{ {
ssl->minor_ver = ssl->conf->max_minor_ver; ssl->tls_version = ssl->conf->max_tls_version;
ssl->handshake->min_minor_ver = ssl->conf->min_minor_ver; ssl->handshake->min_tls_version = ssl->conf->min_tls_version;
} }
} }
@ -896,7 +894,7 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl )
session_id_len = ssl->session_negotiate->id_len; session_id_len = ssl->session_negotiate->id_len;
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 )
{ {
if( session_id_len < 16 || session_id_len > 32 || if( session_id_len < 16 || session_id_len > 32 ||
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
@ -927,7 +925,7 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl )
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{ {
/* /*
* Create a legacy session identifier for the purpose of middlebox * Create a legacy session identifier for the purpose of middlebox

11
library/ssl_client.h
View File

@ -31,17 +31,18 @@
/** /**
* \brief Validate cipher suite against config in SSL context. * \brief Validate cipher suite against config in SSL context.
* *
* \param ssl SSL context * \param ssl SSL context
* \param suite_info Cipher suite to validate * \param suite_info Cipher suite to validate
* \param min_minor_ver Minimal minor version to accept a cipher suite * \param min_tls_version Minimal TLS version to accept a cipher suite
* \param max_minor_ver Maximal minor version to accept a cipher suite * \param max_tls_version Maximal TLS version to accept a cipher suite
* *
* \return 0 if valid, negative value otherwise. * \return 0 if valid, negative value otherwise.
*/ */
int mbedtls_ssl_validate_ciphersuite( int mbedtls_ssl_validate_ciphersuite(
const mbedtls_ssl_context *ssl, const mbedtls_ssl_context *ssl,
const mbedtls_ssl_ciphersuite_t *suite_info, const mbedtls_ssl_ciphersuite_t *suite_info,
int min_minor_ver, int max_minor_ver ); mbedtls_ssl_protocol_version min_tls_version,
mbedtls_ssl_protocol_version max_tls_version );
int mbedtls_ssl_write_client_hello( mbedtls_ssl_context *ssl ); int mbedtls_ssl_write_client_hello( mbedtls_ssl_context *ssl );

121
library/ssl_misc.h
View File

@ -59,35 +59,6 @@
#define inline __inline #define inline __inline
#endif #endif
/* Legacy minor version numbers as defined by:
* - RFC 2246: ProtocolVersion version = { 3, 1 }; // TLS v1.0
* - RFC 4346: ProtocolVersion version = { 3, 2 }; // TLS v1.1
*
* We no longer support these versions, but some code still references those
* constants as part of negotiating with the peer, so keep them available
* internally.
*/
#define MBEDTLS_SSL_MINOR_VERSION_1 1
#define MBEDTLS_SSL_MINOR_VERSION_2 2
/* Determine minimum supported version */
#define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_4
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
/* Determine maximum supported version */
#define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_4
#elif defined(MBEDTLS_SSL_PROTO_TLS1_2)
#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
/* Shorthand for restartable ECC */ /* Shorthand for restartable ECC */
#if defined(MBEDTLS_ECP_RESTARTABLE) && \ #if defined(MBEDTLS_ECP_RESTARTABLE) && \
defined(MBEDTLS_SSL_CLI_C) && \ defined(MBEDTLS_SSL_CLI_C) && \
@ -534,8 +505,16 @@ struct mbedtls_ssl_handshake_params
uint8_t resume; /*!< session resume indicator*/ uint8_t resume; /*!< session resume indicator*/
uint8_t cli_exts; /*!< client extension presence*/ uint8_t cli_exts; /*!< client extension presence*/
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
uint8_t sni_authmode; /*!< authmode from SNI callback */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
uint8_t new_session_ticket; /*!< use NewSessionTicket? */
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_SSL_CLI_C)
/*!< Minimum minor version to be negotiated. /*!< Minimum TLS version to be negotiated.
* *
* It is set up in the ClientHello writing preparation stage and used * It is set up in the ClientHello writing preparation stage and used
* throughout the ClientHello writing. Not relevant anymore as soon as * throughout the ClientHello writing. Not relevant anymore as soon as
@ -546,24 +525,16 @@ struct mbedtls_ssl_handshake_params
* renegotiating or resuming a session, it is equal to the previously * renegotiating or resuming a session, it is equal to the previously
* negotiated minor version. * negotiated minor version.
* *
* There is no maximum minor version field in this handshake context. * There is no maximum TLS version field in this handshake context.
* From the start of the handshake, we need to define a current protocol * From the start of the handshake, we need to define a current protocol
* version for the record layer which we define as the maximum minor * version for the record layer which we define as the maximum TLS
* version to be negotiated. The `minor_ver` field of the SSL context is * version to be negotiated. The `tls_version` field of the SSL context is
* used to store this maximum value until it contains the actual * used to store this maximum value until it contains the actual
* negotiated value. * negotiated value.
*/ */
unsigned char min_minor_ver; mbedtls_ssl_protocol_version min_tls_version;
#endif #endif
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
uint8_t sni_authmode; /*!< authmode from SNI callback */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
uint8_t new_session_ticket; /*!< use NewSessionTicket? */
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
uint8_t extended_ms; /*!< use Extended Master Secret? */ uint8_t extended_ms; /*!< use Extended Master Secret? */
#endif #endif
@ -947,7 +918,7 @@ typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;
* and indicates the length of the static part of the IV which is * and indicates the length of the static part of the IV which is
* constant throughout the communication, and which is stored in * constant throughout the communication, and which is stored in
* the first fixed_ivlen bytes of the iv_{enc/dec} arrays. * the first fixed_ivlen bytes of the iv_{enc/dec} arrays.
* - minor_ver denotes the SSL/TLS version * - tls_version denotes the 2-byte TLS version
* - For stream/CBC transformations, maclen denotes the length of the * - For stream/CBC transformations, maclen denotes the length of the
* authentication tag, while taglen is unused and 0. * authentication tag, while taglen is unused and 0.
* - For AEAD transformations, taglen denotes the length of the * - For AEAD transformations, taglen denotes the length of the
@ -988,7 +959,7 @@ struct mbedtls_ssl_transform
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
int minor_ver; mbedtls_ssl_protocol_version tls_version;
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t psa_key_enc; /*!< psa encryption key */ mbedtls_svc_key_id_t psa_key_enc; /*!< psa encryption key */
@ -1457,10 +1428,10 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
uint32_t *flags ); uint32_t *flags );
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
void mbedtls_ssl_write_version( int major, int minor, int transport, void mbedtls_ssl_write_version( unsigned char version[2], int transport,
unsigned char ver[2] ); mbedtls_ssl_protocol_version tls_version );
void mbedtls_ssl_read_version( int *major, int *minor, int transport, uint16_t mbedtls_ssl_read_version( const unsigned char version[2],
const unsigned char ver[2] ); int transport );
static inline size_t mbedtls_ssl_in_hdr_len( const mbedtls_ssl_context *ssl ) static inline size_t mbedtls_ssl_in_hdr_len( const mbedtls_ssl_context *ssl )
{ {
@ -1601,14 +1572,8 @@ void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight );
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
static inline int mbedtls_ssl_conf_is_tls13_only( const mbedtls_ssl_config *conf ) static inline int mbedtls_ssl_conf_is_tls13_only( const mbedtls_ssl_config *conf )
{ {
if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 && return( conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 && conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 );
conf->min_minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 &&
conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
{
return( 1 );
}
return( 0 );
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
@ -1616,14 +1581,8 @@ static inline int mbedtls_ssl_conf_is_tls13_only( const mbedtls_ssl_config *conf
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
static inline int mbedtls_ssl_conf_is_tls12_only( const mbedtls_ssl_config *conf ) static inline int mbedtls_ssl_conf_is_tls12_only( const mbedtls_ssl_config *conf )
{ {
if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 && return( conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_2 &&
conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 && conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_2 );
conf->min_minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
return( 1 );
}
return( 0 );
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@ -1631,14 +1590,8 @@ static inline int mbedtls_ssl_conf_is_tls12_only( const mbedtls_ssl_config *conf
static inline int mbedtls_ssl_conf_is_tls13_enabled( const mbedtls_ssl_config *conf ) static inline int mbedtls_ssl_conf_is_tls13_enabled( const mbedtls_ssl_config *conf )
{ {
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 && return( conf->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3 &&
conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 && conf->max_tls_version >= MBEDTLS_SSL_VERSION_TLS1_3 );
conf->min_minor_ver <= MBEDTLS_SSL_MINOR_VERSION_4 &&
conf->max_minor_ver >= MBEDTLS_SSL_MINOR_VERSION_4 )
{
return( 1 );
}
return( 0 );
#else #else
((void) conf); ((void) conf);
return( 0 ); return( 0 );
@ -1648,14 +1601,8 @@ static inline int mbedtls_ssl_conf_is_tls13_enabled( const mbedtls_ssl_config *c
static inline int mbedtls_ssl_conf_is_tls12_enabled( const mbedtls_ssl_config *conf ) static inline int mbedtls_ssl_conf_is_tls12_enabled( const mbedtls_ssl_config *conf )
{ {
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 && return( conf->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 &&
conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 && conf->max_tls_version >= MBEDTLS_SSL_VERSION_TLS1_2 );
conf->min_minor_ver <= MBEDTLS_SSL_MINOR_VERSION_3 &&
conf->max_minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
{
return( 1 );
}
return( 0 );
#else #else
((void) conf); ((void) conf);
return( 0 ); return( 0 );
@ -1665,14 +1612,8 @@ static inline int mbedtls_ssl_conf_is_tls12_enabled( const mbedtls_ssl_config *c
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_config *conf ) static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_config *conf )
{ {
if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 && return( conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_2 &&
conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 && conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 );
conf->min_minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
{
return( 1 );
}
return( 0 );
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3 */
@ -2077,7 +2018,7 @@ static inline int mbedtls_ssl_sig_alg_is_supported(
{ {
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 )
{ {
/* High byte is hash */ /* High byte is hash */
unsigned char hash = MBEDTLS_BYTE_1( sig_alg ); unsigned char hash = MBEDTLS_BYTE_1( sig_alg );
@ -2140,7 +2081,7 @@ static inline int mbedtls_ssl_sig_alg_is_supported(
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4) if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{ {
mbedtls_pk_type_t pk_type; mbedtls_pk_type_t pk_type;
mbedtls_md_type_t md_alg; mbedtls_md_type_t md_alg;

109
library/ssl_msg.c
View File

@ -382,7 +382,8 @@ static int ssl_parse_inner_plaintext( unsigned char const *content,
static void ssl_extract_add_data_from_record( unsigned char* add_data, static void ssl_extract_add_data_from_record( unsigned char* add_data,
size_t *add_data_len, size_t *add_data_len,
mbedtls_record *rec, mbedtls_record *rec,
unsigned minor_ver, mbedtls_ssl_protocol_version
tls_version,
size_t taglen ) size_t taglen )
{ {
/* Quoting RFC 5246 (TLS 1.2): /* Quoting RFC 5246 (TLS 1.2):
@ -421,7 +422,7 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
size_t ad_len_field = rec->data_len; size_t ad_len_field = rec->data_len;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) if( tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{ {
/* In TLS 1.3, the AAD contains the length of the TLSCiphertext, /* In TLS 1.3, the AAD contains the length of the TLSCiphertext,
* which differs from the length of the TLSInnerPlaintext * which differs from the length of the TLSInnerPlaintext
@ -431,7 +432,7 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
else else
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
{ {
((void) minor_ver); ((void) tls_version);
((void) taglen); ((void) taglen);
memcpy( cur, rec->ctr, sizeof( rec->ctr ) ); memcpy( cur, rec->ctr, sizeof( rec->ctr ) );
cur += sizeof( rec->ctr ); cur += sizeof( rec->ctr );
@ -596,7 +597,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
* is hence no risk of double-addition of the inner plaintext. * is hence no risk of double-addition of the inner plaintext.
*/ */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) if( transform->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{ {
size_t padding = size_t padding =
ssl_compute_padding_length( rec->data_len, ssl_compute_padding_length( rec->data_len,
@ -680,7 +681,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
ssl_extract_add_data_from_record( add_data, &add_data_len, rec, ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
transform->minor_ver, transform->tls_version,
transform->taglen ); transform->taglen );
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
@ -817,7 +818,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
* This depends on the TLS version. * This depends on the TLS version.
*/ */
ssl_extract_add_data_from_record( add_data, &add_data_len, rec, ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
transform->minor_ver, transform->tls_version,
transform->taglen ); transform->taglen );
MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)", MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)",
@ -1050,7 +1051,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
} }
ssl_extract_add_data_from_record( add_data, &add_data_len, ssl_extract_add_data_from_record( add_data, &add_data_len,
rec, transform->minor_ver, rec, transform->tls_version,
transform->taglen ); transform->taglen );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
@ -1270,7 +1271,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
* This depends on the TLS version. * This depends on the TLS version.
*/ */
ssl_extract_add_data_from_record( add_data, &add_data_len, rec, ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
transform->minor_ver, transform->tls_version,
transform->taglen ); transform->taglen );
MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD", MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
add_data, add_data_len ); add_data, add_data_len );
@ -1412,7 +1413,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
* Further, we still know that data_len > minlen */ * Further, we still know that data_len > minlen */
rec->data_len -= transform->maclen; rec->data_len -= transform->maclen;
ssl_extract_add_data_from_record( add_data, &add_data_len, rec, ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
transform->minor_ver, transform->tls_version,
transform->taglen ); transform->taglen );
/* Calculate expected MAC. */ /* Calculate expected MAC. */
@ -1697,7 +1698,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
*/ */
rec->data_len -= transform->maclen; rec->data_len -= transform->maclen;
ssl_extract_add_data_from_record( add_data, &add_data_len, rec, ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
transform->minor_ver, transform->tls_version,
transform->taglen ); transform->taglen );
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
@ -1775,7 +1776,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
} }
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) if( transform->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{ {
/* Remove inner padding and infer true content type. */ /* Remove inner padding and infer true content type. */
ret = ssl_parse_inner_plaintext( data, &rec->data_len, ret = ssl_parse_inner_plaintext( data, &rec->data_len,
@ -2674,15 +2675,15 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush )
#endif #endif
/* Skip writing the record content type to after the encryption, /* Skip writing the record content type to after the encryption,
* as it may change when using the CID extension. */ * as it may change when using the CID extension. */
int minor_ver = ssl->minor_ver; mbedtls_ssl_protocol_version tls_ver = ssl->tls_version;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/* TLS 1.3 still uses the TLS 1.2 version identifier /* TLS 1.3 still uses the TLS 1.2 version identifier
* for backwards compatibility. */ * for backwards compatibility. */
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) if( tls_ver == MBEDTLS_SSL_VERSION_TLS1_3 )
minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; tls_ver = MBEDTLS_SSL_VERSION_TLS1_2;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
mbedtls_ssl_write_version( ssl->major_ver, minor_ver, mbedtls_ssl_write_version( ssl->out_hdr + 1, ssl->conf->transport,
ssl->conf->transport, ssl->out_hdr + 1 ); tls_ver );
memcpy( ssl->out_ctr, ssl->cur_out_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN ); memcpy( ssl->out_ctr, ssl->cur_out_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN );
MBEDTLS_PUT_UINT16_BE( len, ssl->out_len, 0); MBEDTLS_PUT_UINT16_BE( len, ssl->out_len, 0);
@ -2697,8 +2698,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush )
rec.data_offset = ssl->out_msg - rec.buf; rec.data_offset = ssl->out_msg - rec.buf;
memcpy( &rec.ctr[0], ssl->out_ctr, sizeof( rec.ctr ) ); memcpy( &rec.ctr[0], ssl->out_ctr, sizeof( rec.ctr ) );
mbedtls_ssl_write_version( ssl->major_ver, minor_ver, mbedtls_ssl_write_version( rec.ver, ssl->conf->transport, tls_ver );
ssl->conf->transport, rec.ver );
rec.type = ssl->out_msgtype; rec.type = ssl->out_msgtype;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@ -3420,7 +3420,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
size_t len, size_t len,
mbedtls_record *rec ) mbedtls_record *rec )
{ {
int major_ver, minor_ver; mbedtls_ssl_protocol_version tls_version;
size_t const rec_hdr_type_offset = 0; size_t const rec_hdr_type_offset = 0;
size_t const rec_hdr_type_len = 1; size_t const rec_hdr_type_len = 1;
@ -3530,19 +3530,12 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
rec->ver[0] = buf[ rec_hdr_version_offset + 0 ]; rec->ver[0] = buf[ rec_hdr_version_offset + 0 ];
rec->ver[1] = buf[ rec_hdr_version_offset + 1 ]; rec->ver[1] = buf[ rec_hdr_version_offset + 1 ];
mbedtls_ssl_read_version( &major_ver, &minor_ver, tls_version = mbedtls_ssl_read_version( buf + rec_hdr_version_offset,
ssl->conf->transport, ssl->conf->transport );
&rec->ver[0] );
if( major_ver != ssl->major_ver ) if( tls_version > ssl->conf->max_tls_version )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "major version mismatch" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS version mismatch" ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
if( minor_ver > ssl->conf->max_minor_ver )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD ); return( MBEDTLS_ERR_SSL_INVALID_RECORD );
} }
@ -3574,9 +3567,8 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", buf, rec->data_offset ); MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", buf, rec->data_offset );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %u, " MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %u, "
"version = [%d:%d], msglen = %" MBEDTLS_PRINTF_SIZET, "version = [0x%x], msglen = %" MBEDTLS_PRINTF_SIZET,
rec->type, rec->type, (unsigned)tls_version, rec->data_len ) );
major_ver, minor_ver, rec->data_len ) );
rec->buf = buf; rec->buf = buf;
rec->buf_len = rec->data_offset + rec->data_len; rec->buf_len = rec->data_offset + rec->data_len;
@ -3692,7 +3684,7 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,
*/ */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( ssl->transform_in != NULL && if( ssl->transform_in != NULL &&
ssl->transform_in->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) ssl->transform_in->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{ {
if( rec->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ) if( rec->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
done = 1; done = 1;
@ -3748,7 +3740,7 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,
if( rec->data_len == 0 ) if( rec->data_len == 0 )
{ {
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2
&& rec->type != MBEDTLS_SSL_MSG_APPLICATION_DATA ) && rec->type != MBEDTLS_SSL_MSG_APPLICATION_DATA )
{ {
/* TLS v1.2 explicitly disallows zero-length messages which are not application data */ /* TLS v1.2 explicitly disallows zero-length messages which are not application data */
@ -4751,7 +4743,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{ {
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
MBEDTLS_SSL_DEBUG_MSG( 1, MBEDTLS_SSL_DEBUG_MSG( 1,
@ -4970,9 +4962,6 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
static size_t ssl_transform_get_explicit_iv_len( static size_t ssl_transform_get_explicit_iv_len(
mbedtls_ssl_transform const *transform ) mbedtls_ssl_transform const *transform )
{ {
if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
return( 0 );
return( transform->ivlen - transform->fixed_ivlen ); return( transform->ivlen - transform->fixed_ivlen );
} }
@ -5814,51 +5803,35 @@ static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl,
* and, for DTLS, to/from TLS equivalent. * and, for DTLS, to/from TLS equivalent.
* *
* For TLS this is the identity. * For TLS this is the identity.
* For DTLS, use 1's complement (v -> 255 - v, and then map as follows: * For DTLS, map as follows, then use 1's complement (v -> ~v):
* 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2) * 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2)
* DTLS 1.0 is stored as TLS 1.1 internally
*/ */
void mbedtls_ssl_write_version( int major, int minor, int transport, void mbedtls_ssl_write_version( unsigned char version[2], int transport,
unsigned char ver[2] ) mbedtls_ssl_protocol_version tls_version )
{ {
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{ tls_version =
if( minor == MBEDTLS_SSL_MINOR_VERSION_2 ) ~( tls_version - ( tls_version == 0x0302 ? 0x0202 : 0x0201 ) );
--minor; /* DTLS 1.0 stored as TLS 1.1 internally */
ver[0] = (unsigned char)( 255 - ( major - 2 ) );
ver[1] = (unsigned char)( 255 - ( minor - 1 ) );
}
else
#else #else
((void) transport); ((void) transport);
#endif #endif
{ MBEDTLS_PUT_UINT16_BE( tls_version, version, 0 );
ver[0] = (unsigned char) major;
ver[1] = (unsigned char) minor;
}
} }
void mbedtls_ssl_read_version( int *major, int *minor, int transport, uint16_t mbedtls_ssl_read_version( const unsigned char version[2],
const unsigned char ver[2] ) int transport )
{ {
uint16_t tls_version = MBEDTLS_GET_UINT16_BE( version, 0 );
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{ tls_version =
*major = 255 - ver[0] + 2; ~( tls_version - ( tls_version == 0xfeff ? 0x0202 : 0x0201 ) );
*minor = 255 - ver[1] + 1;
if( *minor == MBEDTLS_SSL_MINOR_VERSION_1 )
++*minor; /* DTLS 1.0 stored as TLS 1.1 internally */
}
else
#else #else
((void) transport); ((void) transport);
#endif #endif
{ return tls_version;
*major = ver[0];
*minor = ver[1];
}
} }
/* /*

166
library/ssl_tls.c
View File

@ -390,7 +390,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
MBEDTLS_SSL_SOME_SUITES_USE_MAC */ MBEDTLS_SSL_SOME_SUITES_USE_MAC */
ssl_tls_prf_t tls_prf, ssl_tls_prf_t tls_prf,
const unsigned char randbytes[64], const unsigned char randbytes[64],
int minor_ver, mbedtls_ssl_protocol_version tls_version,
unsigned endpoint, unsigned endpoint,
const mbedtls_ssl_context *ssl ); const mbedtls_ssl_context *ssl );
@ -2147,14 +2147,12 @@ void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ss
void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor ) void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor )
{ {
conf->max_major_ver = major; conf->max_tls_version = (major << 8) | minor;
conf->max_minor_ver = minor;
} }
void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor ) void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor )
{ {
conf->min_major_ver = major; conf->min_tls_version = (major << 8) | minor;
conf->min_minor_ver = minor;
} }
#if defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_SRV_C)
@ -2313,42 +2311,26 @@ const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl )
return mbedtls_ssl_get_ciphersuite_name( ssl->session->ciphersuite ); return mbedtls_ssl_get_ciphersuite_name( ssl->session->ciphersuite );
} }
mbedtls_ssl_protocol_version mbedtls_ssl_get_version_number(
const mbedtls_ssl_context *ssl )
{
/* For major_ver, only 3 is supported, so skip checking it. */
switch( ssl->minor_ver )
{
case MBEDTLS_SSL_MINOR_VERSION_3:
return( MBEDTLS_SSL_VERSION_1_2 );
case MBEDTLS_SSL_MINOR_VERSION_4:
return( MBEDTLS_SSL_VERSION_1_3 );
default:
return( MBEDTLS_SSL_VERSION_UNKNOWN );
}
}
const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl ) const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl )
{ {
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{ {
switch( ssl->minor_ver ) switch( ssl->tls_version )
{ {
case MBEDTLS_SSL_MINOR_VERSION_3: case MBEDTLS_SSL_VERSION_TLS1_2:
return( "DTLSv1.2" ); return( "DTLSv1.2" );
default: default:
return( "unknown (DTLS)" ); return( "unknown (DTLS)" );
} }
} }
#endif #endif
switch( ssl->minor_ver ) switch( ssl->tls_version )
{ {
case MBEDTLS_SSL_MINOR_VERSION_3: case MBEDTLS_SSL_VERSION_TLS1_2:
return( "TLSv1.2" ); return( "TLSv1.2" );
case MBEDTLS_SSL_MINOR_VERSION_4: case MBEDTLS_SSL_VERSION_TLS1_3:
return( "TLSv1.3" ); return( "TLSv1.3" );
default: default:
return( "unknown" ); return( "unknown" );
@ -2642,12 +2624,12 @@ static unsigned char ssl_serialized_session_header[] = {
* // configuration options which influence * // configuration options which influence
* // the structure of mbedtls_ssl_session. * // the structure of mbedtls_ssl_session.
* *
* uint8_t minor_ver; // Protocol-version. Possible values: * uint8_t minor_ver; // Protocol minor version. Possible values:
* // - TLS 1.2 (MBEDTLS_SSL_MINOR_VERSION_3) * // - TLS 1.2 (3)
* *
* select (serialized_session.minor_ver) { * select (serialized_session.tls_version) {
* *
* case MBEDTLS_SSL_MINOR_VERSION_3: // TLS 1.2 * case MBEDTLS_SSL_VERSION_TLS1_2:
* serialized_session_tls12 data; * serialized_session_tls12 data;
* *
* }; * };
@ -2687,14 +2669,14 @@ static int ssl_session_save( const mbedtls_ssl_session *session,
used += 1; used += 1;
if( used <= buf_len ) if( used <= buf_len )
{ {
*p++ = session->minor_ver; *p++ = MBEDTLS_BYTE_0( session->tls_version );
} }
/* Forward to version-specific serialization routine. */ /* Forward to version-specific serialization routine. */
switch( session->minor_ver ) switch( session->tls_version )
{ {
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
case MBEDTLS_SSL_MINOR_VERSION_3: case MBEDTLS_SSL_VERSION_TLS1_2:
{ {
size_t remaining_len = used <= buf_len ? buf_len - used : 0; size_t remaining_len = used <= buf_len ? buf_len - used : 0;
used += ssl_session_save_tls12( session, p, remaining_len ); used += ssl_session_save_tls12( session, p, remaining_len );
@ -2760,13 +2742,13 @@ static int ssl_session_load( mbedtls_ssl_session *session,
*/ */
if( 1 > (size_t)( end - p ) ) if( 1 > (size_t)( end - p ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
session->minor_ver = *p++; session->tls_version = 0x0300 | *p++;
/* Dispatch according to TLS version. */ /* Dispatch according to TLS version. */
switch( session->minor_ver ) switch( session->tls_version )
{ {
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
case MBEDTLS_SSL_MINOR_VERSION_3: /* TLS 1.2 */ case MBEDTLS_SSL_VERSION_TLS1_2:
{ {
size_t remaining_len = ( end - p ); size_t remaining_len = ( end - p );
return( ssl_session_load_tls12( session, p, remaining_len ) ); return( ssl_session_load_tls12( session, p, remaining_len ) );
@ -2868,7 +2850,7 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
default: default:
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
ret = mbedtls_ssl_tls13_handshake_client_step( ssl ); ret = mbedtls_ssl_tls13_handshake_client_step( ssl );
else else
ret = mbedtls_ssl_handshake_client_step( ssl ); ret = mbedtls_ssl_handshake_client_step( ssl );
@ -3375,12 +3357,7 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
} }
/* Version must be 1.2 */ /* Version must be 1.2 */
if( ssl->major_ver != MBEDTLS_SSL_MAJOR_VERSION_3 ) if( ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_2 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only version 1.2 supported" ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only version 1.2 supported" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only version 1.2 supported" ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@ -3569,10 +3546,8 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
* least check it matches the requirements for serializing. * least check it matches the requirements for serializing.
*/ */
if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
ssl->conf->max_major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 || ssl->conf->max_tls_version < MBEDTLS_SSL_VERSION_TLS1_2 ||
ssl->conf->min_major_ver > MBEDTLS_SSL_MAJOR_VERSION_3 || ssl->conf->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 ||
ssl->conf->max_minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ||
ssl->conf->min_minor_ver > MBEDTLS_SSL_MINOR_VERSION_3 ||
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED || ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED ||
#endif #endif
@ -3652,7 +3627,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_SOME_SUITES_USE_MAC */ MBEDTLS_SSL_SOME_SUITES_USE_MAC */
ssl_tls12prf_from_cs( ssl->session->ciphersuite ), ssl_tls12prf_from_cs( ssl->session->ciphersuite ),
p, /* currently pointing to randbytes */ p, /* currently pointing to randbytes */
MBEDTLS_SSL_MINOR_VERSION_3, /* (D)TLS 1.2 is forced */ MBEDTLS_SSL_VERSION_TLS1_2, /* (D)TLS 1.2 is forced */
ssl->conf->endpoint, ssl->conf->endpoint,
ssl ); ssl );
if( ret != 0 ) if( ret != 0 )
@ -3778,9 +3753,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
* mbedtls_ssl_reset(), so we only need to set the remaining ones. * mbedtls_ssl_reset(), so we only need to set the remaining ones.
*/ */
ssl->state = MBEDTLS_SSL_HANDSHAKE_OVER; ssl->state = MBEDTLS_SSL_HANDSHAKE_OVER;
ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
ssl->minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
/* Adjust pointers for header fields of outgoing records to /* Adjust pointers for header fields of outgoing records to
* the given transform, accounting for explicit IV and CID. */ * the given transform, accounting for explicit IV and CID. */
@ -4242,6 +4215,32 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
conf->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL; conf->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
if( ( endpoint == MBEDTLS_SSL_IS_SERVER ) ||
( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) )
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
#else
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
#endif
}
else
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
#elif defined(MBEDTLS_SSL_PROTO_TLS1_2)
conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
#else
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
#endif
}
/* /*
* Preset-specific defaults * Preset-specific defaults
*/ */
@ -4251,30 +4250,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
* NSA Suite B * NSA Suite B
*/ */
case MBEDTLS_SSL_PRESET_SUITEB: case MBEDTLS_SSL_PRESET_SUITEB:
conf->min_major_ver = MBEDTLS_SSL_MIN_MAJOR_VERSION;
conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
if( ( endpoint == MBEDTLS_SSL_IS_SERVER ) ||
( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) )
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
{
conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
conf->max_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
}
#else
{
conf->min_major_ver = 0;
conf->max_major_ver = 0;
conf->min_minor_ver = 0;
conf->max_minor_ver = 0;
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
#endif
else
{
conf->min_minor_ver = MBEDTLS_SSL_MIN_MINOR_VERSION;
conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
}
conf->ciphersuite_list = ssl_preset_suiteb_ciphersuites; conf->ciphersuite_list = ssl_preset_suiteb_ciphersuites;
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
@ -4303,30 +4279,6 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
* Default * Default
*/ */
default: default:
conf->min_major_ver = MBEDTLS_SSL_MIN_MAJOR_VERSION;
conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
if( ( endpoint == MBEDTLS_SSL_IS_SERVER ) ||
( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) )
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
{
conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
conf->max_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
}
#else
{
conf->min_major_ver = 0;
conf->max_major_ver = 0;
conf->min_minor_ver = 0;
conf->max_minor_ver = 0;
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
#endif
else
{
conf->min_minor_ver = MBEDTLS_SSL_MIN_MINOR_VERSION;
conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
}
conf->ciphersuite_list = mbedtls_ssl_list_ciphersuites(); conf->ciphersuite_list = mbedtls_ssl_list_ciphersuites();
@ -5245,7 +5197,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_SOME_SUITES_USE_MAC */ MBEDTLS_SSL_SOME_SUITES_USE_MAC */
ssl->handshake->tls_prf, ssl->handshake->tls_prf,
ssl->handshake->randbytes, ssl->handshake->randbytes,
ssl->minor_ver, ssl->tls_version,
ssl->conf->endpoint, ssl->conf->endpoint,
ssl ); ssl );
if( ret != 0 ) if( ret != 0 )
@ -6818,7 +6770,7 @@ static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
* - [in] compression * - [in] compression
* - [in] tls_prf: pointer to PRF to use for key derivation * - [in] tls_prf: pointer to PRF to use for key derivation
* - [in] randbytes: buffer holding ServerHello.random + ClientHello.random * - [in] randbytes: buffer holding ServerHello.random + ClientHello.random
* - [in] minor_ver: SSL/TLS minor version * - [in] tls_version: TLS version
* - [in] endpoint: client or server * - [in] endpoint: client or server
* - [in] ssl: used for: * - [in] ssl: used for:
* - ssl->conf->{f,p}_export_keys * - ssl->conf->{f,p}_export_keys
@ -6835,7 +6787,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
MBEDTLS_SSL_SOME_SUITES_USE_MAC */ MBEDTLS_SSL_SOME_SUITES_USE_MAC */
ssl_tls_prf_t tls_prf, ssl_tls_prf_t tls_prf,
const unsigned char randbytes[64], const unsigned char randbytes[64],
int minor_ver, mbedtls_ssl_protocol_version tls_version,
unsigned endpoint, unsigned endpoint,
const mbedtls_ssl_context *ssl ) const mbedtls_ssl_context *ssl )
{ {
@ -6879,14 +6831,14 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
transform->encrypt_then_mac = encrypt_then_mac; transform->encrypt_then_mac = encrypt_then_mac;
#endif #endif
transform->minor_ver = minor_ver; transform->tls_version = tls_version;
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
memcpy( transform->randbytes, randbytes, sizeof( transform->randbytes ) ); memcpy( transform->randbytes, randbytes, sizeof( transform->randbytes ) );
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) if( tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{ {
/* At the moment, we keep TLS <= 1.2 and TLS 1.3 transform /* At the moment, we keep TLS <= 1.2 and TLS 1.3 transform
* generation separate. This should never happen. */ * generation separate. This should never happen. */
@ -7056,7 +7008,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
- transform->maclen % cipher_info->block_size; - transform->maclen % cipher_info->block_size;
} }
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) if( tls_version == MBEDTLS_SSL_VERSION_TLS1_2 )
{ {
transform->minlen += transform->ivlen; transform->minlen += transform->ivlen;
} }
@ -7093,9 +7045,6 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
mac_enc = keyblk; mac_enc = keyblk;
mac_dec = keyblk + mac_key_len; mac_dec = keyblk + mac_key_len;
/*
* This is not used in TLS v1.1.
*/
iv_copy_len = ( transform->fixed_ivlen ) ? iv_copy_len = ( transform->fixed_ivlen ) ?
transform->fixed_ivlen : transform->ivlen; transform->fixed_ivlen : transform->ivlen;
memcpy( transform->iv_enc, key2 + keylen, iv_copy_len ); memcpy( transform->iv_enc, key2 + keylen, iv_copy_len );
@ -7113,9 +7062,6 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
mac_enc = keyblk + mac_key_len; mac_enc = keyblk + mac_key_len;
mac_dec = keyblk; mac_dec = keyblk;
/*
* This is not used in TLS v1.1.
*/
iv_copy_len = ( transform->fixed_ivlen ) ? iv_copy_len = ( transform->fixed_ivlen ) ?
transform->fixed_ivlen : transform->ivlen; transform->fixed_ivlen : transform->ivlen;
memcpy( transform->iv_dec, key1 + keylen, iv_copy_len ); memcpy( transform->iv_dec, key1 + keylen, iv_copy_len );

48
library/ssl_tls12_client.c
View File

@ -1121,7 +1121,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl ) static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
{ {
const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
int major_ver, minor_ver; uint16_t dtls_legacy_version;
unsigned char cookie_len; unsigned char cookie_len;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse hello verify request" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse hello verify request" ) );
@ -1146,17 +1146,15 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
* } HelloVerifyRequest; * } HelloVerifyRequest;
*/ */
MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 ); MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, p ); dtls_legacy_version = MBEDTLS_GET_UINT16_BE( p, 0 );
p += 2; p += 2;
/* /*
* Since the RFC is not clear on this point, accept DTLS 1.0 (TLS 1.1) * Since the RFC is not clear on this point, accept DTLS 1.0 (0xfeff)
* even is lower than our min version. * The DTLS 1.3 (current draft) renames ProtocolVersion server_version to
* legacy_version and locks the value of legacy_version to 0xfefd (DTLS 1.2)
*/ */
if( major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 || if( dtls_legacy_version != 0xfefd && dtls_legacy_version != 0xfeff )
minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ||
major_ver > ssl->conf->max_major_ver ||
minor_ver > ssl->conf->max_minor_ver )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server version" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server version" ) );
@ -1297,23 +1295,18 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
*/ */
buf += mbedtls_ssl_hs_hdr_len( ssl ); buf += mbedtls_ssl_hs_hdr_len( ssl );
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", buf + 0, 2 ); MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", buf, 2 );
mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver, ssl->tls_version = mbedtls_ssl_read_version( buf, ssl->conf->transport );
ssl->conf->transport, buf + 0 ); ssl->session_negotiate->tls_version = ssl->tls_version;
ssl->session_negotiate->minor_ver = ssl->minor_ver;
if( ssl->major_ver < ssl->conf->min_major_ver || if( ssl->tls_version < ssl->conf->min_tls_version ||
ssl->minor_ver < ssl->conf->min_minor_ver || ssl->tls_version > ssl->conf->max_tls_version )
ssl->major_ver > ssl->conf->max_major_ver ||
ssl->minor_ver > ssl->conf->max_minor_ver )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, MBEDTLS_SSL_DEBUG_MSG( 1,
( "server version out of bounds - min: [%d:%d], server: [%d:%d], max: [%d:%d]", ( "server version out of bounds - min: [0x%x], server: [0x%x], max: [0x%x]",
ssl->conf->min_major_ver, (unsigned)ssl->conf->min_tls_version,
ssl->conf->min_minor_ver, (unsigned)ssl->tls_version,
ssl->major_ver, ssl->minor_ver, (unsigned)ssl->conf->max_tls_version ) );
ssl->conf->max_major_ver,
ssl->conf->max_minor_ver ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION ); MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
@ -1475,8 +1468,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
suite_info = mbedtls_ssl_ciphersuite_from_id( suite_info = mbedtls_ssl_ciphersuite_from_id(
ssl->session_negotiate->ciphersuite ); ssl->session_negotiate->ciphersuite );
if( mbedtls_ssl_validate_ciphersuite( ssl, suite_info, ssl->minor_ver, if( mbedtls_ssl_validate_ciphersuite( ssl, suite_info, ssl->tls_version,
ssl->minor_ver ) != 0 ) ssl->tls_version ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
mbedtls_ssl_send_alert_message( mbedtls_ssl_send_alert_message(
@ -1491,7 +1484,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA && if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA &&
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 )
{ {
ssl->handshake->ecrs_enabled = 1; ssl->handshake->ecrs_enabled = 1;
} }
@ -1992,9 +1985,8 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
* opaque random[46]; * opaque random[46];
* } PreMasterSecret; * } PreMasterSecret;
*/ */
mbedtls_ssl_write_version( MBEDTLS_SSL_MAJOR_VERSION_3, mbedtls_ssl_write_version( p, ssl->conf->transport,
MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_VERSION_TLS1_2 );
ssl->conf->transport, p );
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p + 2, 46 ) ) != 0 ) if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p + 2, 46 ) ) != 0 )
{ {

41
library/ssl_tls12_server.c
View File

@ -951,7 +951,7 @@ static int ssl_check_key_curve( mbedtls_pk_context *pk,
static int ssl_pick_cert( mbedtls_ssl_context *ssl, static int ssl_pick_cert( mbedtls_ssl_context *ssl,
const mbedtls_ssl_ciphersuite_t * ciphersuite_info ) const mbedtls_ssl_ciphersuite_t * ciphersuite_info )
{ {
mbedtls_ssl_key_cert *cur, *list, *fallback = NULL; mbedtls_ssl_key_cert *cur, *list;
mbedtls_pk_type_t pk_alg = mbedtls_pk_type_t pk_alg =
mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ); mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
uint32_t flags; uint32_t flags;
@ -1015,9 +1015,6 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
break; break;
} }
if( cur == NULL )
cur = fallback;
/* Do not update ssl->handshake->key_cert unless there is a match */ /* Do not update ssl->handshake->key_cert unless there is a match */
if( cur != NULL ) if( cur != NULL )
{ {
@ -1054,8 +1051,8 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %#04x (%s)", MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %#04x (%s)",
(unsigned int) suite_id, suite_info->name ) ); (unsigned int) suite_id, suite_info->name ) );
if( suite_info->min_minor_ver > ssl->minor_ver || if( suite_info->min_tls_version > ssl->tls_version ||
suite_info->max_minor_ver < ssl->minor_ver ) suite_info->max_tls_version < ssl->tls_version )
{ {
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: version" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: version" ) );
return( 0 ); return( 0 );
@ -1147,7 +1144,6 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl )
int handshake_failure = 0; int handshake_failure = 0;
const int *ciphersuites; const int *ciphersuites;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info; const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
int major, minor;
/* If there is no signature-algorithm extension present, /* If there is no signature-algorithm extension present,
* we need to fall back to the default values for allowed * we need to fall back to the default values for allowed
@ -1206,18 +1202,6 @@ read_record_header:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, protocol version: [%d:%d]", MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, protocol version: [%d:%d]",
buf[1], buf[2] ) ); buf[1], buf[2] ) );
mbedtls_ssl_read_version( &major, &minor, ssl->conf->transport, buf + 1 );
/* According to RFC 5246 Appendix E.1, the version here is typically
* "{03,00}, the lowest version number supported by the client, [or] the
* value of ClientHello.client_version", so the only meaningful check here
* is the major version shouldn't be less than 3 */
if( major < MBEDTLS_SSL_MAJOR_VERSION_3 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
return( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
}
/* For DTLS if this is the initial handshake, remember the client sequence /* For DTLS if this is the initial handshake, remember the client sequence
* number to use it in our next message (RFC 6347 4.2.1) */ * number to use it in our next message (RFC 6347 4.2.1) */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
@ -1405,12 +1389,10 @@ read_record_header:
*/ */
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, version", buf, 2 ); MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, version", buf, 2 );
mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver, ssl->tls_version = mbedtls_ssl_read_version( buf, ssl->conf->transport );
ssl->conf->transport, buf ); ssl->session_negotiate->tls_version = ssl->tls_version;
ssl->session_negotiate->minor_ver = ssl->minor_ver;
if( ( ssl->major_ver != MBEDTLS_SSL_MAJOR_VERSION_3 ) || if( ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_2 )
( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "server only supports TLS 1.2" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "server only supports TLS 1.2" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
@ -2355,8 +2337,7 @@ static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl )
/* The RFC is not clear on this point, but sending the actual negotiated /* The RFC is not clear on this point, but sending the actual negotiated
* version looks like the most interoperable thing to do. */ * version looks like the most interoperable thing to do. */
mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, mbedtls_ssl_write_version( p, ssl->conf->transport, ssl->tls_version );
ssl->conf->transport, p );
MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 ); MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
p += 2; p += 2;
@ -2495,8 +2476,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
buf = ssl->out_msg; buf = ssl->out_msg;
p = buf + 4; p = buf + 4;
mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, mbedtls_ssl_write_version( p, ssl->conf->transport, ssl->tls_version );
ssl->conf->transport, p );
p += 2; p += 2;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen version: [%d:%d]", MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen version: [%d:%d]",
@ -3736,9 +3716,8 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
return( ret ); return( ret );
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
mbedtls_ssl_write_version( MBEDTLS_SSL_MAJOR_VERSION_3, mbedtls_ssl_write_version( ver, ssl->conf->transport,
MBEDTLS_SSL_MINOR_VERSION_3, ssl->session_negotiate->tls_version );
ssl->conf->transport, ver );
/* Avoid data-dependent branches while checking for invalid /* Avoid data-dependent branches while checking for invalid
* padding, to protect against timing-based Bleichenbacher-type * padding, to protect against timing-based Bleichenbacher-type

34
library/ssl_tls13_client.c
View File

@ -49,8 +49,8 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
size_t *out_len ) size_t *out_len )
{ {
unsigned char *p = buf; unsigned char *p = buf;
unsigned char versions_len = ( ssl->handshake->min_minor_ver <= unsigned char versions_len = ( ssl->handshake->min_tls_version <=
MBEDTLS_SSL_MINOR_VERSION_3 ) ? 4 : 2; MBEDTLS_SSL_VERSION_TLS1_2 ) ? 4 : 2;
*out_len = 0; *out_len = 0;
@ -75,17 +75,15 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
* They are defined by the configuration. * They are defined by the configuration.
* Currently, we advertise only TLS 1.3 or both TLS 1.3 and TLS 1.2. * Currently, we advertise only TLS 1.3 or both TLS 1.3 and TLS 1.2.
*/ */
mbedtls_ssl_write_version( MBEDTLS_SSL_MAJOR_VERSION_3, mbedtls_ssl_write_version( p, MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_MINOR_VERSION_4, MBEDTLS_SSL_VERSION_TLS1_3 );
MBEDTLS_SSL_TRANSPORT_STREAM, p );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [3:4]" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [3:4]" ) );
if( ssl->handshake->min_minor_ver <= MBEDTLS_SSL_MINOR_VERSION_3 ) if( ssl->handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 )
{ {
mbedtls_ssl_write_version( MBEDTLS_SSL_MAJOR_VERSION_3, mbedtls_ssl_write_version( p + 2, MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_VERSION_TLS1_2 );
MBEDTLS_SSL_TRANSPORT_STREAM, p + 2 );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [3:3]" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [3:3]" ) );
} }
@ -101,8 +99,8 @@ static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
((void) ssl); ((void) ssl);
MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, 2 ); MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, 2 );
if( buf[0] != MBEDTLS_SSL_MAJOR_VERSION_3 || if( mbedtls_ssl_read_version( buf, ssl->conf->transport ) !=
buf[1] != MBEDTLS_SSL_MINOR_VERSION_4 ) MBEDTLS_SSL_VERSION_TLS1_3 )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "unexpected version" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "unexpected version" ) );
@ -861,7 +859,7 @@ static int ssl_tls13_server_hello_coordinate( mbedtls_ssl_context *ssl,
* expecting it, abort the handshake. Otherwise, switch to TLS 1.2 * expecting it, abort the handshake. Otherwise, switch to TLS 1.2
* handshake. * handshake.
*/ */
if( ssl->handshake->min_minor_ver > MBEDTLS_SSL_MINOR_VERSION_3 ) if( ssl->handshake->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 )
{ {
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
@ -869,7 +867,7 @@ static int ssl_tls13_server_hello_coordinate( mbedtls_ssl_context *ssl,
} }
ssl->keep_current_message = 1; ssl->keep_current_message = 1;
ssl->minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_SERVER_HELLO, mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_SERVER_HELLO,
*buf, *buf_len ); *buf, *buf_len );
@ -1026,8 +1024,8 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
* with ProtocolVersion defined as: * with ProtocolVersion defined as:
* uint16 ProtocolVersion; * uint16 ProtocolVersion;
*/ */
if( !( p[0] == MBEDTLS_SSL_MAJOR_VERSION_3 && if( mbedtls_ssl_read_version( p, ssl->conf->transport ) !=
p[1] == MBEDTLS_SSL_MINOR_VERSION_3 ) ) MBEDTLS_SSL_VERSION_TLS1_2 )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unsupported version of TLS." ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unsupported version of TLS." ) );
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION, MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION,
@ -1077,8 +1075,9 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
/* /*
* Check whether this ciphersuite is valid and offered. * Check whether this ciphersuite is valid and offered.
*/ */
if( ( mbedtls_ssl_validate_ciphersuite( if( ( mbedtls_ssl_validate_ciphersuite( ssl, ciphersuite_info,
ssl, ciphersuite_info, ssl->minor_ver, ssl->minor_ver ) != 0 ) || ssl->tls_version,
ssl->tls_version ) != 0 ) ||
!ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) ) !ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) )
{ {
fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER; fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER;
@ -1411,7 +1410,6 @@ static int ssl_tls13_process_server_hello( mbedtls_ssl_context *ssl )
* - Make sure it's either a ServerHello or a HRR. * - Make sure it's either a ServerHello or a HRR.
* - Switch processing routine in case of HRR * - Switch processing routine in case of HRR
*/ */
ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE; ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
ret = ssl_tls13_server_hello_coordinate( ssl, &buf, &buf_len ); ret = ssl_tls13_server_hello_coordinate( ssl, &buf, &buf_len );

2
library/ssl_tls13_keys.c
View File

@ -1106,7 +1106,7 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
transform->ivlen = traffic_keys->iv_len; transform->ivlen = traffic_keys->iv_len;
transform->maclen = 0; transform->maclen = 0;
transform->fixed_ivlen = transform->ivlen; transform->fixed_ivlen = transform->ivlen;
transform->minor_ver = MBEDTLS_SSL_MINOR_VERSION_4; transform->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
/* We add the true record content type (1 Byte) to the plaintext and /* We add the true record content type (1 Byte) to the plaintext and
* then pad to the configured granularity. The mimimum length of the * then pad to the configured granularity. The mimimum length of the

44
programs/ssl/ssl_client2.c
View File

@ -1132,10 +1132,10 @@ int main( int argc, char *argv[] )
{ {
if( strcmp( q, "tls12" ) == 0 || if( strcmp( q, "tls12" ) == 0 ||
strcmp( q, "dtls12" ) == 0 ) strcmp( q, "dtls12" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 ) else if( strcmp( q, "tls13" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4; opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else else
goto usage; goto usage;
@ -1144,10 +1144,10 @@ int main( int argc, char *argv[] )
{ {
if( strcmp( q, "tls12" ) == 0 || if( strcmp( q, "tls12" ) == 0 ||
strcmp( q, "dtls12" ) == 0 ) strcmp( q, "dtls12" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 ) else if( strcmp( q, "tls13" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4; opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else else
goto usage; goto usage;
@ -1165,20 +1165,20 @@ int main( int argc, char *argv[] )
{ {
if( strcmp( q, "tls12" ) == 0 ) if( strcmp( q, "tls12" ) == 0 )
{ {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
} }
else if( strcmp( q, "dtls12" ) == 0 ) else if( strcmp( q, "dtls12" ) == 0 )
{ {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM; opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
} }
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 ) else if( strcmp( q, "tls13" ) == 0 )
{ {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4; opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4; opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3;
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else else
@ -1372,14 +1372,14 @@ int main( int argc, char *argv[] )
mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] ); mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
if( opt.max_version != -1 && if( opt.max_version != -1 &&
ciphersuite_info->min_minor_ver > opt.max_version ) ciphersuite_info->min_tls_version > opt.max_version )
{ {
mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" ); mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2; ret = 2;
goto usage; goto usage;
} }
if( opt.min_version != -1 && if( opt.min_version != -1 &&
ciphersuite_info->max_minor_ver < opt.min_version ) ciphersuite_info->max_tls_version < opt.min_version )
{ {
mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" ); mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2; ret = 2;
@ -1389,17 +1389,17 @@ int main( int argc, char *argv[] )
/* If the server selects a version that's not supported by /* If the server selects a version that's not supported by
* this suite, then there will be no common ciphersuite... */ * this suite, then there will be no common ciphersuite... */
if( opt.max_version == -1 || if( opt.max_version == -1 ||
opt.max_version > ciphersuite_info->max_minor_ver ) opt.max_version > ciphersuite_info->max_tls_version )
{ {
opt.max_version = ciphersuite_info->max_minor_ver; opt.max_version = ciphersuite_info->max_tls_version;
} }
if( opt.min_version < ciphersuite_info->min_minor_ver ) if( opt.min_version < ciphersuite_info->min_tls_version )
{ {
opt.min_version = ciphersuite_info->min_minor_ver; opt.min_version = ciphersuite_info->min_tls_version;
/* DTLS starts with TLS 1.2 */ /* DTLS starts with TLS 1.2 */
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
opt.min_version < MBEDTLS_SSL_MINOR_VERSION_3 ) opt.min_version < MBEDTLS_SSL_VERSION_TLS1_2 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
} }
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
@ -1410,7 +1410,7 @@ int main( int argc, char *argv[] )
* the ciphersuite in advance to set the correct policy for the * the ciphersuite in advance to set the correct policy for the
* PSK key slot. This limitation might go away in the future. */ * PSK key slot. This limitation might go away in the future. */
if( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK || if( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK ||
opt.min_version != MBEDTLS_SSL_MINOR_VERSION_3 ) opt.min_version != MBEDTLS_SSL_VERSION_TLS1_2 )
{ {
mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" ); mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" );
ret = 2; ret = 2;
@ -1967,12 +1967,10 @@ int main( int argc, char *argv[] )
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
if( opt.min_version != DFL_MIN_VERSION ) if( opt.min_version != DFL_MIN_VERSION )
mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, mbedtls_ssl_conf_min_tls_version( &conf, opt.min_version );
opt.min_version );
if( opt.max_version != DFL_MAX_VERSION ) if( opt.max_version != DFL_MAX_VERSION )
mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, mbedtls_ssl_conf_max_tls_version( &conf, opt.max_version );
opt.max_version );
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{ {

38
programs/ssl/ssl_server2.c
View File

@ -1845,10 +1845,10 @@ int main( int argc, char *argv[] )
{ {
if( strcmp( q, "tls12" ) == 0 || if( strcmp( q, "tls12" ) == 0 ||
strcmp( q, "dtls12" ) == 0 ) strcmp( q, "dtls12" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 ) else if( strcmp( q, "tls13" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4; opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else else
goto usage; goto usage;
@ -1857,10 +1857,10 @@ int main( int argc, char *argv[] )
{ {
if( strcmp( q, "tls12" ) == 0 || if( strcmp( q, "tls12" ) == 0 ||
strcmp( q, "dtls12" ) == 0 ) strcmp( q, "dtls12" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 ) else if( strcmp( q, "tls13" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4; opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else else
goto usage; goto usage;
@ -1878,20 +1878,20 @@ int main( int argc, char *argv[] )
{ {
if( strcmp( q, "tls12" ) == 0 ) if( strcmp( q, "tls12" ) == 0 )
{ {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
} }
else if( strcmp( q, "dtls12" ) == 0 ) else if( strcmp( q, "dtls12" ) == 0 )
{ {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM; opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
} }
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 ) else if( strcmp( q, "tls13" ) == 0 )
{ {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4; opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4; opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3;
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else else
@ -2164,14 +2164,14 @@ int main( int argc, char *argv[] )
mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] ); mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
if( opt.max_version != -1 && if( opt.max_version != -1 &&
ciphersuite_info->min_minor_ver > opt.max_version ) ciphersuite_info->min_tls_version > opt.max_version )
{ {
mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" ); mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2; ret = 2;
goto usage; goto usage;
} }
if( opt.min_version != -1 && if( opt.min_version != -1 &&
ciphersuite_info->max_minor_ver < opt.min_version ) ciphersuite_info->max_tls_version < opt.min_version )
{ {
mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" ); mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2; ret = 2;
@ -2181,13 +2181,13 @@ int main( int argc, char *argv[] )
/* If we select a version that's not supported by /* If we select a version that's not supported by
* this suite, then there will be no common ciphersuite... */ * this suite, then there will be no common ciphersuite... */
if( opt.max_version == -1 || if( opt.max_version == -1 ||
opt.max_version > ciphersuite_info->max_minor_ver ) opt.max_version > ciphersuite_info->max_tls_version )
{ {
opt.max_version = ciphersuite_info->max_minor_ver; opt.max_version = ciphersuite_info->max_tls_version;
} }
if( opt.min_version < ciphersuite_info->min_minor_ver ) if( opt.min_version < ciphersuite_info->min_tls_version )
{ {
opt.min_version = ciphersuite_info->min_minor_ver; opt.min_version = ciphersuite_info->min_tls_version;
} }
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
@ -2198,7 +2198,7 @@ int main( int argc, char *argv[] )
* the ciphersuite in advance to set the correct policy for the * the ciphersuite in advance to set the correct policy for the
* PSK key slot. This limitation might go away in the future. */ * PSK key slot. This limitation might go away in the future. */
if( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK || if( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK ||
opt.min_version != MBEDTLS_SSL_MINOR_VERSION_3 ) opt.min_version != MBEDTLS_SSL_VERSION_TLS1_2 )
{ {
mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" ); mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" );
ret = 2; ret = 2;
@ -3086,10 +3086,10 @@ int main( int argc, char *argv[] )
#endif #endif
if( opt.min_version != DFL_MIN_VERSION ) if( opt.min_version != DFL_MIN_VERSION )
mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version ); mbedtls_ssl_conf_min_tls_version( &conf, opt.min_version );
if( opt.max_version != DFL_MIN_VERSION ) if( opt.max_version != DFL_MIN_VERSION )
mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version ); mbedtls_ssl_conf_max_tls_version( &conf, opt.max_version );
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{ {

926
tests/suites/test_suite_ssl.data
View File

File diff suppressed because it is too large Load Diff

120
tests/suites/test_suite_ssl.function
View File

@ -52,17 +52,14 @@ void log_analyzer( void *ctx, int level,
} }
} }
/* Invalid minor version used when not specifying a min/max version or expecting a test to fail */
#define TEST_SSL_MINOR_VERSION_NONE -1
typedef struct handshake_test_options typedef struct handshake_test_options
{ {
const char *cipher; const char *cipher;
int client_min_version; mbedtls_ssl_protocol_version client_min_version;
int client_max_version; mbedtls_ssl_protocol_version client_max_version;
int server_min_version; mbedtls_ssl_protocol_version server_min_version;
int server_max_version; mbedtls_ssl_protocol_version server_max_version;
int expected_negotiated_version; mbedtls_ssl_protocol_version expected_negotiated_version;
int pk_alg; int pk_alg;
data_t *psk_str; data_t *psk_str;
int dtls; int dtls;
@ -85,11 +82,11 @@ typedef struct handshake_test_options
void init_handshake_options( handshake_test_options *opts ) void init_handshake_options( handshake_test_options *opts )
{ {
opts->cipher = ""; opts->cipher = "";
opts->client_min_version = TEST_SSL_MINOR_VERSION_NONE; opts->client_min_version = MBEDTLS_SSL_VERSION_UNKNOWN;
opts->client_max_version = TEST_SSL_MINOR_VERSION_NONE; opts->client_max_version = MBEDTLS_SSL_VERSION_UNKNOWN;
opts->server_min_version = TEST_SSL_MINOR_VERSION_NONE; opts->server_min_version = MBEDTLS_SSL_VERSION_UNKNOWN;
opts->server_max_version = TEST_SSL_MINOR_VERSION_NONE; opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN;
opts->expected_negotiated_version = MBEDTLS_SSL_MINOR_VERSION_3; opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2;
opts->pk_alg = MBEDTLS_PK_RSA; opts->pk_alg = MBEDTLS_PK_RSA;
opts->psk_str = NULL; opts->psk_str = NULL;
opts->dtls = 0; opts->dtls = 0;
@ -1183,16 +1180,16 @@ void set_ciphersuite( mbedtls_ssl_config *conf, const char *cipher,
mbedtls_ssl_ciphersuite_from_id( forced_ciphersuite[0] ); mbedtls_ssl_ciphersuite_from_id( forced_ciphersuite[0] );
TEST_ASSERT( ciphersuite_info != NULL ); TEST_ASSERT( ciphersuite_info != NULL );
TEST_ASSERT( ciphersuite_info->min_minor_ver <= conf->max_minor_ver ); TEST_ASSERT( ciphersuite_info->min_tls_version <= conf->max_tls_version );
TEST_ASSERT( ciphersuite_info->max_minor_ver >= conf->min_minor_ver ); TEST_ASSERT( ciphersuite_info->max_tls_version >= conf->min_tls_version );
if( conf->max_minor_ver > ciphersuite_info->max_minor_ver ) if( conf->max_tls_version > ciphersuite_info->max_tls_version )
{ {
conf->max_minor_ver = ciphersuite_info->max_minor_ver; conf->max_tls_version = ciphersuite_info->max_tls_version;
} }
if( conf->min_minor_ver < ciphersuite_info->min_minor_ver ) if( conf->min_tls_version < ciphersuite_info->min_tls_version )
{ {
conf->min_minor_ver = ciphersuite_info->min_minor_ver; conf->min_tls_version = ciphersuite_info->min_tls_version;
} }
mbedtls_ssl_conf_ciphersuites( conf, forced_ciphersuite ); mbedtls_ssl_conf_ciphersuites( conf, forced_ciphersuite );
@ -1265,7 +1262,8 @@ static int psa_cipher_encrypt_helper( mbedtls_ssl_transform *transform,
static int build_transforms( mbedtls_ssl_transform *t_in, static int build_transforms( mbedtls_ssl_transform *t_in,
mbedtls_ssl_transform *t_out, mbedtls_ssl_transform *t_out,
int cipher_type, int hash_id, int cipher_type, int hash_id,
int etm, int tag_mode, int ver, int etm, int tag_mode,
mbedtls_ssl_protocol_version tls_version,
size_t cid0_len, size_t cid0_len,
size_t cid1_len ) size_t cid1_len )
{ {
@ -1442,8 +1440,8 @@ static int build_transforms( mbedtls_ssl_transform *t_in,
((void) etm); ((void) etm);
#endif #endif
t_out->minor_ver = ver; t_out->tls_version = tls_version;
t_in->minor_ver = ver; t_in->tls_version = tls_version;
t_out->ivlen = ivlen; t_out->ivlen = ivlen;
t_in->ivlen = ivlen; t_in->ivlen = ivlen;
@ -1452,7 +1450,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in,
case MBEDTLS_MODE_GCM: case MBEDTLS_MODE_GCM:
case MBEDTLS_MODE_CCM: case MBEDTLS_MODE_CCM:
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( ver == MBEDTLS_SSL_MINOR_VERSION_4 ) if( tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{ {
t_out->fixed_ivlen = 12; t_out->fixed_ivlen = 12;
t_in->fixed_ivlen = 12; t_in->fixed_ivlen = 12;
@ -1637,7 +1635,7 @@ static int ssl_populate_session_tls12( mbedtls_ssl_session *session,
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
session->start = mbedtls_time( NULL ) - 42; session->start = mbedtls_time( NULL ) - 42;
#endif #endif
session->minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; session->tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
session->ciphersuite = 0xabcd; session->ciphersuite = 0xabcd;
session->compression = 1; session->compression = 1;
session->id_len = sizeof( session->id ); session->id_len = sizeof( session->id );
@ -1864,15 +1862,17 @@ int exchange_data( mbedtls_ssl_context *ssl_1,
ssl_2, 256, 1 ); ssl_2, 256, 1 );
} }
int check_ssl_version( int expected_negotiated_version, #if defined(MBEDTLS_X509_CRT_PARSE_C) && \
const mbedtls_ssl_context *ssl ) defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C)
static int check_ssl_version( mbedtls_ssl_protocol_version expected_negotiated_version,
const mbedtls_ssl_context *ssl )
{ {
const char *version_string = mbedtls_ssl_get_version( ssl ); const char *version_string = mbedtls_ssl_get_version( ssl );
mbedtls_ssl_protocol_version version_number = mbedtls_ssl_protocol_version version_number =
mbedtls_ssl_get_version_number( ssl ); mbedtls_ssl_get_version_number( ssl );
TEST_EQUAL( ssl->major_ver, MBEDTLS_SSL_MAJOR_VERSION_3 ); TEST_EQUAL( ssl->tls_version, expected_negotiated_version );
TEST_EQUAL( ssl->minor_ver, expected_negotiated_version );
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{ {
@ -1882,13 +1882,13 @@ int check_ssl_version( int expected_negotiated_version,
switch( expected_negotiated_version ) switch( expected_negotiated_version )
{ {
case MBEDTLS_SSL_MINOR_VERSION_3: case MBEDTLS_SSL_VERSION_TLS1_2:
TEST_EQUAL( version_number, MBEDTLS_SSL_VERSION_1_2 ); TEST_EQUAL( version_number, MBEDTLS_SSL_VERSION_TLS1_2 );
TEST_ASSERT( strcmp( version_string, "TLSv1.2" ) == 0 ); TEST_ASSERT( strcmp( version_string, "TLSv1.2" ) == 0 );
break; break;
case MBEDTLS_SSL_MINOR_VERSION_4: case MBEDTLS_SSL_VERSION_TLS1_3:
TEST_EQUAL( version_number, MBEDTLS_SSL_VERSION_1_3 ); TEST_EQUAL( version_number, MBEDTLS_SSL_VERSION_TLS1_3 );
TEST_ASSERT( strcmp( version_string, "TLSv1.3" ) == 0 ); TEST_ASSERT( strcmp( version_string, "TLSv1.3" ) == 0 );
break; break;
@ -1901,6 +1901,7 @@ int check_ssl_version( int expected_negotiated_version,
exit: exit:
return( 0 ); return( 0 );
} }
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ #if defined(MBEDTLS_X509_CRT_PARSE_C) && \
@ -1954,15 +1955,15 @@ void perform_handshake( handshake_test_options* options )
NULL, NULL ) == 0 ); NULL, NULL ) == 0 );
} }
if( options->client_min_version != TEST_SSL_MINOR_VERSION_NONE ) if( options->client_min_version != MBEDTLS_SSL_VERSION_UNKNOWN )
{ {
mbedtls_ssl_conf_min_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3, mbedtls_ssl_conf_min_tls_version( &client.conf,
options->client_min_version ); options->client_min_version );
} }
if( options->client_max_version != TEST_SSL_MINOR_VERSION_NONE ) if( options->client_max_version != MBEDTLS_SSL_VERSION_UNKNOWN )
{ {
mbedtls_ssl_conf_max_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3, mbedtls_ssl_conf_max_tls_version( &client.conf,
options->client_max_version ); options->client_max_version );
} }
@ -2002,15 +2003,15 @@ void perform_handshake( handshake_test_options* options )
mbedtls_ssl_conf_authmode( &server.conf, options->srv_auth_mode ); mbedtls_ssl_conf_authmode( &server.conf, options->srv_auth_mode );
if( options->server_min_version != TEST_SSL_MINOR_VERSION_NONE ) if( options->server_min_version != MBEDTLS_SSL_VERSION_UNKNOWN )
{ {
mbedtls_ssl_conf_min_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3, mbedtls_ssl_conf_min_tls_version( &server.conf,
options->server_min_version ); options->server_min_version );
} }
if( options->server_max_version != TEST_SSL_MINOR_VERSION_NONE ) if( options->server_max_version != MBEDTLS_SSL_VERSION_UNKNOWN )
{ {
mbedtls_ssl_conf_max_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3, mbedtls_ssl_conf_max_tls_version( &server.conf,
options->server_max_version ); options->server_max_version );
} }
@ -2078,7 +2079,7 @@ void perform_handshake( handshake_test_options* options )
} }
#endif #endif
if( options->expected_negotiated_version == TEST_SSL_MINOR_VERSION_NONE ) if( options->expected_negotiated_version == MBEDTLS_SSL_VERSION_UNKNOWN )
{ {
expected_handshake_result = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; expected_handshake_result = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
} }
@ -3509,7 +3510,7 @@ void ssl_crypt_record( int cipher_type, int hash_id,
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) if( t_enc->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{ {
/* TLS 1.3 hides the real content type and /* TLS 1.3 hides the real content type and
* always uses Application Data as the content type * always uses Application Data as the content type
@ -3678,7 +3679,7 @@ void ssl_crypt_record_small( int cipher_type, int hash_id,
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) if( t_enc->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{ {
/* TLS 1.3 hides the real content type and /* TLS 1.3 hides the real content type and
* always uses Application Data as the content type * always uses Application Data as the content type
@ -3763,7 +3764,7 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
/* Set up transforms with dummy keys */ /* Set up transforms with dummy keys */
ret = build_transforms( &t0, &t1, cipher_type, hash_id, ret = build_transforms( &t0, &t1, cipher_type, hash_id,
0, trunc_hmac, 0, trunc_hmac,
MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_VERSION_TLS1_2,
0 , 0 ); 0 , 0 );
TEST_ASSERT( ret == 0 ); TEST_ASSERT( ret == 0 );
@ -3803,8 +3804,8 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
/* Prepare a dummy record header */ /* Prepare a dummy record header */
memset( rec.ctr, 0, sizeof( rec.ctr ) ); memset( rec.ctr, 0, sizeof( rec.ctr ) );
rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA; rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA;
rec.ver[0] = MBEDTLS_SSL_MAJOR_VERSION_3; mbedtls_ssl_write_version( rec.ver, MBEDTLS_SSL_TRANSPORT_STREAM,
rec.ver[1] = MBEDTLS_SSL_MINOR_VERSION_3; MBEDTLS_SSL_VERSION_TLS1_2 );
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
rec.cid_len = 0; rec.cid_len = 0;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
@ -4464,10 +4465,9 @@ void ssl_tls13_record_protection( int ciphersuite,
rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA; rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA;
/* TLS 1.3 uses the version identifier from TLS 1.2 on the wire. */ /* TLS 1.3 uses the version identifier from TLS 1.2 on the wire. */
mbedtls_ssl_write_version( MBEDTLS_SSL_MAJOR_VERSION_3, mbedtls_ssl_write_version( rec.ver,
MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_TRANSPORT_STREAM,
rec.ver ); MBEDTLS_SSL_VERSION_TLS1_2 );
/* Copy plaintext into record structure */ /* Copy plaintext into record structure */
rec.buf = buf; rec.buf = buf;
@ -4587,7 +4587,7 @@ void ssl_serialize_session_save_load( int ticket_len, char *crt_file )
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
TEST_ASSERT( original.start == restored.start ); TEST_ASSERT( original.start == restored.start );
#endif #endif
TEST_ASSERT( original.minor_ver == restored.minor_ver ); TEST_ASSERT( original.tls_version == restored.tls_version );
TEST_ASSERT( original.ciphersuite == restored.ciphersuite ); TEST_ASSERT( original.ciphersuite == restored.ciphersuite );
TEST_ASSERT( original.compression == restored.compression ); TEST_ASSERT( original.compression == restored.compression );
TEST_ASSERT( original.id_len == restored.id_len ); TEST_ASSERT( original.id_len == restored.id_len );
@ -4921,7 +4921,6 @@ void handshake_version( int dtls, int client_min_version, int client_max_version
options.client_max_version = client_max_version; options.client_max_version = client_max_version;
options.server_min_version = server_min_version; options.server_min_version = server_min_version;
options.server_max_version = server_max_version; options.server_max_version = server_max_version;
options.expected_negotiated_version = expected_negotiated_version; options.expected_negotiated_version = expected_negotiated_version;
options.dtls = dtls; options.dtls = dtls;
@ -5407,8 +5406,7 @@ exit:
/* BEGIN_CASE */ /* BEGIN_CASE */
void conf_version( int endpoint, int transport, void conf_version( int endpoint, int transport,
int min_version_major, int min_version_minor, int min_tls_version, int max_tls_version,
int max_version_major, int max_version_minor,
int expected_ssl_setup_result ) int expected_ssl_setup_result )
{ {
mbedtls_ssl_config conf; mbedtls_ssl_config conf;
@ -5419,8 +5417,8 @@ void conf_version( int endpoint, int transport,
mbedtls_ssl_conf_endpoint( &conf, endpoint ); mbedtls_ssl_conf_endpoint( &conf, endpoint );
mbedtls_ssl_conf_transport( &conf, transport ); mbedtls_ssl_conf_transport( &conf, transport );
mbedtls_ssl_conf_min_version( &conf, min_version_major, min_version_minor ); mbedtls_ssl_conf_min_tls_version( &conf, min_tls_version );
mbedtls_ssl_conf_max_version( &conf, max_version_major, max_version_minor ); mbedtls_ssl_conf_max_tls_version( &conf, max_tls_version );
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == expected_ssl_setup_result ); TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == expected_ssl_setup_result );
@ -5445,11 +5443,11 @@ void conf_curve()
mbedtls_ssl_config conf; mbedtls_ssl_config conf;
mbedtls_ssl_config_init( &conf ); mbedtls_ssl_config_init( &conf );
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
mbedtls_ssl_conf_max_version( &conf, 3, 3 ); mbedtls_ssl_conf_max_tls_version( &conf, MBEDTLS_SSL_VERSION_TLS1_2 );
mbedtls_ssl_conf_min_version( &conf, 3, 3 ); mbedtls_ssl_conf_min_tls_version( &conf, MBEDTLS_SSL_VERSION_TLS1_2 );
#else #else
mbedtls_ssl_conf_max_version( &conf, 3, 4 ); mbedtls_ssl_conf_max_tls_version( &conf, MBEDTLS_SSL_VERSION_TLS1_3 );
mbedtls_ssl_conf_min_version( &conf, 3, 4 ); mbedtls_ssl_conf_min_tls_version( &conf, MBEDTLS_SSL_VERSION_TLS1_3 );
#endif #endif
mbedtls_ssl_conf_curves( &conf, curve_list ); mbedtls_ssl_conf_curves( &conf, curve_list );
@ -5481,8 +5479,8 @@ void conf_group()
mbedtls_ssl_config conf; mbedtls_ssl_config conf;
mbedtls_ssl_config_init( &conf ); mbedtls_ssl_config_init( &conf );
mbedtls_ssl_conf_max_version( &conf, 3, 3 ); mbedtls_ssl_conf_max_tls_version( &conf, MBEDTLS_SSL_VERSION_TLS1_2 );
mbedtls_ssl_conf_min_version( &conf, 3, 3 ); mbedtls_ssl_conf_min_tls_version( &conf, MBEDTLS_SSL_VERSION_TLS1_2 );
mbedtls_ssl_conf_groups( &conf, iana_tls_group_list ); mbedtls_ssl_conf_groups( &conf, iana_tls_group_list );