Implement final TLS 1.3 RFC!!!
The anti-downgrade signal is being implemented in a follow-up change. Change-Id: I5ea3ff429ed1389a3577026588fef3660d2d0615 Reviewed-on: https://boringssl-review.googlesource.com/30904 Commit-Queue: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
This commit is contained in:
parent
1c337e566d
commit
d451453067
@ -3400,10 +3400,16 @@ OPENSSL_EXPORT int SSL_renegotiate_pending(SSL *ssl);
|
|||||||
// performed by |ssl|. This includes the pending renegotiation, if any.
|
// performed by |ssl|. This includes the pending renegotiation, if any.
|
||||||
OPENSSL_EXPORT int SSL_total_renegotiations(const SSL *ssl);
|
OPENSSL_EXPORT int SSL_total_renegotiations(const SSL *ssl);
|
||||||
|
|
||||||
|
// tls13_variant_t determines what TLS 1.3 variant to negotiate.
|
||||||
|
//
|
||||||
|
// TODO(svaldez): Make |tls13_rfc| the default after callers are switched to
|
||||||
|
// explicitly enable |tls13_all|.
|
||||||
enum tls13_variant_t {
|
enum tls13_variant_t {
|
||||||
tls13_default = 0,
|
tls13_default = 0,
|
||||||
tls13_draft23,
|
tls13_draft23,
|
||||||
tls13_draft28,
|
tls13_draft28,
|
||||||
|
tls13_rfc,
|
||||||
|
tls13_all = tls13_default,
|
||||||
};
|
};
|
||||||
|
|
||||||
// SSL_CTX_set_tls13_variant sets which variant of TLS 1.3 we negotiate. On the
|
// SSL_CTX_set_tls13_variant sets which variant of TLS 1.3 we negotiate. On the
|
||||||
|
@ -30,6 +30,7 @@ bool ssl_protocol_version_from_wire(uint16_t *out, uint16_t version) {
|
|||||||
case TLS1_VERSION:
|
case TLS1_VERSION:
|
||||||
case TLS1_1_VERSION:
|
case TLS1_1_VERSION:
|
||||||
case TLS1_2_VERSION:
|
case TLS1_2_VERSION:
|
||||||
|
case TLS1_3_VERSION:
|
||||||
*out = version;
|
*out = version;
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
@ -56,6 +57,7 @@ bool ssl_protocol_version_from_wire(uint16_t *out, uint16_t version) {
|
|||||||
// decreasing preference.
|
// decreasing preference.
|
||||||
|
|
||||||
static const uint16_t kTLSVersions[] = {
|
static const uint16_t kTLSVersions[] = {
|
||||||
|
TLS1_3_VERSION,
|
||||||
TLS1_3_DRAFT28_VERSION,
|
TLS1_3_DRAFT28_VERSION,
|
||||||
TLS1_3_DRAFT23_VERSION,
|
TLS1_3_DRAFT23_VERSION,
|
||||||
TLS1_2_VERSION,
|
TLS1_2_VERSION,
|
||||||
@ -101,6 +103,7 @@ static const char *ssl_version_to_string(uint16_t version) {
|
|||||||
switch (version) {
|
switch (version) {
|
||||||
case TLS1_3_DRAFT23_VERSION:
|
case TLS1_3_DRAFT23_VERSION:
|
||||||
case TLS1_3_DRAFT28_VERSION:
|
case TLS1_3_DRAFT28_VERSION:
|
||||||
|
case TLS1_3_VERSION:
|
||||||
return "TLSv1.3";
|
return "TLSv1.3";
|
||||||
|
|
||||||
case TLS1_2_VERSION:
|
case TLS1_2_VERSION:
|
||||||
@ -128,6 +131,7 @@ static uint16_t wire_version_to_api(uint16_t version) {
|
|||||||
// Report TLS 1.3 draft versions as TLS 1.3 in the public API.
|
// Report TLS 1.3 draft versions as TLS 1.3 in the public API.
|
||||||
case TLS1_3_DRAFT23_VERSION:
|
case TLS1_3_DRAFT23_VERSION:
|
||||||
case TLS1_3_DRAFT28_VERSION:
|
case TLS1_3_DRAFT28_VERSION:
|
||||||
|
case TLS1_3_VERSION:
|
||||||
return TLS1_3_VERSION;
|
return TLS1_3_VERSION;
|
||||||
default:
|
default:
|
||||||
return version;
|
return version;
|
||||||
@ -142,9 +146,6 @@ static bool api_version_to_wire(uint16_t *out, uint16_t version) {
|
|||||||
version == TLS1_3_DRAFT28_VERSION) {
|
version == TLS1_3_DRAFT28_VERSION) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if (version == TLS1_3_VERSION) {
|
|
||||||
version = TLS1_3_DRAFT23_VERSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Check it is a real protocol version.
|
// Check it is a real protocol version.
|
||||||
uint16_t unused;
|
uint16_t unused;
|
||||||
@ -301,6 +302,8 @@ bool ssl_supports_version(SSL_HANDSHAKE *hs, uint16_t version) {
|
|||||||
return version == TLS1_3_DRAFT23_VERSION;
|
return version == TLS1_3_DRAFT23_VERSION;
|
||||||
case tls13_draft28:
|
case tls13_draft28:
|
||||||
return version == TLS1_3_DRAFT28_VERSION;
|
return version == TLS1_3_DRAFT28_VERSION;
|
||||||
|
case tls13_rfc:
|
||||||
|
return version == TLS1_3_VERSION;
|
||||||
case tls13_default:
|
case tls13_default:
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
@ -354,7 +357,7 @@ bool ssl_negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|||||||
}
|
}
|
||||||
|
|
||||||
bool ssl_is_draft28(uint16_t version) {
|
bool ssl_is_draft28(uint16_t version) {
|
||||||
return version == TLS1_3_DRAFT28_VERSION;
|
return version == TLS1_3_DRAFT28_VERSION || version == TLS1_3_VERSION;
|
||||||
}
|
}
|
||||||
|
|
||||||
} // namespace bssl
|
} // namespace bssl
|
||||||
|
@ -42,9 +42,11 @@ const (
|
|||||||
TLS13Default = 0
|
TLS13Default = 0
|
||||||
TLS13Draft23 = 1
|
TLS13Draft23 = 1
|
||||||
TLS13Draft28 = 2
|
TLS13Draft28 = 2
|
||||||
|
TLS13RFC = 3
|
||||||
)
|
)
|
||||||
|
|
||||||
var allTLSWireVersions = []uint16{
|
var allTLSWireVersions = []uint16{
|
||||||
|
VersionTLS13,
|
||||||
tls13Draft28Version,
|
tls13Draft28Version,
|
||||||
tls13Draft23Version,
|
tls13Draft23Version,
|
||||||
VersionTLS12,
|
VersionTLS12,
|
||||||
@ -1740,7 +1742,7 @@ func wireToVersion(vers uint16, isDTLS bool) (uint16, bool) {
|
|||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
switch vers {
|
switch vers {
|
||||||
case VersionSSL30, VersionTLS10, VersionTLS11, VersionTLS12:
|
case VersionSSL30, VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13:
|
||||||
return vers, true
|
return vers, true
|
||||||
case tls13Draft23Version, tls13Draft28Version:
|
case tls13Draft23Version, tls13Draft28Version:
|
||||||
return VersionTLS13, true
|
return VersionTLS13, true
|
||||||
@ -1751,22 +1753,37 @@ func wireToVersion(vers uint16, isDTLS bool) (uint16, bool) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func isDraft28(vers uint16) bool {
|
func isDraft28(vers uint16) bool {
|
||||||
return vers == tls13Draft28Version
|
return vers == tls13Draft28Version || vers == VersionTLS13
|
||||||
}
|
}
|
||||||
|
|
||||||
// isSupportedVersion checks if the specified wire version is acceptable. If so,
|
// isSupportedVersion checks if the specified wire version is acceptable. If so,
|
||||||
// it returns true and the corresponding protocol version. Otherwise, it returns
|
// it returns true and the corresponding protocol version. Otherwise, it returns
|
||||||
// false.
|
// false.
|
||||||
func (c *Config) isSupportedVersion(wireVers uint16, isDTLS bool) (uint16, bool) {
|
func (c *Config) isSupportedVersion(wireVers uint16, isDTLS bool) (uint16, bool) {
|
||||||
if (c.TLS13Variant == TLS13Draft23 && wireVers == tls13Draft28Version) ||
|
|
||||||
(c.TLS13Variant == TLS13Draft28 && wireVers == tls13Draft23Version) {
|
|
||||||
return 0, false
|
|
||||||
}
|
|
||||||
|
|
||||||
vers, ok := wireToVersion(wireVers, isDTLS)
|
vers, ok := wireToVersion(wireVers, isDTLS)
|
||||||
if !ok || c.minVersion(isDTLS) > vers || vers > c.maxVersion(isDTLS) {
|
if !ok || c.minVersion(isDTLS) > vers || vers > c.maxVersion(isDTLS) {
|
||||||
return 0, false
|
return 0, false
|
||||||
}
|
}
|
||||||
|
if vers == VersionTLS13 {
|
||||||
|
switch c.TLS13Variant {
|
||||||
|
case TLS13Draft23:
|
||||||
|
if wireVers != tls13Draft23Version {
|
||||||
|
return 0, false
|
||||||
|
}
|
||||||
|
case TLS13Draft28:
|
||||||
|
if wireVers != tls13Draft28Version {
|
||||||
|
return 0, false
|
||||||
|
}
|
||||||
|
case TLS13RFC:
|
||||||
|
if wireVers != VersionTLS13 {
|
||||||
|
return 0, false
|
||||||
|
}
|
||||||
|
case TLS13Default:
|
||||||
|
// Allow all of them.
|
||||||
|
default:
|
||||||
|
panic(c.TLS13Variant)
|
||||||
|
}
|
||||||
|
}
|
||||||
return vers, true
|
return vers, true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1024,7 +1024,8 @@ func runTest(test *testCase, shimPath string, mallocNumToFail int64) error {
|
|||||||
panic(fmt.Sprintf("The name of test %q suggests that it's version specific, but min/max version in the Config is %x/%x. One of them should probably be %x", test.name, test.config.MinVersion, test.config.MaxVersion, ver.version))
|
panic(fmt.Sprintf("The name of test %q suggests that it's version specific, but min/max version in the Config is %x/%x. One of them should probably be %x", test.name, test.config.MinVersion, test.config.MaxVersion, ver.version))
|
||||||
}
|
}
|
||||||
|
|
||||||
if ver.tls13Variant != 0 {
|
// Ignore this check against "TLS13", since TLS13 is used in many test names.
|
||||||
|
if ver.tls13Variant != 0 && ver.tls13Variant != TLS13RFC {
|
||||||
var foundFlag bool
|
var foundFlag bool
|
||||||
for _, flag := range test.flags {
|
for _, flag := range test.flags {
|
||||||
if flag == "-tls13-variant" {
|
if flag == "-tls13-variant" {
|
||||||
@ -1375,6 +1376,13 @@ var tlsVersions = []tlsVersion{
|
|||||||
hasDTLS: true,
|
hasDTLS: true,
|
||||||
versionDTLS: VersionDTLS12,
|
versionDTLS: VersionDTLS12,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "TLS13",
|
||||||
|
version: VersionTLS13,
|
||||||
|
excludeFlag: "-no-tls13",
|
||||||
|
versionWire: VersionTLS13,
|
||||||
|
tls13Variant: TLS13RFC,
|
||||||
|
},
|
||||||
{
|
{
|
||||||
name: "TLS13Draft23",
|
name: "TLS13Draft23",
|
||||||
version: VersionTLS13,
|
version: VersionTLS13,
|
||||||
@ -1480,7 +1488,7 @@ func bigFromHex(hex string) *big.Int {
|
|||||||
func convertToSplitHandshakeTests(tests []testCase) (splitHandshakeTests []testCase) {
|
func convertToSplitHandshakeTests(tests []testCase) (splitHandshakeTests []testCase) {
|
||||||
var stdout bytes.Buffer
|
var stdout bytes.Buffer
|
||||||
shim := exec.Command(*shimPath, "-is-handshaker-supported")
|
shim := exec.Command(*shimPath, "-is-handshaker-supported")
|
||||||
shim.Stdout = &stdout;
|
shim.Stdout = &stdout
|
||||||
if err := shim.Run(); err != nil {
|
if err := shim.Run(); err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
@ -2831,7 +2839,7 @@ read alert 1 0
|
|||||||
messageCount: 5,
|
messageCount: 5,
|
||||||
keyUpdateRequest: keyUpdateRequested,
|
keyUpdateRequest: keyUpdateRequested,
|
||||||
readWithUnfinishedWrite: true,
|
readWithUnfinishedWrite: true,
|
||||||
flags: []string{"-async"},
|
flags: []string{"-async"},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "SendSNIWarningAlert",
|
name: "SendSNIWarningAlert",
|
||||||
@ -5748,19 +5756,6 @@ func addVersionNegotiationTests() {
|
|||||||
expectedVersion: VersionTLS12,
|
expectedVersion: VersionTLS12,
|
||||||
})
|
})
|
||||||
|
|
||||||
testCases = append(testCases, testCase{
|
|
||||||
testType: serverTest,
|
|
||||||
name: "RejectFinalTLS13",
|
|
||||||
config: Config{
|
|
||||||
Bugs: ProtocolBugs{
|
|
||||||
SendSupportedVersions: []uint16{VersionTLS13, VersionTLS12},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
// We currently implement a draft TLS 1.3 version. Ensure that
|
|
||||||
// the true TLS 1.3 value is ignored for now.
|
|
||||||
expectedVersion: VersionTLS12,
|
|
||||||
})
|
|
||||||
|
|
||||||
// Test that TLS 1.2 isn't negotiated by the supported_versions extension in
|
// Test that TLS 1.2 isn't negotiated by the supported_versions extension in
|
||||||
// the ServerHello.
|
// the ServerHello.
|
||||||
testCases = append(testCases, testCase{
|
testCases = append(testCases, testCase{
|
||||||
|
@ -337,6 +337,10 @@ static bool GetTLS13Variant(tls13_variant_t *out, const std::string &in) {
|
|||||||
*out = tls13_draft28;
|
*out = tls13_draft28;
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
if (in == "rfc") {
|
||||||
|
*out = tls13_rfc;
|
||||||
|
return true;
|
||||||
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -157,6 +157,10 @@ static bool GetTLS13Variant(tls13_variant_t *out, const std::string &in) {
|
|||||||
*out = tls13_draft28;
|
*out = tls13_draft28;
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
if (in == "rfc") {
|
||||||
|
*out = tls13_rfc;
|
||||||
|
return true;
|
||||||
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user