From: Frederik Wedel-Heinen Date: Wed, 8 May 2024 09:19:09 +0000 (+0200) Subject: Refactor code and fix a couple of missing DTLSv1.3 checks. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=554b56e9690ceac93f2f87431642af8e90a8b678;p=thirdparty%2Fopenssl.git Refactor code and fix a couple of missing DTLSv1.3 checks. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/24345) --- diff --git a/apps/s_client.c b/apps/s_client.c index d8ed0ff4c29..5c6bbadf835 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -206,6 +206,7 @@ static int psk_use_session_cb(SSL *s, const EVP_MD *md, { SSL_SESSION *usesess = NULL; const SSL_CIPHER *cipher = NULL; + const int version1_3 = SSL_is_dtls(s) ? DTLS1_3_VERSION : TLS1_3_VERSION; if (psksess != NULL) { SSL_SESSION_up_ref(psksess); @@ -232,7 +233,7 @@ static int psk_use_session_cb(SSL *s, const EVP_MD *md, if (usesess == NULL || !SSL_SESSION_set1_master_key(usesess, key, key_len) || !SSL_SESSION_set_cipher(usesess, cipher) - || !SSL_SESSION_set_protocol_version(usesess, TLS1_3_VERSION)) { + || !SSL_SESSION_set_protocol_version(usesess, version1_3)) { OPENSSL_free(key); goto err; } @@ -814,6 +815,7 @@ static void freeandcopy(char **dest, const char *source) static int new_session_cb(SSL *s, SSL_SESSION *sess) { + const int version1_3 = SSL_is_dtls(s) ? DTLS1_3_VERSION : TLS1_3_VERSION; if (sess_out != NULL) { BIO *stmp = BIO_new_file(sess_out, "w"); @@ -827,10 +829,10 @@ static int new_session_cb(SSL *s, SSL_SESSION *sess) } /* - * Session data gets dumped on connection for TLSv1.2 and below, and on - * arrival of the NewSessionTicket for TLSv1.3. + * Session data gets dumped on connection for (D)TLSv1.2 and below, and on + * arrival of the NewSessionTicket for (D)TLSv1.3. */ - if (SSL_version(s) == TLS1_3_VERSION || SSL_version(s) == DTLS1_3_VERSION) { + if (SSL_version(s) == version1_3) { BIO_printf(bio_c_out, "---\nPost-Handshake New Session Ticket arrived:\n"); SSL_SESSION_print(bio_c_out, sess); @@ -932,6 +934,9 @@ int s_client_main(int argc, char **argv) #ifndef OPENSSL_NO_CT char *ctlog_file = NULL; int ct_validation = 0; +#endif +#ifndef OPENSSL_NO_NEXTPROTONEG + int version1_3; #endif int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0; int async = 0; @@ -1590,6 +1595,10 @@ int s_client_main(int argc, char **argv) } } +#ifndef OPENSSL_NO_NEXTPROTONEG + version1_3 = isdtls ? DTLS1_3_VERSION : TLS1_3_VERSION; +#endif + /* Optional argument is connect string if -connect not used. */ if (opt_num_rest() == 1) { /* Don't allow -connect and a separate argument. */ @@ -1630,7 +1639,7 @@ int s_client_main(int argc, char **argv) } #ifndef OPENSSL_NO_NEXTPROTONEG - if (min_version == TLS1_3_VERSION && next_proto_neg_in != NULL) { + if (min_version == version1_3 && next_proto_neg_in != NULL) { BIO_printf(bio_err, "Cannot supply -nextprotoneg with TLSv1.3\n"); goto opthelp; } @@ -3381,7 +3390,8 @@ static void print_stuff(BIO *bio, SSL *s, int full) STACK_OF(X509) *sk; const SSL_CIPHER *c; EVP_PKEY *public_key; - int i, istls13 = (SSL_version(s) == TLS1_3_VERSION); + const int version1_3 = SSL_is_dtls(s) ? DTLS1_3_VERSION : TLS1_3_VERSION; + int i; long verify_result; #ifndef OPENSSL_NO_COMP const COMP_METHOD *comp, *expansion; @@ -3575,7 +3585,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) } #endif - if (istls13) { + if (SSL_version(s) == version1_3) { switch (SSL_get_early_data_status(s)) { case SSL_EARLY_DATA_NOT_SENT: BIO_printf(bio, "Early data was not sent\n"); @@ -3836,6 +3846,8 @@ static int user_data_add(struct user_data_st *user_data, size_t i) static int user_data_execute(struct user_data_st *user_data, int cmd, char *arg) { + const int version1_3 = SSL_is_dtls(user_data->con) ? DTLS1_3_VERSION : TLS1_3_VERSION; + switch (cmd) { case USER_COMMAND_HELP: /* This only ever occurs in advanced mode, so just emit advanced help */ @@ -3848,7 +3860,7 @@ static int user_data_execute(struct user_data_st *user_data, int cmd, char *arg) BIO_printf(bio_err, " {reconnect}: Reconnect to the peer\n"); if (SSL_is_quic(user_data->con)) { BIO_printf(bio_err, " {fin}: Send FIN on the stream. No further writing is possible\n"); - } else if(SSL_version(user_data->con) == TLS1_3_VERSION) { + } else if(SSL_version(user_data->con) == version1_3) { BIO_printf(bio_err, " {keyup:req|noreq}: Send a Key Update message\n"); BIO_printf(bio_err, " Arguments:\n"); BIO_printf(bio_err, " req = peer update requested (default)\n"); @@ -3912,6 +3924,7 @@ static int user_data_process(struct user_data_st *user_data, size_t *len, { char *buf_start = user_data->buf + user_data->bufoff; size_t outlen = user_data->buflen; + const int version1_3 = SSL_is_dtls(user_data->con) ? DTLS1_3_VERSION : TLS1_3_VERSION; if (user_data->buflen == 0) { *len = 0; @@ -3997,7 +4010,7 @@ static int user_data_process(struct user_data_st *user_data, size_t *len, } else if(SSL_is_quic(user_data->con)) { if (OPENSSL_strcasecmp(cmd_start, "fin") == 0) cmd = USER_COMMAND_FIN; - } if (SSL_version(user_data->con) == TLS1_3_VERSION) { + } if (SSL_version(user_data->con) == version1_3) { if (OPENSSL_strcasecmp(cmd_start, "keyup") == 0) { cmd = USER_COMMAND_KEY_UPDATE; if (arg_start == NULL) diff --git a/apps/s_server.c b/apps/s_server.c index f01cf8451b9..2744db38ad9 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -134,17 +134,17 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, { long key_len = 0; unsigned char *key; + const int version1_3 = SSL_is_dtls(ssl) ? DTLS1_3_VERSION : TLS1_3_VERSION; if (s_debug) BIO_printf(bio_s_out, "psk_server_cb\n"); - if ((SSL_is_dtls(ssl) && DTLS_VERSION_GE(SSL_version(ssl), DTLS1_3_VERSION)) - || (!SSL_is_dtls(ssl) && SSL_version(ssl) >= TLS1_3_VERSION)) { + if (PROTOCOL_VERSION_CMP(SSL_is_dtls(ssl), SSL_version(ssl), version1_3) >= 0) { /* * This callback is designed for use in (D)TLSv1.2 (or below). It is * possible to use a single callback for all protocol versions - but it - * is preferred to use a dedicated callback for TLSv1.3. For TLSv1.3 we - * have psk_find_session_cb. + * is preferred to use a dedicated callback for (D)TLSv1.3. For + * (D)TLSv1.3 we have psk_find_session_cb. */ return 0; } @@ -1073,6 +1073,9 @@ int s_server_main(int argc, char *argv[]) #endif #ifndef OPENSSL_NO_SRTP char *srtp_profiles = NULL; +#endif +#if !(defined(OPENSSL_NO_NEXTPROTONEG) && defined(OPENSSL_NO_PSK)) + int version1_3; #endif int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0; int s_server_verify = SSL_VERIFY_NONE; @@ -1724,6 +1727,10 @@ int s_server_main(int argc, char *argv[]) } } +#if !(defined(OPENSSL_NO_NEXTPROTONEG) && defined(OPENSSL_NO_PSK)) + version1_3 = (socket_type == SOCK_DGRAM) ? DTLS1_3_VERSION : TLS1_3_VERSION; +#endif + /* No extra arguments. */ if (!opt_check_rest_arg(NULL)) goto opthelp; @@ -1732,7 +1739,7 @@ int s_server_main(int argc, char *argv[]) goto end; #ifndef OPENSSL_NO_NEXTPROTONEG - if (min_version == TLS1_3_VERSION && next_proto_neg_in != NULL) { + if (min_version == version1_3 && next_proto_neg_in != NULL) { BIO_printf(bio_err, "Cannot supply -nextprotoneg with TLSv1.3\n"); goto opthelp; } @@ -2222,7 +2229,7 @@ int s_server_main(int argc, char *argv[]) } if (psk_identity_hint != NULL) { - if (min_version == TLS1_3_VERSION) { + if (min_version == version1_3) { BIO_printf(bio_s_out, "PSK warning: there is NO identity hint in TLSv1.3\n"); } else { if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) { diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c index 427655d1c29..317ec169fb6 100644 --- a/ssl/record/methods/tls_common.c +++ b/ssl/record/methods/tls_common.c @@ -148,6 +148,7 @@ int tls_setup_write_buffer(OSSL_RECORD_LAYER *rl, size_t numwpipes, size_t currpipe; size_t defltlen = 0; size_t contenttypelen = 0; + const int version1_3 = rl->isdtls ? DTLS1_3_VERSION : TLS1_3_VERSION; if (firstlen == 0 || (numwpipes > 1 && nextlen == 0)) { if (rl->isdtls) @@ -155,8 +156,8 @@ int tls_setup_write_buffer(OSSL_RECORD_LAYER *rl, size_t numwpipes, else headerlen = SSL3_RT_HEADER_LENGTH; - /* TLSv1.3 adds an extra content type byte after payload data */ - if (rl->version == TLS1_3_VERSION) + /* (D)TLSv1.3 adds an extra content type byte after payload data */ + if (rl->version == version1_3) contenttypelen = 1; #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0 diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 4aef1495200..714d64403a2 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -1208,8 +1208,10 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex) { - int level, minbits, pfs_mask; + int level, minbits, pfs_mask, minversion; const SSL_CONNECTION *sc; + const int version1_3 = SSL_is_dtls(s) ? DTLS1_3_VERSION : TLS1_3_VERSION; + const int version1_2 = SSL_is_dtls(s) ? DTLS1_2_VERSION : TLS1_2_VERSION; minbits = ssl_get_security_level_bits(s, ctx, &level); @@ -1240,9 +1242,12 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, /* SHA1 HMAC is 160 bits of security */ if (minbits > 160 && c->algorithm_mac & SSL_SHA1) return 0; + /* Level 3: forward secure ciphersuites only */ pfs_mask = SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK; - if (level >= 3 && c->min_tls != TLS1_3_VERSION && + minversion = SSL_is_dtls(s) ? c->min_dtls : c->min_tls; + + if (level >= 3 && minversion != version1_3 && !(c->algorithm_mkey & pfs_mask)) return 0; break; @@ -1250,15 +1255,9 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, case SSL_SECOP_VERSION: if ((sc = SSL_CONNECTION_FROM_CONST_SSL(s)) == NULL) return 0; - if (!SSL_CONNECTION_IS_DTLS(sc)) { - /* SSLv3, TLS v1.0 and TLS v1.1 only allowed at level 0 */ - if (nid <= TLS1_1_VERSION && level > 0) + /* SSLv3, TLS v1.0 and TLS v1.1 and DTLS v1.0 only allowed at level 0 */ + if (ssl_version_cmp(sc, nid, version1_2) < 0 && level > 0) return 0; - } else { - /* DTLS v1.0 only allowed at level 0 */ - if (DTLS_VERSION_LT(nid, DTLS1_2_VERSION) && level > 0) - return 0; - } break; case SSL_SECOP_COMPRESSION: diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index e5d6237176c..2e9c26a231b 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1354,15 +1354,23 @@ static int update_cipher_list(SSL_CTX *ctx, return 0; /* - * Delete any existing TLSv1.3 ciphersuites. These are always first in the + * Delete any existing (D)TLSv1.3 ciphersuites. These are always first in the * list. */ - while (sk_SSL_CIPHER_num(tmp_cipher_list) > 0 - && sk_SSL_CIPHER_value(tmp_cipher_list, 0)->min_tls - == TLS1_3_VERSION) + + while (sk_SSL_CIPHER_num(tmp_cipher_list) > 0) { + const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(tmp_cipher_list, 0); + const int version1_3 = SSL_CTX_IS_DTLS(ctx) ? DTLS1_3_VERSION + : TLS1_3_VERSION; + const int minversion = SSL_CTX_IS_DTLS(ctx) ? cipher->min_dtls + : cipher->min_tls; + + if (minversion != version1_3) + break; (void)sk_SSL_CIPHER_delete(tmp_cipher_list, 0); + } - /* Insert the new TLSv1.3 ciphersuites */ + /* Insert the new (D)TLSv1.3 ciphersuites */ for (i = sk_SSL_CIPHER_num(tls13_ciphersuites) - 1; i >= 0; i--) { const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 3c3b6a29046..5642ea1282a 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -473,6 +473,10 @@ static int ssl_check_allowed_versions(int min_version, int max_version) min_version = DTLS1_VERSION; if (max_version == 0) max_version = DTLS1_3_VERSION; +#ifdef OPENSSL_NO_DTLS1_3 + if (max_version == DTLS1_3_VERSION) + max_version = DTLS1_2_VERSION; +#endif #ifdef OPENSSL_NO_DTLS1_2 if (max_version == DTLS1_2_VERSION) max_version = DTLS1_VERSION; @@ -490,6 +494,10 @@ static int ssl_check_allowed_versions(int min_version, int max_version) #ifdef OPENSSL_NO_DTLS1_2 || (DTLS_VERSION_GE(min_version, DTLS1_2_VERSION) && DTLS_VERSION_GE(DTLS1_2_VERSION, max_version)) +#endif +#ifdef OPENSSL_NO_DTLS1_3 + || (DTLS_VERSION_GE(min_version, DTLS1_3_VERSION) + && DTLS_VERSION_GE(DTLS1_3_VERSION, max_version)) #endif ) return 0; @@ -943,6 +951,9 @@ int SSL_is_dtls(const SSL *s) { SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + if (s == NULL) + return 0; + #ifndef OPENSSL_NO_QUIC if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO) return 0; @@ -3315,16 +3326,21 @@ STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) * Distinguish between ciphers controlled by set_ciphersuite() and * set_cipher_list() when counting. */ -static int cipher_list_tls12_num(STACK_OF(SSL_CIPHER) *sk) +static int cipher_list_tls12_num(STACK_OF(SSL_CIPHER) *sk, int isdtls) { int i, num = 0; const SSL_CIPHER *c; + const int version1_3 = isdtls ? DTLS1_3_VERSION : TLS1_3_VERSION; if (sk == NULL) return 0; for (i = 0; i < sk_SSL_CIPHER_num(sk); ++i) { + int minversion; + c = sk_SSL_CIPHER_value(sk, i); - if (c->min_tls >= TLS1_3_VERSION) + minversion = isdtls ? c->min_dtls : c->min_tls; + + if (PROTOCOL_VERSION_CMP(isdtls, minversion, version1_3) >= 0) continue; num++; } @@ -3348,7 +3364,8 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) */ if (sk == NULL) return 0; - if (ctx->method->num_ciphers() > 0 && cipher_list_tls12_num(sk) == 0) { + if (ctx->method->num_ciphers() > 0 + && cipher_list_tls12_num(sk, SSL_CTX_IS_DTLS(ctx)) == 0) { ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH); return 0; } @@ -3372,7 +3389,8 @@ int SSL_set_cipher_list(SSL *s, const char *str) /* see comment in SSL_CTX_set_cipher_list */ if (sk == NULL) return 0; - if (ctx->method->num_ciphers() > 0 && cipher_list_tls12_num(sk) == 0) { + if (ctx->method->num_ciphers() > 0 + && cipher_list_tls12_num(sk, SSL_CONNECTION_IS_DTLS(sc)) == 0) { ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH); return 0; } diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 6914bc6fd49..b53338c99a3 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -56,6 +56,42 @@ # define DTLS_VERSION_GE(v1, v2) (dtls_ver_ordinal(v1) <= dtls_ver_ordinal(v2)) # define DTLS_VERSION_LT(v1, v2) (dtls_ver_ordinal(v1) > dtls_ver_ordinal(v2)) # define DTLS_VERSION_LE(v1, v2) (dtls_ver_ordinal(v1) >= dtls_ver_ordinal(v2)) +/* + * SSL/TLS version comparison + * + * Returns + * 0 if versiona is equal to versionb or if either are 0 or less + * 1 if versiona is greater than versionb + * -1 if versiona is less than versionb + */ +# define TLS_VERSION_CMP(versiona, versionb) \ + ((!ossl_assert((versiona) > 0) || !ossl_assert((versionb) > 0) \ + || (versiona) == (versionb)) ? 0 \ + : ((versiona) < (versionb) ? -1 : 1)) +/* + * DTLS version comparison + * + * Returns + * 0 if versiona is equal to versionb or if either are 0 or less + * 1 if versiona is greater than versionb + * -1 if versiona is less than versionb + */ +# define DTLS_VERSION_CMP(versiona, versionb) \ + ((!ossl_assert((versiona) > 0) || !ossl_assert((versionb) > 0) \ + || (versiona) == (versionb)) ? 0 \ + : (DTLS_VERSION_LT((versiona), \ + (versionb)) ? -1 : 1)) +/* + * SSL/TLS/DTLS version comparison + * + * Returns + * 0 if versiona is equal to versionb or if either are 0 or less + * 1 if versiona is greater than versionb + * -1 if versiona is less than versionb + */ +# define PROTOCOL_VERSION_CMP(isdtls, versiona, versionb) \ + ((isdtls) ? DTLS_VERSION_CMP(versiona, versionb) \ + : TLS_VERSION_CMP(versiona, versionb)) # define SSL_AD_NO_ALERT -1 @@ -1200,6 +1236,9 @@ struct ssl_ctx_st { # endif }; +# define SSL_CTX_IS_DTLS(ctx) \ + (((ctx)->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) != 0) + typedef struct cert_pkey_st CERT_PKEY; #define SSL_TYPE_SSL_CONNECTION 0 diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 70053c57a11..88f872c614c 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -824,6 +824,8 @@ int tls_parse_all_extensions(SSL_CONNECTION *s, int context, int should_add_extension(SSL_CONNECTION *s, unsigned int extctx, unsigned int thisctx, int max_version) { + const int version1_3 = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION : TLS1_3_VERSION; + /* Skip if not relevant for our context */ if ((extctx & thisctx) == 0) return 0; @@ -832,8 +834,7 @@ int should_add_extension(SSL_CONNECTION *s, unsigned int extctx, if (!extension_is_relevant(s, extctx, thisctx) || ((extctx & SSL_EXT_TLS1_3_ONLY) != 0 && (thisctx & SSL_EXT_CLIENT_HELLO) != 0 - && (SSL_CONNECTION_IS_DTLS(s) ? DTLS_VERSION_LT(max_version, DTLS1_3_VERSION) - : max_version < TLS1_3_VERSION))) + && ssl_version_cmp(s, max_version, version1_3) < 0)) return 0; return 1; @@ -1464,18 +1465,17 @@ static int final_key_share(SSL_CONNECTION *s, unsigned int context, int sent) * Find the first group we allow that is also in client's list */ for (i = 0; i < num_groups; i++) { - int version; + const int version1_3 = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION + : TLS1_3_VERSION; group_id = pgroups[i]; - version = SSL_CONNECTION_IS_DTLS(s) ? - DTLS1_3_VERSION : TLS1_3_VERSION; if (check_in_list(s, group_id, clntgroups, clnt_num_groups, 1) && tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED) - && tls_valid_group(s, group_id, version, - version, 0, NULL)) + && tls_valid_group(s, group_id, version1_3, + version1_3, 0, NULL)) break; } diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index ea8812becaf..741891e9373 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -143,6 +143,7 @@ static int use_ecc(SSL_CONNECTION *s, int min_version, int max_version) const uint16_t *pgroups = NULL; size_t num_groups, j; SSL *ssl = SSL_CONNECTION_GET_SSL(s); + const int version1_3 = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION : TLS1_3_VERSION; /* See if we support any ECC ciphersuites */ if (s->version == SSL3_VERSION) @@ -152,12 +153,14 @@ static int use_ecc(SSL_CONNECTION *s, int min_version, int max_version) end = sk_SSL_CIPHER_num(cipher_stack); for (i = 0; i < end; i++) { const SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i); + const int cipher_minversion = SSL_CONNECTION_IS_DTLS(s) ? c->min_dtls + : c->min_tls; alg_k = c->algorithm_mkey; alg_a = c->algorithm_auth; if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) || (alg_a & SSL_aECDSA) - || c->min_tls >= TLS1_3_VERSION) { + || ssl_version_cmp(s, cipher_minversion, version1_3) >= 0) { ret = 1; break; } @@ -217,7 +220,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, const uint16_t *pgroups = NULL; size_t num_groups = 0, i, tls13added = 0, added = 0; int min_version, max_version, reason; - const int isdtls = SSL_CONNECTION_IS_DTLS(s); + const int version1_3 = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION : TLS1_3_VERSION; reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL); if (reason != 0) { @@ -230,8 +233,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, * if we don't have EC support then we don't send this extension. */ if (!use_ecc(s, min_version, max_version)) - if ((!isdtls && max_version < TLS1_3_VERSION) - || (isdtls && DTLS_VERSION_LT(max_version, DTLS1_3_VERSION))) + if (ssl_version_cmp(s, max_version, version1_3) < 0) return EXT_RETURN_NOT_SENT; /* @@ -258,8 +260,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } - if ((okfortls13 && max_version == TLS1_3_VERSION) - || (okfortls13 && max_version == DTLS1_3_VERSION)) + if (okfortls13 && max_version == version1_3) tls13added++; added++; } @@ -273,8 +274,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, return EXT_RETURN_FAIL; } - if (tls13added == 0 && (max_version == TLS1_3_VERSION - || max_version == DTLS1_3_VERSION)) { + if (tls13added == 0 && max_version == version1_3) { SSLfatal_data(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_GROUPS, "No groups enabled for max supported SSL/TLS version"); return EXT_RETURN_FAIL; @@ -288,14 +288,14 @@ EXT_RETURN tls_construct_ctos_session_ticket(SSL_CONNECTION *s, WPACKET *pkt, size_t chainidx) { size_t ticklen; + const int version1_3 = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION : TLS1_3_VERSION; if (!tls_use_ticket(s)) return EXT_RETURN_NOT_SENT; if (!s->new_session && s->session != NULL && s->session->ext.tick != NULL - && s->session->ssl_version != TLS1_3_VERSION - && s->session->ssl_version != DTLS1_3_VERSION) { + && s->session->ssl_version != version1_3) { ticklen = s->session->ext.ticklen; } else if (s->session && s->ext.session_ticket != NULL && s->ext.session_ticket->data != NULL) { @@ -565,7 +565,8 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL_CONNECTION *s, WPACKET *pkt size_t chainidx) { int currv, min_version, max_version, reason; - int isdtls = SSL_CONNECTION_IS_DTLS(s); + const int isdtls = SSL_CONNECTION_IS_DTLS(s); + const int version1_3 = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION : TLS1_3_VERSION; reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL); if (reason != 0) { @@ -576,8 +577,7 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL_CONNECTION *s, WPACKET *pkt /* * Don't include this if we can't negotiate (D)TLSv1.3. */ - if ((!isdtls && max_version < TLS1_3_VERSION) - || (isdtls && DTLS_VERSION_LT(max_version, DTLS1_3_VERSION))) + if (ssl_version_cmp(s, max_version, version1_3) < 0) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions) @@ -587,19 +587,11 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL_CONNECTION *s, WPACKET *pkt return EXT_RETURN_FAIL; } - if (isdtls) { - for (currv = max_version; DTLS_VERSION_GE(currv, min_version); currv++) { - if (!WPACKET_put_bytes_u16(pkt, currv)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return EXT_RETURN_FAIL; - } - } - } else { - for (currv = max_version; currv >= min_version; currv--) { - if (!WPACKET_put_bytes_u16(pkt, currv)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return EXT_RETURN_FAIL; - } + for (currv = max_version; ssl_version_cmp(s, currv, min_version) >= 0; + isdtls ? currv++ : currv--) { + if (!WPACKET_put_bytes_u16(pkt, currv)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; } } if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) { @@ -725,14 +717,13 @@ EXT_RETURN tls_construct_ctos_key_share(SSL_CONNECTION *s, WPACKET *pkt, curve_id = s->s3.group_id; } else { for (i = 0; i < num_groups; i++) { - int version; + const int version1_3 = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION + : TLS1_3_VERSION; if (!tls_group_allowed(s, pgroups[i], SSL_SECOP_CURVE_SUPPORTED)) continue; - version = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION : TLS1_3_VERSION; - - if (!tls_valid_group(s, pgroups[i], version, version, + if (!tls_valid_group(s, pgroups[i], version1_3, version1_3, 0, NULL)) continue; @@ -803,15 +794,14 @@ EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt, SSL_SESSION *edsess = NULL; const EVP_MD *handmd = NULL; SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); + const int version1_3 = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION : TLS1_3_VERSION; if (s->hello_retry_request == SSL_HRR_PENDING) handmd = ssl_handshake_md(s); if (s->psk_use_session_cb != NULL && (!s->psk_use_session_cb(ussl, handmd, &id, &idlen, &psksess) - || (psksess != NULL - && psksess->ssl_version != TLS1_3_VERSION - && psksess->ssl_version != DTLS1_3_VERSION))) { + || (psksess != NULL && psksess->ssl_version != version1_3))) { SSL_SESSION_free(psksess); SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_PSK); return EXT_RETURN_FAIL; @@ -833,7 +823,6 @@ EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt, } else if (psklen > 0) { const unsigned char tls13_aes128gcmsha256_id[] = { 0x13, 0x01 }; const SSL_CIPHER *cipher; - int version; idlen = strlen(identity); if (idlen > PSK_MAX_IDENTITY_LEN) { @@ -854,12 +843,11 @@ EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt, } psksess = SSL_SESSION_new(); - version = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION : TLS1_3_VERSION; if (psksess == NULL || !SSL_SESSION_set1_master_key(psksess, psk, psklen) || !SSL_SESSION_set_cipher(psksess, cipher) - || !SSL_SESSION_set_protocol_version(psksess, version)) { + || !SSL_SESSION_set_protocol_version(psksess, version1_3)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); OPENSSL_cleanse(psk, psklen); return EXT_RETURN_FAIL; @@ -972,6 +960,7 @@ EXT_RETURN tls_construct_ctos_padding(SSL_CONNECTION *s, WPACKET *pkt, { unsigned char *padbytes; size_t hlen; + const int version1_3 = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION : TLS1_3_VERSION; if ((s->options & SSL_OP_TLSEXT_PADDING) == 0) return EXT_RETURN_NOT_SENT; @@ -991,7 +980,7 @@ EXT_RETURN tls_construct_ctos_padding(SSL_CONNECTION *s, WPACKET *pkt, * If we're going to send a PSK then that will be written out after this * extension, so we need to calculate how long it is going to be. */ - if ((s->session->ssl_version == TLS1_3_VERSION || s->session->ssl_version == DTLS1_3_VERSION) + if (s->session->ssl_version == version1_3 && s->session->ext.ticklen != 0 && s->session->cipher != NULL) { const EVP_MD *md = ssl_md(SSL_CONNECTION_GET_CTX(s), @@ -1053,6 +1042,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt, int dores = 0; SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); OSSL_TIME t; + const int version1_3 = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION : TLS1_3_VERSION; s->ext.tick_identity = 0; @@ -1066,7 +1056,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt, * If this is an incompatible or new session then we have nothing to resume * so don't add this extension. */ - if ((s->session->ssl_version != TLS1_3_VERSION && s->session->ssl_version != DTLS1_3_VERSION) + if (s->session->ssl_version != version1_3 || (s->session->ext.ticklen == 0 && s->psksession == NULL)) return EXT_RETURN_NOT_SENT; @@ -1818,6 +1808,7 @@ int tls_parse_stoc_supported_versions(SSL_CONNECTION *s, PACKET *pkt, X509 *x, size_t chainidx) { unsigned int version; + const int version1_3 = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION : TLS1_3_VERSION; if (!PACKET_get_net_2(pkt, &version) || PACKET_remaining(pkt) != 0) { @@ -1829,7 +1820,7 @@ int tls_parse_stoc_supported_versions(SSL_CONNECTION *s, PACKET *pkt, * The only protocol version we support which is valid in this extension in * a ServerHello is (D)TLSv1.3 therefore we shouldn't be getting anything else. */ - if (version != TLS1_3_VERSION && version != DTLS1_3_VERSION) { + if ((int)version != version1_3) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_PROTOCOL_VERSION_NUMBER); return 0; @@ -1873,7 +1864,8 @@ int tls_parse_stoc_key_share(SSL_CONNECTION *s, PACKET *pkt, if ((context & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0) { const uint16_t *pgroups = NULL; size_t i, num_groups; - int version; + const int version1_3 = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION + : TLS1_3_VERSION; if (PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); @@ -1896,11 +1888,9 @@ int tls_parse_stoc_key_share(SSL_CONNECTION *s, PACKET *pkt, break; } - version = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION : TLS1_3_VERSION; - if (i >= num_groups || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED) - || !tls_valid_group(s, group_id, version, version, 0, NULL)) { + || !tls_valid_group(s, group_id, version1_3, version1_3, 0, NULL)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); return 0; } diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index fb4275419ac..93f2ebd0868 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -652,8 +652,8 @@ int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt, } while (PACKET_remaining(&key_share_list) > 0) { - const int version13 = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION - : TLS1_3_VERSION; + const int version1_3 = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION + : TLS1_3_VERSION; if (!PACKET_get_net_2(&key_share_list, &group_id) || !PACKET_get_length_prefixed_2(&key_share_list, &encoded_pt) @@ -693,7 +693,7 @@ int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt, * We tolerate but ignore a group id that we don't think is * suitable for (D)TLSv1.3 */ - || !tls_valid_group(s, group_id, version13, version13, + || !tls_valid_group(s, group_id, version1_3, version1_3, 0, NULL)) { /* Share not suitable */ continue; @@ -739,6 +739,7 @@ int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, uint64_t tm, now; SSL *ssl = SSL_CONNECTION_GET_SSL(s); SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); + const int version1_3 = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION : TLS1_3_VERSION; /* Ignore any cookie if we're not set up to verify it */ if (sctx->verify_stateless_cookie_cb == NULL @@ -811,7 +812,7 @@ int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); return 0; } - if (version != TLS1_3_VERSION && version != DTLS1_3_VERSION) { + if ((int)version != version1_3) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_PROTOCOL_VERSION_NUMBER); return 0; @@ -1090,7 +1091,8 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, } else if (pskdatalen > 0) { const SSL_CIPHER *cipher; const unsigned char tls13_aes128gcmsha256_id[] = { 0x13, 0x01 }; - int version; + const int version1_3 = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION + : TLS1_3_VERSION; /* * We found a PSK using an old style callback. We don't know @@ -1105,14 +1107,12 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, } sess = SSL_SESSION_new(); - version = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION : TLS1_3_VERSION; if (sess == NULL || !SSL_SESSION_set1_master_key(sess, pskdata, pskdatalen) || !SSL_SESSION_set_cipher(sess, cipher) - || !SSL_SESSION_set_protocol_version(sess, - version)) { + || !SSL_SESSION_set_protocol_version(sess, version1_3)) { OPENSSL_cleanse(pskdata, pskdatalen); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 4b94dd8c1d4..e85354a3d04 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1155,10 +1155,9 @@ CON_FUNC_RETURN tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt) unsigned char *p; size_t sess_id_len; int i, protverr; + const int version1_3 = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION : TLS1_3_VERSION; #ifndef OPENSSL_NO_COMP SSL_COMP *comp; - int comp_version_limit = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION - : TLS1_3_VERSION; #endif SSL_SESSION *sess = s->session; unsigned char *session_id; @@ -1189,6 +1188,7 @@ CON_FUNC_RETURN tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt) * required to use same upon reply to HelloVerify */ if (SSL_CONNECTION_IS_DTLS(s)) { + /* TODO(DTLS-1.3): Check this bit for HRR */ size_t idx; i = 1; for (idx = 0; idx < sizeof(s->s3.client_random); idx++) { @@ -1248,9 +1248,7 @@ CON_FUNC_RETURN tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt) /* Session ID */ session_id = s->session->session_id; - if (s->new_session - || s->session->ssl_version == TLS1_3_VERSION - || s->session->ssl_version == DTLS1_3_VERSION) { + if (s->new_session || s->session->ssl_version == version1_3) { if (s->version == TLS1_3_VERSION && SSL_CONNECTION_MIDDLEBOX_IS_ENABLED(s)) { sess_id_len = sizeof(s->tmp_session_id); @@ -1268,7 +1266,7 @@ CON_FUNC_RETURN tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt) } else { assert(s->session->session_id_length <= sizeof(s->session->session_id)); sess_id_len = s->session->session_id_length; - if (s->version == TLS1_3_VERSION || s->version == DTLS1_3_VERSION) { + if (s->version == version1_3) { s->tmp_session_id_len = sess_id_len; memcpy(s->tmp_session_id, s->session->session_id, sess_id_len); } @@ -1315,7 +1313,7 @@ CON_FUNC_RETURN tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt) #ifndef OPENSSL_NO_COMP if (ssl_allow_compression(s) && sctx->comp_methods - && ssl_version_cmp(s, s->s3.tmp.max_ver, comp_version_limit) < 0) { + && ssl_version_cmp(s, s->s3.tmp.max_ver, version1_3) < 0) { int compnum = sk_SSL_COMP_num(sctx->comp_methods); for (i = 0; i < compnum; i++) { comp = sk_SSL_COMP_value(sctx->comp_methods, i); @@ -1455,6 +1453,9 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt) unsigned int sversion; unsigned int context; RAW_EXTENSION *extensions = NULL; + const int version1_3 = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION : TLS1_3_VERSION; + const unsigned int version1_2 = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_2_VERSION + : TLS1_2_VERSION; SSL *ssl = SSL_CONNECTION_GET_SSL(s); SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); #ifndef OPENSSL_NO_COMP @@ -1467,8 +1468,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt) } /* load the server random */ - if (((s->version == TLS1_3_VERSION && sversion == TLS1_2_VERSION) - || (s->version == DTLS1_3_VERSION && sversion == DTLS1_2_VERSION)) + if (s->version == version1_3 && sversion == version1_2 && PACKET_remaining(pkt) >= SSL3_RANDOM_SIZE && memcmp(hrrrandom, PACKET_data(pkt), SSL3_RANDOM_SIZE) == 0) { if (s->hello_retry_request != SSL_HRR_NONE) { @@ -1812,15 +1812,15 @@ static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL_CONNECTION *s, PACKET *extpkt) { RAW_EXTENSION *extensions = NULL; - const int isdtls = SSL_CONNECTION_IS_DTLS(s); + const int version1_3 = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION : TLS1_3_VERSION; + const int versionany = SSL_CONNECTION_IS_DTLS(s) ? DTLS_ANY_VERSION : TLS_ANY_VERSION; /* * If we were sending early_data then any alerts should not be sent using * the old wrlmethod. */ if (s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING - && !ssl_set_new_record_layer(s, - isdtls ? DTLS_ANY_VERSION : TLS_ANY_VERSION, + && !ssl_set_new_record_layer(s, versionany, OSSL_RECORD_DIRECTION_WRITE, OSSL_RECORD_PROTECTION_LEVEL_NONE, NULL, 0, NULL, 0, NULL, 0, NULL, 0, @@ -1829,7 +1829,7 @@ static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL_CONNECTION *s, goto err; } /* We are definitely going to be using TLSv1.3 */ - s->rlayer.wrlmethod->set_protocol_version(s->rlayer.wrl, isdtls ? DTLS1_3_VERSION : TLS1_3_VERSION); + s->rlayer.wrlmethod->set_protocol_version(s->rlayer.wrl, version1_3); if (!tls_collect_extensions(s, extpkt, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST, &extensions, NULL, 1) diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 4a83ee3c558..aedf6c13ee9 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1798,14 +1798,7 @@ int ssl_version_cmp(const SSL_CONNECTION *s, int versiona, int versionb) { int dtls = SSL_CONNECTION_IS_DTLS(s); - if (!ossl_assert(versiona > 0) || !ossl_assert(versionb > 0)) - return 0; - - if (versiona == versionb) - return 0; - if (!dtls) - return versiona < versionb ? -1 : 1; - return DTLS_VERSION_LT(versiona, versionb) ? -1 : 1; + return PROTOCOL_VERSION_CMP(dtls, versiona, versionb); } typedef struct { diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 18a7f9c6e07..9160cd93b87 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -582,8 +582,12 @@ static int add_provider_sigalgs(const OSSL_PARAM params[], void *data) ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT); goto err; } - if ((sinf->mintls != 0) && (sinf->mintls != -1) && - ((sinf->mintls < TLS1_3_VERSION))) { + if ((sinf->mintls != 0) && (sinf->mintls != -1) + /* + * There are no discrepancies for signature algs between comparable + * versions of tls and dtls. Hence we check tls versions only. + */ + && ((sinf->mintls < TLS1_3_VERSION))) { /* ignore this sigalg as this OpenSSL doesn't know how to handle it */ ret = 1; goto err; @@ -594,13 +598,21 @@ static int add_provider_sigalgs(const OSSL_PARAM params[], void *data) ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT); goto err; } - if ((sinf->maxtls != 0) && (sinf->maxtls != -1) && - ((sinf->maxtls < sinf->mintls))) { + if ((sinf->maxtls != 0) && (sinf->maxtls != -1) + /* + * There are no discrepancies for signature algs between comparable + * versions of tls and dtls. Hence we check tls versions only. + */ + && ((sinf->maxtls < sinf->mintls))) { ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT); goto err; } - if ((sinf->maxtls != 0) && (sinf->maxtls != -1) && - ((sinf->maxtls < TLS1_3_VERSION))) { + if ((sinf->maxtls != 0) && (sinf->maxtls != -1) + /* + * There are no discrepancies for signature algs between comparable + * versions of tls and dtls. Hence we check tls versions only. + */ + && ((sinf->maxtls < TLS1_3_VERSION))) { /* ignore this sigalg as this OpenSSL doesn't know how to handle it */ ret = 1; goto err; @@ -851,6 +863,7 @@ int tls_valid_group(SSL_CONNECTION *s, uint16_t group_id, group_id); int ret; int group_minversion, group_maxversion; + const int version1_3 = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION : TLS1_3_VERSION; if (okfortls13 != NULL) *okfortls13 = 0; @@ -870,8 +883,7 @@ int tls_valid_group(SSL_CONNECTION *s, uint16_t group_id, if (group_minversion > 0) ret &= (ssl_version_cmp(s, maxversion, group_minversion) >= 0); - if (ret && okfortls13 != NULL && (maxversion == DTLS1_3_VERSION - || maxversion == TLS1_3_VERSION)) + if (ret && okfortls13 != NULL && maxversion == version1_3) *okfortls13 = (group_maxversion == 0) || (ssl_version_cmp(s, group_maxversion, maxversion) >= 0); ret &= !isec diff --git a/test/sslapitest.c b/test/sslapitest.c index fccdea2d297..a5cad9c53d8 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -11484,6 +11484,9 @@ static int check_version_string(SSL *s, int version) break; case DTLS1_2_VERSION: verstr = "DTLSv1.2"; + break; + case DTLS1_3_VERSION: + verstr = "DTLSv1.3"; } return TEST_str_eq(verstr, SSL_get_version(s));