diff options
author | Martin Thomson <mt@lowentropy.net> | 2021-06-25 08:22:08 +0000 |
---|---|---|
committer | Martin Thomson <mt@lowentropy.net> | 2021-06-25 08:22:08 +0000 |
commit | a40f68f602ed87a229bc0fd85d598643a7e5eb64 (patch) | |
tree | 5029feaf64907fa0aaa57b701539c91824bd187b | |
parent | a5cf364d1116025f1ec8cf253e8092c4ba83c5af (diff) | |
download | nss-hg-a40f68f602ed87a229bc0fd85d598643a7e5eb64.tar.gz |
Bug 1712883 - DTLS 1.3 draft-43 r=bbeurdouche
Differential Revision: https://phabricator.services.mozilla.com/D115969
-rw-r--r-- | gtests/ssl_gtest/ssl_extension_unittest.cc | 26 | ||||
-rw-r--r-- | lib/ssl/ssl3prot.h | 2 | ||||
-rw-r--r-- | lib/ssl/sslproto.h | 2 | ||||
-rw-r--r-- | lib/ssl/tls13con.c | 8 |
4 files changed, 26 insertions, 12 deletions
diff --git a/gtests/ssl_gtest/ssl_extension_unittest.cc b/gtests/ssl_gtest/ssl_extension_unittest.cc index 2e201a6e8..418ef6134 100644 --- a/gtests/ssl_gtest/ssl_extension_unittest.cc +++ b/gtests/ssl_gtest/ssl_extension_unittest.cc @@ -174,11 +174,13 @@ class TlsExtensionTest13 // Convert the version encoding for DTLS, if needed. if (variant_ == ssl_variant_datagram) { switch (version) { -#ifdef DTLS_1_3_DRAFT_VERSION case SSL_LIBRARY_VERSION_TLS_1_3: +#ifdef DTLS_1_3_DRAFT_VERSION version = 0x7f00 | DTLS_1_3_DRAFT_VERSION; - break; +#else + version = SSL_LIBRARY_VERSION_DTLS_1_3_WIRE; #endif + break; case SSL_LIBRARY_VERSION_TLS_1_2: version = SSL_LIBRARY_VERSION_DTLS_1_2_WIRE; break; @@ -1120,13 +1122,25 @@ TEST_P(TlsExtensionTest13, HrrThenRemoveSupportedGroups) { } TEST_P(TlsExtensionTest13, EmptyVersionList) { - static const uint8_t ext[] = {0x00, 0x00}; - ConnectWithBogusVersionList(ext, sizeof(ext)); + static const uint8_t kExt[] = {0x00, 0x00}; + ConnectWithBogusVersionList(kExt, sizeof(kExt)); } TEST_P(TlsExtensionTest13, OddVersionList) { - static const uint8_t ext[] = {0x00, 0x01, 0x00}; - ConnectWithBogusVersionList(ext, sizeof(ext)); + static const uint8_t kExt[] = {0x00, 0x01, 0x00}; + ConnectWithBogusVersionList(kExt, sizeof(kExt)); +} + +// Use the stream version number for TLS 1.3 (0x0304) in DTLS. +TEST_F(TlsConnectDatagram13, TlsVersionInDtls) { + static const uint8_t kExt[] = {0x02, 0x03, 0x04}; + + DataBuffer versions_buf(kExt, sizeof(kExt)); + MakeTlsFilter<TlsExtensionReplacer>(client_, ssl_tls13_supported_versions_xtn, + versions_buf); + ConnectExpectAlert(server_, kTlsAlertProtocolVersion); + client_->CheckErrorCode(SSL_ERROR_PROTOCOL_VERSION_ALERT); + server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_VERSION); } // TODO: this only tests extensions in server messages. The client can extend diff --git a/lib/ssl/ssl3prot.h b/lib/ssl/ssl3prot.h index b4c5a878a..31db46b41 100644 --- a/lib/ssl/ssl3prot.h +++ b/lib/ssl/ssl3prot.h @@ -14,7 +14,7 @@ typedef PRUint16 SSL3ProtocolVersion; /* version numbers are defined in sslproto.h */ /* DTLS 1.3 is still a draft. */ -#define DTLS_1_3_DRAFT_VERSION 38 +#define DTLS_1_3_DRAFT_VERSION 43 typedef PRUint16 ssl3CipherSuite; /* The cipher suites are defined in sslproto.h */ diff --git a/lib/ssl/sslproto.h b/lib/ssl/sslproto.h index 70daea0a1..beaee5178 100644 --- a/lib/ssl/sslproto.h +++ b/lib/ssl/sslproto.h @@ -31,7 +31,7 @@ /* The DTLS versions used in the spec */ #define SSL_LIBRARY_VERSION_DTLS_1_0_WIRE ((~0x0100) & 0xffff) #define SSL_LIBRARY_VERSION_DTLS_1_2_WIRE ((~0x0102) & 0xffff) -#define SSL_LIBRARY_VERSION_DTLS_1_3_WIRE SSL_LIBRARY_VERSION_DTLS_1_3 +#define SSL_LIBRARY_VERSION_DTLS_1_3_WIRE ((~0x0103) & 0xffff) /* Certificate types */ #define SSL_CT_X509_CERTIFICATE 0x01 diff --git a/lib/ssl/tls13con.c b/lib/ssl/tls13con.c index 1347f3fe2..267dafcdb 100644 --- a/lib/ssl/tls13con.c +++ b/lib/ssl/tls13con.c @@ -6171,13 +6171,10 @@ PRUint16 tls13_EncodeVersion(SSL3ProtocolVersion version, SSLProtocolVariant variant) { if (variant == ssl_variant_datagram) { - /* TODO: When DTLS 1.3 is out of draft, replace this with - * dtls_TLSVersionToDTLSVersion(). */ - switch (version) { #ifdef DTLS_1_3_DRAFT_VERSION + switch (version) { case SSL_LIBRARY_VERSION_TLS_1_3: return 0x7f00 | DTLS_1_3_DRAFT_VERSION; -#endif case SSL_LIBRARY_VERSION_TLS_1_2: return SSL_LIBRARY_VERSION_DTLS_1_2_WIRE; case SSL_LIBRARY_VERSION_TLS_1_1: @@ -6186,6 +6183,9 @@ tls13_EncodeVersion(SSL3ProtocolVersion version, SSLProtocolVariant variant) default: PORT_Assert(0); } +#else + return dtls_TLSVersionToDTLSVersion(); +#endif } /* Stream-variant encodings do not change. */ return (PRUint16)version; |