Skip to content

Enable SCSV check unconditionally #10661

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
yosuke-wolfssl wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Enable SCSV check unconditionally #10661

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1881,7 +1881,6 @@ endif()
# - Truncated HMAC
# - Renegotiation indication
# - Secure renegotiation
# - Fallback SCSV

add_option(WOLFSSL_OCSP "Enable OCSP (default: disabled)" "no" "yes;no")
add_option(WOLFSSL_OCSPSTAPLING "Enable OCSP Stapling (default: disabled)" "no" "yes;no")
Expand Down
14 changes: 0 additions & 14 deletions configure.ac
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1250,7 +1250,6 @@ then
test "$enable_savecert" = "" && enable_savecert=yes
test "$enable_postauth" = "" && enable_postauth=yes
test "$enable_hrrcookie" = "" && enable_hrrcookie=yes
test "$enable_fallback_scsv" = "" && enable_fallback_scsv=yes
test "$enable_crl_monitor" = "" && enable_crl_monitor=yes
test "$enable_sni" = "" && enable_sni=yes
test "$enable_maxfragment" = "" && enable_maxfragment=yes
Expand Down Expand Up @@ -8313,18 +8312,6 @@ AC_ARG_ENABLE([secure-renegotiation-info],
)


# Fallback SCSV
AC_ARG_ENABLE([fallback-scsv],
[AS_HELP_STRING([--enable-fallback-scsv],[Enable Fallback SCSV (default: disabled)])],
[ ENABLED_FALLBACK_SCSV=$enableval ],
[ ENABLED_FALLBACK_SCSV=no ]
)

if test "x$ENABLED_FALLBACK_SCSV" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_FALLBACK_SCSV"
fi

# Exporting Keying Material
AC_ARG_ENABLE([keying-material],
Comment thread
yosuke-wolfssl marked this conversation as resolved.
[AS_HELP_STRING([--enable-keying-material],[Enable Keying Material Exporters (default: disabled)])],
Expand Down Expand Up @@ -12937,7 +12924,6 @@ echo " * Session Ticket: $ENABLED_SESSION_TICKET"
echo " * Extended Master Secret: $ENABLED_EXTENDED_MASTER"
echo " * Renegotiation Indication: $ENABLED_RENEGOTIATION_INDICATION"
echo " * Secure Renegotiation: $ENABLED_SECURE_RENEGOTIATION"
echo " * Fallback SCSV: $ENABLED_FALLBACK_SCSV"
echo " * Keying Material Exporter: $ENABLED_KEYING_MATERIAL"
echo " * All TLS Extensions: $ENABLED_TLSX"
echo " * S/MIME: $ENABLED_SMIME"
Expand Down
1 change: 0 additions & 1 deletion examples/configs/user_settings_all.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,6 @@ extern "C" {
#define WOLFSSL_POST_HANDSHAKE_AUTH
#define WOLFSSL_SEND_HRR_COOKIE /* Used by DTLS v1.3 */
#define HAVE_ANON /* anon cipher suites */
#define HAVE_FALLBACK_SCSV /* TLS_FALLBACK_SCSV */
#define WOLFSSL_EARLY_DATA
#define HAVE_SERVER_RENEGOTIATION_INFO

Expand Down
19 changes: 14 additions & 5 deletions src/internal.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,6 @@
* WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION:
* Testing mode for Apple cert validation default: off
* HAVE_DANE: DNS-based cert validation (DNSSEC) default: off
* HAVE_FALLBACK_SCSV: TLS Fallback SCSV anti-downgrade default: off
* WOLFSSL_ACERT: Attribute certificate support default: off
* WOLFSSL_DEBUG_CERTS: Debug logging for cert processing default: off
* WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY:
Expand Down Expand Up @@ -38463,6 +38462,7 @@ static int AddPSKtoPreMasterSecret(WOLFSSL* ssl)
word32 begin = i;
int ret = 0;
byte lesserVersion;
byte maxMinor;

WOLFSSL_START(WC_FUNC_CLIENT_HELLO_DO);
WOLFSSL_ENTER("DoClientHello");
Expand Down Expand Up @@ -38526,6 +38526,14 @@ static int AddPSKtoPreMasterSecret(WOLFSSL* ssl)
if (pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_3_MINOR)
pv.minor = TLSv1_2_MINOR;

/* Snapshot the server's effective max version before the downgrade
* logic below lowers ssl->version.minor to the negotiated version.
* This honors runtime restrictions (e.g. SSL_OP_NO_TLSv1_3 on a
* TLS 1.3 capable method), unlike ssl->ctx->method->version.minor.
* Used by the TLS_FALLBACK_SCSV check, which runs after the cipher
* suites are parsed (and thus after ssl->version.minor is mutated). */
maxMinor = ssl->version.minor;

lesserVersion = (byte)(!ssl->options.dtls &&
ssl->version.minor > pv.minor);
lesserVersion |= ssl->options.dtls &&ssl->version.minor < pv.minor;
Expand Down Expand Up @@ -38810,18 +38818,19 @@ static int AddPSKtoPreMasterSecret(WOLFSSL* ssl)
}
}
#endif /* HAVE_SERVER_RENEGOTIATION_INFO */
#if defined(HAVE_FALLBACK_SCSV) || defined(OPENSSL_ALL)
/* check for TLS_FALLBACK_SCSV suite */
/* Check for TLS_FALLBACK_SCSV (RFC 7507). Always enforced. */
if (FindSuite(ssl->clSuites, TLS_FALLBACK_SCSV, 0) >= 0) {
WOLFSSL_MSG("Found Fallback SCSV");
if (ssl->ctx->method->version.minor > pv.minor) {
/* Abort if the server supports a version higher than the client
* offered. DTLS version minors decrease as the version increases. */
if ((!ssl->options.dtls && maxMinor > pv.minor) ||
(ssl->options.dtls && maxMinor < pv.minor)) {
WOLFSSL_MSG("Client trying to connect with lesser version");
SendAlert(ssl, alert_fatal, inappropriate_fallback);
ret = VERSION_ERROR;
goto out;
}
}
#endif

i += ssl->clSuites->suiteSz;
ssl->clSuites->hashSigAlgoSz = 0;
Expand Down
Loading
Loading