TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 8315811ea78cd4ddbd564b8bfb98ec1c23a45dd8^! / .
commit8315811ea78cd4ddbd564b8bfb98ec1c23a45dd8[log] [tgz]
authorGlenn Strauss <gstrauss@gluelogic.com>Wed Apr 13 14:59:34 2022 -0400
committerGlenn Strauss <gstrauss@gluelogic.com>Thu Apr 14 15:40:14 2022 -0400
tree146a735f46a4fe3bd3f71cbf06cb833c5a05acaf
parentbbdc83b55b2df836a6628631aa03c16d39e0a0d1 [diff]
Remove restrictive proto ver negotiation checks

Overly restrictive protocol version negotiation checks might be
"version intolerant".  TLS 1.3 and DTLS 1.3 move the version to
the "supported_versions" ClientHello extension.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>

diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 8f5ab9b..d24e11f 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c

@@ -1121,7 +1121,7 @@
 static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
 {
     const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
-    mbedtls_ssl_protocol_version tls_version;
+    uint16_t dtls_legacy_version;
     unsigned char cookie_len;
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse hello verify request" ) );
@@ -1146,15 +1146,15 @@
      * } HelloVerifyRequest;
      */
     MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
-    tls_version = mbedtls_ssl_read_version( p, ssl->conf->transport );
+    dtls_legacy_version = MBEDTLS_GET_UINT16_BE( p, 0 );
     p += 2;
 
     /*
-     * Since the RFC is not clear on this point, accept DTLS 1.0 (TLS 1.1)
-     * even if lower than our min version.
+     * Since the RFC is not clear on this point, accept DTLS 1.0 (0xfeff)
+     * The DTLS 1.3 (current draft) renames ProtocolVersion server_version to
+     * legacy_version and locks the value of legacy_version to 0xfefd (DTLS 1.2)
      */
-    if( tls_version < 0x0302 || /* TLSv1.1 */
-        tls_version > ssl->conf->max_tls_version )
+    if( dtls_legacy_version != 0xfefd && dtls_legacy_version != 0xfeff )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server version" ) );
 

diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 9e3e736..e4d8148 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c

@@ -1202,16 +1202,6 @@
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, protocol version: [%d:%d]",
                    buf[1], buf[2] ) );
 
-    /* According to RFC 5246 Appendix E.1, the version here is typically
-     * "{03,00}, the lowest version number supported by the client, [or] the
-     * value of ClientHello.client_version", so the only meaningful check here
-     * is the major version shouldn't be less than 3 */
-    if( mbedtls_ssl_read_version( buf + 1, ssl->conf->transport ) < 0x0300 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        return( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
-    }
-
     /* For DTLS if this is the initial handshake, remember the client sequence
      * number to use it in our next message (RFC 6347 4.2.1) */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)