Bug 1712883 - DTLS 1.3 draft-43 r=bbeurdouche

Differential Revision: https://phabricator.services.mozilla.com/D115969 --HG-- extra : moz-landing-system : lando
sailfishos-mirror · Jun 25, 2021 · c989bde · c989bde
1 parent e1e00f2
commit c989bde
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 12 deletions.
diff --git a/gtests/ssl_gtest/ssl_extension_unittest.cc b/gtests/ssl_gtest/ssl_extension_unittest.cc
@@ -174,11 +174,13 @@ class TlsExtensionTest13
     // Convert the version encoding for DTLS, if needed.
     if (variant_ == ssl_variant_datagram) {
       switch (version) {
-#ifdef DTLS_1_3_DRAFT_VERSION
         case SSL_LIBRARY_VERSION_TLS_1_3:
+#ifdef DTLS_1_3_DRAFT_VERSION
           version = 0x7f00 | DTLS_1_3_DRAFT_VERSION;
-          break;
+#else
+          version = SSL_LIBRARY_VERSION_DTLS_1_3_WIRE;
 #endif
+          break;
         case SSL_LIBRARY_VERSION_TLS_1_2:
           version = SSL_LIBRARY_VERSION_DTLS_1_2_WIRE;
           break;
@@ -1120,13 +1122,25 @@ TEST_P(TlsExtensionTest13, HrrThenRemoveSupportedGroups) {
 }
 
 TEST_P(TlsExtensionTest13, EmptyVersionList) {
-  static const uint8_t ext[] = {0x00, 0x00};
-  ConnectWithBogusVersionList(ext, sizeof(ext));
+  static const uint8_t kExt[] = {0x00, 0x00};
+  ConnectWithBogusVersionList(kExt, sizeof(kExt));
 }
 
 TEST_P(TlsExtensionTest13, OddVersionList) {
-  static const uint8_t ext[] = {0x00, 0x01, 0x00};
-  ConnectWithBogusVersionList(ext, sizeof(ext));
+  static const uint8_t kExt[] = {0x00, 0x01, 0x00};
+  ConnectWithBogusVersionList(kExt, sizeof(kExt));
+}
+
+// Use the stream version number for TLS 1.3 (0x0304) in DTLS.
+TEST_F(TlsConnectDatagram13, TlsVersionInDtls) {
+  static const uint8_t kExt[] = {0x02, 0x03, 0x04};
+
+  DataBuffer versions_buf(kExt, sizeof(kExt));
+  MakeTlsFilter<TlsExtensionReplacer>(client_, ssl_tls13_supported_versions_xtn,
+                                      versions_buf);
+  ConnectExpectAlert(server_, kTlsAlertProtocolVersion);
+  client_->CheckErrorCode(SSL_ERROR_PROTOCOL_VERSION_ALERT);
+  server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_VERSION);
 }
 
 // TODO: this only tests extensions in server messages.  The client can extend

diff --git a/lib/ssl/ssl3prot.h b/lib/ssl/ssl3prot.h
@@ -14,7 +14,7 @@ typedef PRUint16 SSL3ProtocolVersion;
 /* version numbers are defined in sslproto.h */
 
 /* DTLS 1.3 is still a draft. */
-#define DTLS_1_3_DRAFT_VERSION 38
+#define DTLS_1_3_DRAFT_VERSION 43
 
 typedef PRUint16 ssl3CipherSuite;
 /* The cipher suites are defined in sslproto.h */

diff --git a/lib/ssl/sslproto.h b/lib/ssl/sslproto.h
@@ -31,7 +31,7 @@
 /* The DTLS versions used in the spec */
 #define SSL_LIBRARY_VERSION_DTLS_1_0_WIRE       ((~0x0100) & 0xffff)
 #define SSL_LIBRARY_VERSION_DTLS_1_2_WIRE       ((~0x0102) & 0xffff)
-#define SSL_LIBRARY_VERSION_DTLS_1_3_WIRE       SSL_LIBRARY_VERSION_DTLS_1_3
+#define SSL_LIBRARY_VERSION_DTLS_1_3_WIRE       ((~0x0103) & 0xffff)
 
 /* Certificate types */
 #define SSL_CT_X509_CERTIFICATE                 0x01

diff --git a/lib/ssl/tls13con.c b/lib/ssl/tls13con.c
@@ -6171,13 +6171,10 @@ PRUint16
 tls13_EncodeVersion(SSL3ProtocolVersion version, SSLProtocolVariant variant)
 {
     if (variant == ssl_variant_datagram) {
-        /* TODO: When DTLS 1.3 is out of draft, replace this with
-         * dtls_TLSVersionToDTLSVersion(). */
-        switch (version) {
 #ifdef DTLS_1_3_DRAFT_VERSION
+        switch (version) {
             case SSL_LIBRARY_VERSION_TLS_1_3:
                 return 0x7f00 | DTLS_1_3_DRAFT_VERSION;
-#endif
             case SSL_LIBRARY_VERSION_TLS_1_2:
                 return SSL_LIBRARY_VERSION_DTLS_1_2_WIRE;
             case SSL_LIBRARY_VERSION_TLS_1_1:
@@ -6186,6 +6183,9 @@ tls13_EncodeVersion(SSL3ProtocolVersion version, SSLProtocolVariant variant)
             default:
                 PORT_Assert(0);
         }
+#else
+        return dtls_TLSVersionToDTLSVersion();
+#endif
     }
     /* Stream-variant encodings do not change. */
     return (PRUint16)version;