Add missing protocol enumerators, report TLS 1.3 if negotiated

1. Remove the conditional inclusion of DTLS versions, they made difficult and unnecessary ugly adding new protocols (something like TlsV1_2OrLater + 4). 2. OpenSSL 1.1.1 first introduced TLS 1.3 support. OpenSSL 1.1 back-end is compatible with OpenSSL 1.1.1, but would fail to extract/report protocol versions and set versions like 'TLS 1.3 only' or 'TLS 1.3 or better' on a new context. Given 1.1.1 is deployed/adapted fast by different distros, and 5.12 is LTS, we fix this issue by introducing QSsl::Tls1_3 and QSsl::Tls1_3OrLater. SecureTransport, WinRT and OpenSSL below 1.1.1 will report an error in case the application requests this protocol (SecureTransport in future will probably enable TLS 1.3). Saying all that, TLS 1.3 support is experimental in QSslSocket. Done-by: Albert Astals Cid <[email protected]> Done-by: Timur Pocheptsov <[email protected]> Change-Id: I4a97cc789b62763763cf41c44157ef0a9fd6cbec Reviewed-by: Lars Knoll <[email protected]>
zhangzhuo520 · Nov 7, 2018 · b3ae87f · b3ae87f
1 parent ac4d954
commit b3ae87f
Show file tree

Hide file tree

Showing 10 changed files with 182 additions and 15 deletions.
diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp
@@ -129,6 +129,8 @@ Q_LOGGING_CATEGORY(lcSsl, "qt.network.ssl");
     \value DtlsV1_0OrLater DTLSv1.0 and later versions.
     \value DtlsV1_2 DTLSv1.2
     \value DtlsV1_2OrLater DTLSv1.2 and later versions.
+    \value TlsV1_3 TLSv1.3. (Since Qt 5.12)
+    \value TlsV1_3OrLater TLSv1.3 and later versions. (Since Qt 5.12)
     \value UnknownProtocol The cipher's protocol cannot be determined.
     \value AnyProtocol The socket understands SSLv2, SSLv3, TLSv1.0 and all
     supported later versions of TLS. This value is used by QSslSocket only.

diff --git a/src/network/ssl/qssl.h b/src/network/ssl/qssl.h
@@ -91,12 +91,13 @@ namespace QSsl {
         TlsV1_1OrLater,
         TlsV1_2OrLater,
 
-#if QT_CONFIG(dtls) || defined(Q_CLANG_QDOC)
         DtlsV1_0,
         DtlsV1_0OrLater,
         DtlsV1_2,
         DtlsV1_2OrLater,
-#endif
+
+        TlsV1_3,
+        TlsV1_3OrLater,
 
         UnknownProtocol = -1
     };

diff --git a/src/network/ssl/qsslcontext_openssl11.cpp b/src/network/ssl/qsslcontext_openssl11.cpp
@@ -105,7 +105,24 @@ void QSslContext::initSslContext(QSslContext *sslContext, QSslSocket::SslMode mo
             isDtls = true;
             sslContext->ctx = q_SSL_CTX_new(client ? q_DTLS_client_method() : q_DTLS_server_method());
             break;
+#else // dtls
+        case QSsl::DtlsV1_0:
+        case QSsl::DtlsV1_0OrLater:
+        case QSsl::DtlsV1_2:
+        case QSsl::DtlsV1_2OrLater:
+            sslContext->ctx = nullptr;
+            unsupportedProtocol = true;
+            qCWarning(lcSsl, "DTLS protocol requested, but feature 'dtls' is disabled");
+            break;
 #endif // dtls
+        case QSsl::TlsV1_3:
+        case QSsl::TlsV1_3OrLater:
+#if !defined(TLS1_3_VERSION)
+            qCWarning(lcSsl, "TLS 1.3 is not supported");
+            sslContext->ctx = nullptr;
+            unsupportedProtocol = true;
+            break;
+#endif // TLS1_3_VERSION
         default:
             // The ssl options will actually control the supported methods
             sslContext->ctx = q_SSL_CTX_new(client ? q_TLS_client_method() : q_TLS_server_method());
@@ -155,6 +172,16 @@ void QSslContext::initSslContext(QSslContext *sslContext, QSslSocket::SslMode mo
         minVersion = TLS1_2_VERSION;
         maxVersion = TLS1_2_VERSION;
         break;
+    case QSsl::TlsV1_3:
+#ifdef TLS1_3_VERSION
+        minVersion = TLS1_3_VERSION;
+        maxVersion = TLS1_3_VERSION;
+#else
+        // This protocol is not supported by OpenSSL 1.1 and we handle
+        // it as an error (see the code above).
+        Q_UNREACHABLE();
+#endif // TLS1_3_VERSION
+        break;
     // Ranges:
     case QSsl::TlsV1SslV3:
     case QSsl::AnyProtocol:
@@ -192,6 +219,17 @@ void QSslContext::initSslContext(QSslContext *sslContext, QSslSocket::SslMode mo
         maxVersion = DTLS_MAX_VERSION;
         break;
 #endif // dtls
+    case QSsl::TlsV1_3OrLater:
+#ifdef TLS1_3_VERSION
+        minVersion = TLS1_3_VERSION;
+        maxVersion = 0;
+        break;
+#else
+        // This protocol is not supported by OpenSSL 1.1 and we handle
+        // it as an error (see the code above).
+        Q_UNREACHABLE();
+        break;
+#endif // TLS1_3_VERSION
     case QSsl::SslV2:
         // This protocol is not supported by OpenSSL 1.1 and we handle
         // it as an error (see the code above).
@@ -223,23 +261,52 @@ void QSslContext::initSslContext(QSslContext *sslContext, QSslSocket::SslMode mo
     // http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html
     q_SSL_CTX_set_mode(sslContext->ctx, SSL_MODE_RELEASE_BUFFERS);
 
+    auto filterCiphers = [](const QList<QSslCipher> &ciphers, bool selectTls13)
+    {
+        QByteArray cipherString;
+        bool first = true;
+
+        for (const QSslCipher &cipher : qAsConst(ciphers)) {
+            const bool isTls13Cipher = cipher.protocol() == QSsl::TlsV1_3 || cipher.protocol() == QSsl::TlsV1_3OrLater;
+            if (selectTls13 != isTls13Cipher)
+                continue;
+
+            if (first)
+                first = false;
+            else
+                cipherString.append(':');
+            cipherString.append(cipher.name().toLatin1());
+        }
+        return cipherString;
+    };
+
     // Initialize ciphers
-    QByteArray cipherString;
-    bool first = true;
     QList<QSslCipher> ciphers = sslContext->sslConfiguration.ciphers();
     if (ciphers.isEmpty())
         ciphers = isDtls ? q_getDefaultDtlsCiphers() : QSslSocketPrivate::defaultCiphers();
 
-    for (const QSslCipher &cipher : qAsConst(ciphers)) {
-        if (first)
-            first = false;
-        else
-            cipherString.append(':');
-        cipherString.append(cipher.name().toLatin1());
+    const QByteArray preTls13Ciphers = filterCiphers(ciphers, false);
+
+    if (preTls13Ciphers.size()) {
+        if (!q_SSL_CTX_set_cipher_list(sslContext->ctx, preTls13Ciphers.data())) {
+            sslContext->errorStr = QSslSocket::tr("Invalid or empty cipher list (%1)").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl());
+            sslContext->errorCode = QSslError::UnspecifiedError;
+            return;
+        }
     }
 
-    if (!q_SSL_CTX_set_cipher_list(sslContext->ctx, cipherString.data())) {
-        sslContext->errorStr = QSslSocket::tr("Invalid or empty cipher list (%1)").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl());
+    const QByteArray tls13Ciphers = filterCiphers(ciphers, true);
+#ifdef TLS1_3_VERSION
+    if (tls13Ciphers.size()) {
+        if (!q_SSL_CTX_set_ciphersuites(sslContext->ctx, tls13Ciphers.data())) {
+            sslContext->errorStr = QSslSocket::tr("Invalid or empty cipher list (%1)").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl());
+            sslContext->errorCode = QSslError::UnspecifiedError;
+            return;
+        }
+    }
+#endif // TLS1_3_VERSION
+    if (!preTls13Ciphers.size() && !tls13Ciphers.size()) {
+        sslContext->errorStr = QSslSocket::tr("Invalid or empty cipher list (%1)").arg(QStringLiteral(""));
         sslContext->errorCode = QSslError::UnspecifiedError;
         return;
     }

diff --git a/src/network/ssl/qsslcontext_opensslpre11.cpp b/src/network/ssl/qsslcontext_opensslpre11.cpp
@@ -104,6 +104,15 @@ void QSslContext::initSslContext(QSslContext *sslContext, QSslSocket::SslMode mo
         isDtls = true;
         sslContext->ctx = q_SSL_CTX_new(client ? q_DTLS_client_method() : q_DTLS_server_method());
         break;
+#else // dtls
+    case QSsl::DtlsV1_0:
+    case QSsl::DtlsV1_0OrLater:
+    case QSsl::DtlsV1_2:
+    case QSsl::DtlsV1_2OrLater:
+        sslContext->ctx = nullptr;
+        unsupportedProtocol = true;
+        qCWarning(lcSsl, "DTLS protocol requested, but feature 'dtls' is disabled");
+        break;
 #endif // dtls
     case QSsl::SslV2:
 #ifndef OPENSSL_NO_SSL2
@@ -168,6 +177,12 @@ void QSslContext::initSslContext(QSslContext *sslContext, QSslSocket::SslMode mo
         unsupportedProtocol = true;
 #endif
         break;
+    case QSsl::TlsV1_3:
+    case QSsl::TlsV1_3OrLater:
+        // TLS 1.3 is not supported by the system, but chosen deliberately -> error
+        sslContext->ctx = nullptr;
+        unsupportedProtocol = true;
+        break;
     }
 
     if (!client && isDtls && configuration.peerVerifyMode() != QSslSocket::VerifyNone) {

diff --git a/src/network/ssl/qsslsocket_mac.cpp b/src/network/ssl/qsslsocket_mac.cpp
@@ -1110,6 +1110,18 @@ bool QSslSocketBackendPrivate::setSessionProtocol()
         return false;
     }
 
+    // SecureTransport has kTLSProtocol13 constant and also, kTLSProtocolMaxSupported.
+    // Calling SSLSetProtocolVersionMax/Min with any of these two constants results
+    // in errInvalidParam and a failure to set the protocol version. This means
+    // no TLS 1.3 on macOS and iOS.
+    switch (configuration.protocol) {
+    case QSsl::TlsV1_3:
+    case QSsl::TlsV1_3OrLater:
+        qCWarning(lcSsl) << plainSocket << "SecureTransport does not support TLS 1.3";
+        return false;
+    default:;
+    }
+
     OSStatus err = errSecSuccess;
 
     if (configuration.protocol == QSsl::SslV3) {

diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
@@ -180,6 +180,8 @@ QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(const SSL_CIPHER
             ciph.d->protocol = QSsl::TlsV1_1;
         else if (protoString == QLatin1String("TLSv1.2"))
             ciph.d->protocol = QSsl::TlsV1_2;
+        else if (protoString == QLatin1String("TLSv1.3"))
+            ciph.d->protocol = QSsl::TlsV1_3;
 
         if (descriptionList.at(2).startsWith(QLatin1String("Kx=")))
             ciph.d->keyExchangeMethod = descriptionList.at(2).mid(3).toString();
@@ -291,6 +293,8 @@ long QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SslProtocol protocol, Q
         options = SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1;
     else if (protocol == QSsl::TlsV1_2OrLater)
         options = SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1;
+    else if (protocol == QSsl::TlsV1_3OrLater)
+        options = SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2;
 #endif
     else
         options = SSL_OP_ALL;
@@ -1294,6 +1298,8 @@ QSsl::SslProtocol QSslSocketBackendPrivate::sessionProtocol() const
         return QSsl::TlsV1_1;
     case 0x303:
         return QSsl::TlsV1_2;
+    case 0x304:
+        return QSsl::TlsV1_3;
     }
 
     return QSsl::UnknownProtocol;

diff --git a/src/network/ssl/qsslsocket_openssl11_symbols_p.h b/src/network/ssl/qsslsocket_openssl11_symbols_p.h
@@ -130,6 +130,10 @@ const char *q_OpenSSL_version(int type);
 unsigned long q_SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *session);
 unsigned long q_SSL_set_options(SSL *s, unsigned long op);
 
+#ifdef TLS1_3_VERSION
+int q_SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str);
+#endif
+
 #if QT_CONFIG(dtls)
 // Functions and types required for DTLS support:
 extern "C"

diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
@@ -161,6 +161,7 @@ DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG)
 DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return)
 DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return)
 DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return)
+DEFINEFUNC2(int, SSL_CTX_set_ciphersuites, SSL_CTX *ctx, ctx, const char *str, str, return 0, return)
 DEFINEFUNC3(size_t, SSL_get_client_random, SSL *a, a, unsigned char *out, out, size_t outlen, outlen, return 0, return)
 DEFINEFUNC3(size_t, SSL_SESSION_get_master_key, const SSL_SESSION *ses, ses, unsigned char *out, out, size_t outlen, outlen, return 0, return)
 DEFINEFUNC6(int, CRYPTO_get_ex_new_index, int class_index, class_index, long argl, argl, void *argp, argp, CRYPTO_EX_new *new_func, new_func, CRYPTO_EX_dup *dup_func, dup_func, CRYPTO_EX_free *free_func, free_func, return -1, return)
@@ -966,6 +967,9 @@ bool q_resolveOpenSslSymbols()
     RESOLVEFUNC(OPENSSL_sk_value)
     RESOLVEFUNC(DH_get0_pqg)
     RESOLVEFUNC(SSL_CTX_set_options)
+#ifdef TLS1_3_VERSION
+    RESOLVEFUNC(SSL_CTX_set_ciphersuites)
+#endif // TLS 1.3 or OpenSSL > 1.1.1
     RESOLVEFUNC(SSL_get_client_random)
     RESOLVEFUNC(SSL_SESSION_get_master_key)
     RESOLVEFUNC(SSL_session_reused)

diff --git a/src/network/ssl/qsslsocket_winrt.cpp b/src/network/ssl/qsslsocket_winrt.cpp
@@ -251,6 +251,8 @@ void QSslSocketBackendPrivate::startClientEncryption()
     case QSsl::TlsV1_0OrLater:
     case QSsl::TlsV1_1OrLater:
     case QSsl::TlsV1_2OrLater:
+    case QSsl::TlsV1_3:
+    case QSsl::TlsV1_3OrLater:
         // TlsV1_0OrLater, TlsV1_1OrLater and TlsV1_2OrLater are disabled on WinRT
         // because there is no good way to map them to the native API.
         setErrorAndEmit(QAbstractSocket::SslInvalidUserDataError,

diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
@@ -1025,6 +1025,26 @@ void tst_QSslSocket::protocol()
         socket->abort();
     }
 #endif
+#ifdef TLS1_3_VERSION
+    {
+        // qt-test-server probably doesn't allow TLSV1.3
+        socket->setProtocol(QSsl::TlsV1_3);
+        QCOMPARE(socket->protocol(), QSsl::TlsV1_3);
+        socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
+        if (setProxy && !socket->waitForEncrypted())
+            QSKIP("TLS 1.3 is not supported by the test server or the test is flaky - see QTBUG-29941");
+        QCOMPARE(socket->protocol(), QSsl::TlsV1_3);
+        socket->abort();
+        QCOMPARE(socket->protocol(), QSsl::TlsV1_3);
+        socket->connectToHost(QtNetworkSettings::serverName(), 443);
+        QVERIFY2(socket->waitForConnected(), qPrintable(socket->errorString()));
+        socket->startClientEncryption();
+        if (setProxy && !socket->waitForEncrypted())
+            QSKIP("TLS 1.3 is not supported by the test server or the test is flaky - see QTBUG-29941");
+        QCOMPARE(socket->sessionProtocol(), QSsl::TlsV1_3);
+        socket->abort();
+    }
+#endif // TLS1_3_VERSION
 #if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT)
     {
         // qt-test-server allows SSLV2.
@@ -1279,7 +1299,9 @@ void tst_QSslSocket::protocolServerSide_data()
     QTest::newRow("tls1.0orlater-tls1.0") << QSsl::TlsV1_0OrLater << QSsl::TlsV1_0 << true;
     QTest::newRow("tls1.0orlater-tls1.1") << QSsl::TlsV1_0OrLater << QSsl::TlsV1_1 << true;
     QTest::newRow("tls1.0orlater-tls1.2") << QSsl::TlsV1_0OrLater << QSsl::TlsV1_2 << true;
-
+#ifdef TLS1_3_VERSION
+    QTest::newRow("tls1.0orlater-tls1.3") << QSsl::TlsV1_0OrLater << QSsl::TlsV1_3 << true;
+#endif
 #if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT)
     QTest::newRow("tls1.1orlater-ssl2") << QSsl::TlsV1_1OrLater << QSsl::SslV2 << false;
 #endif
@@ -1290,7 +1312,9 @@ void tst_QSslSocket::protocolServerSide_data()
     QTest::newRow("tls1.1orlater-tls1.0") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_0 << false;
     QTest::newRow("tls1.1orlater-tls1.1") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_1 << true;
     QTest::newRow("tls1.1orlater-tls1.2") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_2 << true;
-
+#ifdef TLS1_3_VERSION
+    QTest::newRow("tls1.1orlater-tls1.3") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_3 << true;
+#endif
 #if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT)
     QTest::newRow("tls1.2orlater-ssl2") << QSsl::TlsV1_2OrLater << QSsl::SslV2 << false;
 #endif
@@ -1300,6 +1324,21 @@ void tst_QSslSocket::protocolServerSide_data()
     QTest::newRow("tls1.2orlater-tls1.0") << QSsl::TlsV1_2OrLater << QSsl::TlsV1_0 << false;
     QTest::newRow("tls1.2orlater-tls1.1") << QSsl::TlsV1_2OrLater << QSsl::TlsV1_1 << false;
     QTest::newRow("tls1.2orlater-tls1.2") << QSsl::TlsV1_2OrLater << QSsl::TlsV1_2 << true;
+#ifdef TLS1_3_VERSION
+    QTest::newRow("tls1.2orlater-tls1.3") << QSsl::TlsV1_2OrLater << QSsl::TlsV1_3 << true;
+#endif
+#ifdef TLS1_3_VERSION
+#if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT)
+    QTest::newRow("tls1.3orlater-ssl2") << QSsl::TlsV1_3OrLater << QSsl::SslV2 << false;
+#endif
+#if !defined(OPENSSL_NO_SSL3)
+    QTest::newRow("tls1.3orlater-ssl3") << QSsl::TlsV1_3OrLater << QSsl::SslV3 << false;
+#endif
+    QTest::newRow("tls1.3orlater-tls1.0") << QSsl::TlsV1_3OrLater << QSsl::TlsV1_0 << false;
+    QTest::newRow("tls1.3orlater-tls1.1") << QSsl::TlsV1_3OrLater << QSsl::TlsV1_1 << false;
+    QTest::newRow("tls1.3orlater-tls1.2") << QSsl::TlsV1_3OrLater << QSsl::TlsV1_2 << false;
+    QTest::newRow("tls1.3orlater-tls1.3") << QSsl::TlsV1_3OrLater << QSsl::TlsV1_3 << true;
+#endif // TLS1_3_VERSION
 
     QTest::newRow("any-tls1.0") << QSsl::AnyProtocol << QSsl::TlsV1_0 << true;
     QTest::newRow("any-tls1ssl3") << QSsl::AnyProtocol << QSsl::TlsV1SslV3 << true;
@@ -3505,7 +3544,12 @@ class PskServer : public QTcpServer
         socket = new QSslSocket(this);
         socket->setSslConfiguration(config);
         socket->setPeerVerifyMode(peerVerifyMode);
-        socket->setProtocol(protocol);
+        if (QSslSocket::sslLibraryVersionNumber() > 0x10101000L) {
+            // FIXME. With OpenSSL 1.1.1 and TLS 1.3 PSK auto-test is broken.
+            socket->setProtocol(QSsl::TlsV1_2);
+        } else {
+            socket->setProtocol(protocol);
+        }
         if (ignoreSslErrors)
             connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot()));
 
@@ -3885,6 +3929,11 @@ void tst_QSslSocket::pskServer()
         return;
 
     QSslSocket socket;
+#ifdef TLS1_3_VERSION
+    // FIXME: with OpenSSL 1.1.1 (thus TLS 1.3) test is known to fail
+    // due to the different PSK mechanism (?) - to be investigated ASAP.
+    socket.setProtocol(QSsl::TlsV1_2);
+#endif
     this->socket = &socket;
 
     QSignalSpy connectedSpy(&socket, SIGNAL(connected()));
@@ -3970,6 +4019,11 @@ void tst_QSslSocket::signatureAlgorithm_data()
     if (QSslSocket::sslLibraryVersionNumber() < 0x10002000L)
         QSKIP("Signature algorithms cannot be tested with OpenSSL < 1.0.2");
 
+    if (QSslSocket::sslLibraryVersionNumber() >= 0x10101000L) {
+        // FIXME: investigate if this test makes any sense with TLS 1.3.
+        QSKIP("Test is not valid for TLS 1.3/OpenSSL 1.1.1");
+    }
+
     QTest::addColumn<QByteArrayList>("serverSigAlgPairs");
     QTest::addColumn<QSsl::SslProtocol>("serverProtocol");
     QTest::addColumn<QByteArrayList>("clientSigAlgPairs");