Add cipher suite filtering when downgrade is disabled

When wolfSSL_SetVersion() is called to set a specific TLS version,
the downgrade flag is now set to 0. This causes wolfSSL_parse_cipher_list()
to no longer preserve cipher suites from the other TLS version group.

Previously, when using SSLv23 method and setting cipher suites for only
one TLS version (e.g., TLS 1.2), the library would preserve any existing
cipher suites from the other version (e.g., TLS 1.3) for OpenSSL API
compatibility. With this change, if a specific version is set via
wolfSSL_SetVersion(), only the cipher suites for that version are kept.

Author: anhu

src/ssl.c

@@ -5487,6 +5487,8 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version)
             return BAD_FUNC_ARG;
     }
 
+    ssl->options.downgrade = 0;
+
     #ifdef NO_RSA
         haveRSA = 0;
     #endif
@@ -9680,7 +9682,15 @@ static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
      *   - SSL_CTX_set_ciphersuites for setting TLS 1.3 suites
      * Since we direct both API here we attempt to provide API compatibility. If
      * we only get suites from <= 1.2 or == 1.3 then we will only update those
-     * suites and keep the suites from the other group. */
+     * suites and keep the suites from the other group.
+     * If downgrade is disabled, skip preserving the other group's suites. */
+    if ((ssl != NULL && !ssl->options.downgrade) ||
+        (ctx != NULL && !ctx->method->downgrade)) {
+        /* Downgrade disabled - don't preserve other group's suites */
+        WC_FREE_VAR_EX(suitesCpy, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return ret;
+    }
+
     for (i = 0; i < suitesCpySz &&
                 suites->suiteSz <= (WOLFSSL_MAX_SUITE_SZ - SUITE_LEN); i += 2) {
         /* Check for duplicates */

tests/api.c

@@ -2052,6 +2052,182 @@ static int test_wolfSSL_CTX_set_cipher_list_bytes(void)
     return EXPECT_RESULT();
 }
 
+#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && \
+    !defined(WOLFSSL_NO_TLS12) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
+/* Helper function to check if TLS 1.3 suites exist in the suites list */
+static int suites_has_tls13(const byte* suites, word16 suiteSz)
+{
+    word16 i;
+    for (i = 0; i < suiteSz; i += 2) {
+        if (suites[i] == 0x13) { /* TLS13_BYTE */
+            return 1;
+        }
+    }
+    return 0;
+}
+
+/* Helper function to check if TLS 1.2 (non-1.3) suites exist in the suites list */
+static int suites_has_tls12(const byte* suites, word16 suiteSz)
+{
+    word16 i;
+    for (i = 0; i < suiteSz; i += 2) {
+        if (suites[i] != 0x13) { /* Not TLS13_BYTE */
+            return 1;
+        }
+    }
+    return 0;
+}
+#endif
+
+/* Test 1: SSLv23 + set TLS 1.2 cipher -> TLS 1.3 suites should still be there */
+static int test_wolfSSL_set_cipher_list_tls12_keeps_tls13(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && \
+    !defined(WOLFSSL_NO_TLS12) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
+    defined(HAVE_ECC)
+    WOLFSSL_CTX* ctx = NULL;
+    WOLFSSL* ssl = NULL;
+
+#ifndef NO_WOLFSSL_CLIENT
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
+#else
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
+#endif
+
+    ExpectNotNull(ssl = wolfSSL_new(ctx));
+
+    /* Set only a TLS 1.2 cipher suite */
+    ExpectIntEQ(wolfSSL_set_cipher_list(ssl, "ECDHE-RSA-AES128-GCM-SHA256"),
+                WOLFSSL_SUCCESS);
+
+    /* TLS 1.3 suites should still be present (downgrade is enabled) */
+    ExpectNotNull(ssl->suites);
+    ExpectTrue(suites_has_tls13(ssl->suites->suites, ssl->suites->suiteSz));
+    /* The TLS 1.2 suite we set should also be there */
+    ExpectTrue(suites_has_tls12(ssl->suites->suites, ssl->suites->suiteSz));
+
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+#endif
+    return EXPECT_RESULT();
+}
+
+/* Test 2: SSLv23 + set TLS 1.3 cipher -> TLS 1.2 suites should still be there */
+static int test_wolfSSL_set_cipher_list_tls13_keeps_tls12(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && \
+    !defined(WOLFSSL_NO_TLS12) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
+    WOLFSSL_CTX* ctx = NULL;
+    WOLFSSL* ssl = NULL;
+
+#ifndef NO_WOLFSSL_CLIENT
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
+#else
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
+#endif
+
+    ExpectNotNull(ssl = wolfSSL_new(ctx));
+
+    /* Set only a TLS 1.3 cipher suite */
+    ExpectIntEQ(wolfSSL_set_cipher_list(ssl, "TLS_AES_128_GCM_SHA256"),
+                WOLFSSL_SUCCESS);
+
+    /* TLS 1.2 suites should still be present (downgrade is enabled) */
+    ExpectNotNull(ssl->suites);
+    ExpectTrue(suites_has_tls12(ssl->suites->suites, ssl->suites->suiteSz));
+    /* The TLS 1.3 suite we set should also be there */
+    ExpectTrue(suites_has_tls13(ssl->suites->suites, ssl->suites->suiteSz));
+
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+#endif
+    return EXPECT_RESULT();
+}
+
+/* Test 3: SSLv23 + SetVersion(TLS 1.2) + set TLS 1.2 cipher -> only that cipher */
+static int test_wolfSSL_set_cipher_list_tls12_with_version(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && \
+    !defined(WOLFSSL_NO_TLS12) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
+    defined(HAVE_ECC)
+    WOLFSSL_CTX* ctx = NULL;
+    WOLFSSL* ssl = NULL;
+
+#ifndef NO_WOLFSSL_CLIENT
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
+#else
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
+#endif
+
+    ExpectNotNull(ssl = wolfSSL_new(ctx));
+
+    /* Set protocol version to TLS 1.2 (this disables downgrade) */
+    ExpectIntEQ(wolfSSL_SetVersion(ssl, WOLFSSL_TLSV1_2), WOLFSSL_SUCCESS);
+
+    /* Set only a TLS 1.2 cipher suite */
+    ExpectIntEQ(wolfSSL_set_cipher_list(ssl, "ECDHE-RSA-AES128-GCM-SHA256"),
+                WOLFSSL_SUCCESS);
+
+    /* Should have only TLS 1.2 suites (no TLS 1.3) since downgrade is disabled */
+    ExpectNotNull(ssl->suites);
+    ExpectFalse(suites_has_tls13(ssl->suites->suites, ssl->suites->suiteSz));
+    /* Should have the TLS 1.2 suite we set */
+    ExpectTrue(suites_has_tls12(ssl->suites->suites, ssl->suites->suiteSz));
+    /* Should have exactly one cipher suite (2 bytes) */
+    ExpectIntEQ(ssl->suites->suiteSz, 2);
+
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+#endif
+    return EXPECT_RESULT();
+}
+
+/* Test 4: SSLv23 + SetVersion(TLS 1.3) + set TLS 1.3 cipher -> only that cipher */
+static int test_wolfSSL_set_cipher_list_tls13_with_version(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && \
+    !defined(WOLFSSL_NO_TLS12) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
+    WOLFSSL_CTX* ctx = NULL;
+    WOLFSSL* ssl = NULL;
+
+#ifndef NO_WOLFSSL_CLIENT
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
+#else
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
+#endif
+
+    ExpectNotNull(ssl = wolfSSL_new(ctx));
+
+    /* Set protocol version to TLS 1.3 (this disables downgrade) */
+    ExpectIntEQ(wolfSSL_SetVersion(ssl, WOLFSSL_TLSV1_3), WOLFSSL_SUCCESS);
+
+    /* Set only a TLS 1.3 cipher suite */
+    ExpectIntEQ(wolfSSL_set_cipher_list(ssl, "TLS_AES_128_GCM_SHA256"),
+                WOLFSSL_SUCCESS);
+
+    /* Should have only TLS 1.3 suites (no TLS 1.2) since downgrade is disabled */
+    ExpectNotNull(ssl->suites);
+    ExpectFalse(suites_has_tls12(ssl->suites->suites, ssl->suites->suiteSz));
+    /* Should have the TLS 1.3 suite we set */
+    ExpectTrue(suites_has_tls13(ssl->suites->suites, ssl->suites->suiteSz));
+    /* Should have exactly one cipher suite (2 bytes) */
+    ExpectIntEQ(ssl->suites->suiteSz, 2);
+
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+#endif
+    return EXPECT_RESULT();
+}
+
 
 static int test_wolfSSL_CTX_use_certificate(void)
 {
@@ -31522,6 +31698,10 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_SSL_CIPHER_get_xxx),
     TEST_DECL(test_wolfSSL_ERR_strings),
     TEST_DECL(test_wolfSSL_CTX_set_cipher_list_bytes),
+    TEST_DECL(test_wolfSSL_set_cipher_list_tls12_keeps_tls13),
+    TEST_DECL(test_wolfSSL_set_cipher_list_tls13_keeps_tls12),
+    TEST_DECL(test_wolfSSL_set_cipher_list_tls12_with_version),
+    TEST_DECL(test_wolfSSL_set_cipher_list_tls13_with_version),
     TEST_DECL(test_wolfSSL_CTX_use_certificate),
     TEST_DECL(test_wolfSSL_CTX_use_certificate_file),
     TEST_DECL(test_wolfSSL_CTX_use_certificate_buffer),