Force DTLS 1.3 when accepting fragmented CH

2023-09-07 15:14:12 +02:00 · 2023-09-07 15:14:12 +02:00 · 8da863184c
parent df8ee69075
commit 8da863184c
5 changed files with 12 additions and 5 deletions
--- a/src/dtls.c
+++ b/src/dtls.c
@ -882,7 +882,7 @@ static int ClientHelloSanityCheck(WolfSSL_CH* ch, byte isTls13)
 }

 int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz,
-        byte isFirstCHFrag)
+        byte isFirstCHFrag, byte* tls13)
 {
    int ret;
    WolfSSL_CH ch;
@ -897,6 +897,8 @@ int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz,
                "WOLFSSL_DTLS_CH_FRAG is not defined. This should not happen.");
 #endif
    }
+    if (tls13 != NULL)
+        *tls13 = 0;

    XMEMSET(&ch, 0, sizeof(ch));

@ -910,6 +912,8 @@ int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz,
        ret = TlsCheckSupportedVersion(ssl, &ch, &isTls13);
        if (ret != 0)
            return ret;
+        if (tls13 != NULL)
+            *tls13 = isTls13;
        if (isTls13) {
            int tlsxFound;
            ret = FindExtByType(&ch.cookieExt, TLSX_COOKIE, ch.extension,
--- a/src/dtls13.c
+++ b/src/dtls13.c
@ -1661,10 +1661,12 @@ static int _Dtls13HandshakeRecv(WOLFSSL* ssl, byte* input, word32 size,

    if (!isComplete && !Dtls13AcceptFragmented(ssl, handshakeType)) {
 #ifdef WOLFSSL_DTLS_CH_FRAG
+        byte tls13 = 0;
        /* check if the first CH fragment contains a valid cookie */
        if (ssl->options.dtls13ChFrag && !ssl->options.dtlsStateful &&
                isFirst && handshakeType == client_hello &&
-                DoClientHelloStateless(ssl, input + idx, fragLength, 1) == 0) {
+                DoClientHelloStateless(ssl, input + idx, fragLength, 1, &tls13)
+                    == 0 && tls13) {
            /* We can save this message and continue as stateful. */
            if (ssl->chGoodCb != NULL && !IsSCR(ssl)) {
                int cbret = ssl->chGoodCb(ssl, ssl->chGoodCtx);
--- a/src/internal.c
+++ b/src/internal.c
@ -34802,7 +34802,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
        if (IsDtlsNotSctpMode(ssl) && IsDtlsNotSrtpMode(ssl) && !IsSCR(ssl) &&
                !ssl->options.dtlsStateful) {
            DtlsSetSeqNumForReply(ssl);
-            ret = DoClientHelloStateless(ssl, input + *inOutIdx, helloSz, 0);
+            ret = DoClientHelloStateless(ssl, input + *inOutIdx, helloSz, 0,
+                    NULL);
            if (ret != 0 || !ssl->options.dtlsStateful) {
                int alertType = TranslateErrorToAlert(ret);
                if (alertType != invalid_alert) {
--- a/src/tls13.c
+++ b/src/tls13.c
@ -6653,7 +6653,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     * wolfSSL_accept_TLSv13 when changing this one. */
    if (IsDtlsNotSctpMode(ssl) && ssl->options.sendCookie &&
            !ssl->options.dtlsStateful) {
-        ret = DoClientHelloStateless(ssl, input + *inOutIdx, helloSz, 0);
+        ret = DoClientHelloStateless(ssl, input + *inOutIdx, helloSz, 0, NULL);
        if (ret != 0 || !ssl->options.dtlsStateful) {
            *inOutIdx += helloSz;
            goto exit_dch;
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -6273,7 +6273,7 @@ WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl);

 #if !defined(NO_WOLFSSL_SERVER)
    WOLFSSL_LOCAL int DoClientHelloStateless(WOLFSSL* ssl,
-            const byte* input, word32 helloSz, byte isFirstCHFrag);
+            const byte* input, word32 helloSz, byte isFirstCHFrag, byte* tls13);
 #endif /* !defined(NO_WOLFSSL_SERVER) */
 #endif /* WOLFSSL_DTLS */