From 8da863184cd14105e560fb2516847f7527c60f63 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Thu, 7 Sep 2023 15:14:12 +0200 Subject: [PATCH] Force DTLS 1.3 when accepting fragmented CH --- src/dtls.c | 6 +++++- src/dtls13.c | 4 +++- src/internal.c | 3 ++- src/tls13.c | 2 +- wolfssl/internal.h | 2 +- 5 files changed, 12 insertions(+), 5 deletions(-) diff --git a/src/dtls.c b/src/dtls.c index aa7ba3155..464fd1499 100644 --- a/src/dtls.c +++ b/src/dtls.c @@ -882,7 +882,7 @@ static int ClientHelloSanityCheck(WolfSSL_CH* ch, byte isTls13) } int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz, - byte isFirstCHFrag) + byte isFirstCHFrag, byte* tls13) { int ret; WolfSSL_CH ch; @@ -897,6 +897,8 @@ int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz, "WOLFSSL_DTLS_CH_FRAG is not defined. This should not happen."); #endif } + if (tls13 != NULL) + *tls13 = 0; XMEMSET(&ch, 0, sizeof(ch)); @@ -910,6 +912,8 @@ int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz, ret = TlsCheckSupportedVersion(ssl, &ch, &isTls13); if (ret != 0) return ret; + if (tls13 != NULL) + *tls13 = isTls13; if (isTls13) { int tlsxFound; ret = FindExtByType(&ch.cookieExt, TLSX_COOKIE, ch.extension, diff --git a/src/dtls13.c b/src/dtls13.c index 42c7ca7bd..c7df75f61 100644 --- a/src/dtls13.c +++ b/src/dtls13.c @@ -1661,10 +1661,12 @@ static int _Dtls13HandshakeRecv(WOLFSSL* ssl, byte* input, word32 size, if (!isComplete && !Dtls13AcceptFragmented(ssl, handshakeType)) { #ifdef WOLFSSL_DTLS_CH_FRAG + byte tls13 = 0; /* check if the first CH fragment contains a valid cookie */ if (ssl->options.dtls13ChFrag && !ssl->options.dtlsStateful && isFirst && handshakeType == client_hello && - DoClientHelloStateless(ssl, input + idx, fragLength, 1) == 0) { + DoClientHelloStateless(ssl, input + idx, fragLength, 1, &tls13) + == 0 && tls13) { /* We can save this message and continue as stateful. */ if (ssl->chGoodCb != NULL && !IsSCR(ssl)) { int cbret = ssl->chGoodCb(ssl, ssl->chGoodCtx); diff --git a/src/internal.c b/src/internal.c index 816301935..dd4c26e40 100644 --- a/src/internal.c +++ b/src/internal.c @@ -34802,7 +34802,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (IsDtlsNotSctpMode(ssl) && IsDtlsNotSrtpMode(ssl) && !IsSCR(ssl) && !ssl->options.dtlsStateful) { DtlsSetSeqNumForReply(ssl); - ret = DoClientHelloStateless(ssl, input + *inOutIdx, helloSz, 0); + ret = DoClientHelloStateless(ssl, input + *inOutIdx, helloSz, 0, + NULL); if (ret != 0 || !ssl->options.dtlsStateful) { int alertType = TranslateErrorToAlert(ret); if (alertType != invalid_alert) { diff --git a/src/tls13.c b/src/tls13.c index c5fb53caa..a4c794b28 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -6653,7 +6653,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, * wolfSSL_accept_TLSv13 when changing this one. */ if (IsDtlsNotSctpMode(ssl) && ssl->options.sendCookie && !ssl->options.dtlsStateful) { - ret = DoClientHelloStateless(ssl, input + *inOutIdx, helloSz, 0); + ret = DoClientHelloStateless(ssl, input + *inOutIdx, helloSz, 0, NULL); if (ret != 0 || !ssl->options.dtlsStateful) { *inOutIdx += helloSz; goto exit_dch; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 32ccb8979..1e069b380 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -6273,7 +6273,7 @@ WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl); #if !defined(NO_WOLFSSL_SERVER) WOLFSSL_LOCAL int DoClientHelloStateless(WOLFSSL* ssl, - const byte* input, word32 helloSz, byte isFirstCHFrag); + const byte* input, word32 helloSz, byte isFirstCHFrag, byte* tls13); #endif /* !defined(NO_WOLFSSL_SERVER) */ #endif /* WOLFSSL_DTLS */