forked from wolfSSL/wolfssl
Support (D)TLS1.3 downgrade when using PSK
DTLS Server: examples/server/server -v3 -u -s DTLS Client: examples/client/client -vd -g -u -s TLS Server: examples/server/server -v3 -s TLS Client: examples/client/client -vd -g -s Support checking for DTLS1.2 Hello Verify Request when using PSK. Unset options.tls1_3 when handling a DTLS1.2 Hello Verify Request. Unset options.tls1_3 when handling a (D)TLS1.2 Server Hello to stop checking of Encrypted Client Hello Requires ./configure --enable-all --enable-dtls13 Add in tests for DTLS1.3 and TLS1.3 downgrade when using PSK.
This commit is contained in:
Jon Shallow
@@ -28818,6 +28818,9 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
|
|||||||
if (!ssl->options.downgrade ||
|
if (!ssl->options.downgrade ||
|
||||||
ssl->options.minDowngrade <= DTLSv1_3_MINOR)
|
ssl->options.minDowngrade <= DTLSv1_3_MINOR)
|
||||||
return VERSION_ERROR;
|
return VERSION_ERROR;
|
||||||
|
|
||||||
|
/* Cannot be DTLS1.3 as HELLO_VERIFY_REQUEST */
|
||||||
|
ssl->options.tls1_3 = 0;
|
||||||
}
|
}
|
||||||
#endif /* defined(WOLFSSL_DTLS13) && defined(WOLFSSL_TLS13) */
|
#endif /* defined(WOLFSSL_DTLS13) && defined(WOLFSSL_TLS13) */
|
||||||
|
|
||||||
|
|||||||
@@ -14914,7 +14914,8 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifdef HAVE_EXTENDED_MASTER
|
#ifdef HAVE_EXTENDED_MASTER
|
||||||
if (IsAtLeastTLSv1_3(ssl->version) && msgType == hello_retry_request) {
|
if (IsAtLeastTLSv1_3(ssl->version) &&
|
||||||
|
(msgType == hello_retry_request || msgType == hello_verify_request)) {
|
||||||
/* Don't change EMS status until server_hello received.
|
/* Don't change EMS status until server_hello received.
|
||||||
* Second ClientHello must have same extensions.
|
* Second ClientHello must have same extensions.
|
||||||
*/
|
*/
|
||||||
|
|||||||
@@ -5285,6 +5285,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
}
|
}
|
||||||
|
|
||||||
ssl->version.minor = args->pv.minor;
|
ssl->version.minor = args->pv.minor;
|
||||||
|
ssl->options.tls1_3 = 0;
|
||||||
|
|
||||||
#ifdef WOLFSSL_DTLS13
|
#ifdef WOLFSSL_DTLS13
|
||||||
if (ssl->options.dtls) {
|
if (ssl->options.dtls) {
|
||||||
@@ -5386,6 +5387,9 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Force client hello version 1.2 to work for static RSA. */
|
/* Force client hello version 1.2 to work for static RSA. */
|
||||||
|
if (ssl->options.dtls)
|
||||||
|
ssl->chVersion.minor = DTLSv1_2_MINOR;
|
||||||
|
else
|
||||||
ssl->chVersion.minor = TLSv1_2_MINOR;
|
ssl->chVersion.minor = TLSv1_2_MINOR;
|
||||||
/* Complete TLS v1.2 processing of ServerHello. */
|
/* Complete TLS v1.2 processing of ServerHello. */
|
||||||
ret = CompleteServerHello(ssl);
|
ret = CompleteServerHello(ssl);
|
||||||
|
|||||||
@@ -41,3 +41,16 @@
|
|||||||
-7 2
|
-7 2
|
||||||
-u
|
-u
|
||||||
-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
|
-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
|
||||||
|
|
||||||
|
# server DTLSv1.2 - PSK
|
||||||
|
-v 3
|
||||||
|
-u
|
||||||
|
-s
|
||||||
|
-l ECDHE-PSK-AES128-GCM-SHA256
|
||||||
|
|
||||||
|
# client DTLS PSK multiversion, allow downgrade
|
||||||
|
-vd
|
||||||
|
-7 2
|
||||||
|
-u
|
||||||
|
-s
|
||||||
|
-l ECDHE-PSK-AES128-GCM-SHA256
|
||||||
|
|||||||
@@ -108,3 +108,14 @@
|
|||||||
# client TLSv 1.2
|
# client TLSv 1.2
|
||||||
-v 3
|
-v 3
|
||||||
-H exitWithRet
|
-H exitWithRet
|
||||||
|
|
||||||
|
# server TLSv1.2 - PSK
|
||||||
|
-v 3
|
||||||
|
-s
|
||||||
|
-l ECDHE-PSK-AES128-GCM-SHA256
|
||||||
|
|
||||||
|
# client TLS PSK multiversion, allow downgrade
|
||||||
|
-v d
|
||||||
|
-7 3
|
||||||
|
-s
|
||||||
|
-l ECDHE-PSK-AES128-GCM-SHA256
|
||||||
|
|||||||
Reference in New Issue
Block a user