From fd4836772bd263a7b6576aab9bcd2dd140b5ac65 Mon Sep 17 00:00:00 2001 From: Marco Oliverio Date: Mon, 4 Jul 2022 17:00:15 +0200 Subject: [PATCH] examples: support DTLS version downgrading --- examples/client/client.c | 36 +++++++++++++++++++++++++++++++++--- examples/server/server.c | 11 +++++++---- 2 files changed, 40 insertions(+), 7 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index c39e6ba1d..c88dde320 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -2802,7 +2802,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) err_sys("Bad DTLS version"); #endif /* WOLFSSL_DTLS13 */ } - else + else if (version == 2) version = -1; } } @@ -2859,7 +2859,16 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #endif case CLIENT_DOWNGRADE_VERSION: - method = wolfSSLv23_client_method_ex; + if (!doDTLS) { + method = wolfSSLv23_client_method_ex; + } + else { +#ifdef WOLFSSL_DTLS + method = wolfDTLS_client_method_ex; +#else + err_sys("version not supported"); +#endif /* WOLFSSL_DTLS */ + } break; #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) case EITHER_DOWNGRADE_VERSION: @@ -2934,7 +2943,28 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) } #endif if (minVersion != CLIENT_INVALID_VERSION) { - wolfSSL_CTX_SetMinVersion(ctx, minVersion); +#ifdef WOLFSSL_DTLS + if (doDTLS) { + switch (minVersion) { + case 4: +#ifdef WOLFSSL_DTLS13 + minVersion = WOLFSSL_DTLSV1_3; + break; +#else + err_sys("invalid minimum downgrade version"); + break; +#endif /* WOLFSSL_DTLS13 */ + case 3: + minVersion = WOLFSSL_DTLSV1_2; + break; + case 2: + minVersion = WOLFSSL_DTLSV1; + break; + } + } +#endif /* WOLFSSL_DTLS */ + if (wolfSSL_CTX_SetMinVersion(ctx, minVersion) != WOLFSSL_SUCCESS) + err_sys("can't set minimum downgrade version"); } if (simulateWantWrite) { #ifdef USE_WOLFSSL_IO diff --git a/examples/server/server.c b/examples/server/server.c index 864228a99..f3ff44469 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -2265,11 +2265,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) method = wolfSSLv23_server_method_ex; } else { -#ifdef WOLFSSL_DTLS13 +#ifdef WOLFSSL_DTLS method = wolfDTLS_server_method_ex; #else err_sys_ex(runWithErrors, "version not supported"); -#endif /* WOLFSSL_DTLS13 */ +#endif /* WOLFSSL_DTLS */ } break; #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) @@ -2341,12 +2341,14 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) err_sys_ex(catastrophic, "unable to get ctx"); if (minVersion != SERVER_INVALID_VERSION) { -#ifdef WOLFSSL_DTLS13 +#ifdef WOLFSSL_DTLS if (doDTLS) { switch (minVersion) { +#ifdef WOLFSSL_DTLS13 case 4: minVersion = WOLFSSL_DTLSV1_3; break; +#endif /* WOLFSSL_DTLS13 */ case 3: minVersion = WOLFSSL_DTLSV1_2; break; @@ -2356,7 +2358,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) } } #endif /* WOLFSSL_DTLS13 */ - wolfSSL_CTX_SetMinVersion(ctx, minVersion); + if (wolfSSL_CTX_SetMinVersion(ctx, minVersion) != WOLFSSL_SUCCESS) + err_sys_ex(catastrophic, "can't set minimum downgrade version"); } #ifdef OPENSSL_COMPATIBLE_DEFAULTS