dtls13: WOLFSSL_DTLS13_5_9_0_COMPAT -> WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID

This commit is contained in:
Marco Oliverio
2026-05-26 08:42:15 +02:00
parent 87f8078367
commit bc574f7930
4 changed files with 9 additions and 9 deletions
+1 -1
View File
@@ -744,7 +744,7 @@ WOLFSSL_DRBG_SHA256
WOLFSSL_DTLS_DISALLOW_FUTURE
WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS
WOLFSSL_DTLS_RESEND_ONLY_TIMEOUT
WOLFSSL_DTLS13_5_9_0_COMPAT
WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID
WOLFSSL_DUMP_MEMIO_STREAM
WOLFSSL_DUP_CERTPOL
WOLFSSL_EARLY_DATA_NO_ANTI_REPLAY
+1 -1
View File
@@ -860,7 +860,7 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
nonConstSSL->options.tls1_1 = 1;
nonConstSSL->options.tls1_3 = 1;
#ifdef WOLFSSL_DTLS13_5_9_0_COMPAT
#ifdef WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID
nonConstSSL->session->sessionIDSz = (byte)ch->sessionId.size;
if (ch->sessionId.size > 0)
XMEMCPY(nonConstSSL->session->sessionID, ch->sessionId.elements,
+4 -4
View File
@@ -5776,7 +5776,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* RFC 9147 Section 5.3 / RFC 9001 Section 8.4: DTLS 1.3 and QUIC
* ServerHello must have empty legacy_session_id_echo. */
int requireEmptyEcho = 1;
#ifdef WOLFSSL_DTLS13_5_9_0_COMPAT
#ifdef WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID
/* Compat: a wolfSSL <= 5.9.0 DTLS 1.3 server echoes the client's
* legacy_session_id; accept any echo. */
if (ssl->options.dtls)
@@ -6980,7 +6980,7 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie)
/* Reconstruct the HelloRetryMessage for handshake hash. */
sessIdSz = ssl->session->sessionIDSz;
#if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_DTLS13_5_9_0_COMPAT)
#if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID)
/* RFC 9147 Section 5.3: DTLS 1.3 must use empty legacy_session_id. */
if (ssl->options.dtls)
sessIdSz = 0;
@@ -7460,7 +7460,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (sessIdSz + args->idx > helloSz)
ERROR_OUT(BUFFER_ERROR, exit_dch);
#if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_DTLS13_5_9_0_COMPAT)
#if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID)
/* RFC 9147 Section 5.3: DTLS 1.3 ServerHello must have empty
* legacy_session_id_echo. Don't store the client's value so it
* won't be echoed in SendTls13ServerHello. */
@@ -8065,7 +8065,7 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType)
WOLFSSL_BUFFER(ssl->arrays->serverRandom, RAN_LEN);
#endif
#if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_DTLS13_5_9_0_COMPAT)
#if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID)
if (ssl->options.dtls) {
/* RFC 9147 Section 5.3: DTLS 1.3 ServerHello must have empty
* legacy_session_id_echo. */
+3 -3
View File
@@ -2956,7 +2956,7 @@ int test_dtls13_no_session_id_echo(void)
EXPECT_DECLS;
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) && \
defined(HAVE_SESSION_TICKET) && defined(HAVE_ECC) && \
!defined(WOLFSSL_DTLS13_5_9_0_COMPAT)
!defined(WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID)
struct test_memio_ctx test_ctx;
WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
@@ -3032,14 +3032,14 @@ int test_dtls13_no_session_id_echo(void)
return EXPECT_RESULT();
}
/* Test that a server built with WOLFSSL_DTLS13_5_9_0_COMPAT echoes the
/* Test that a server built with WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID echoes the
* client's legacy_session_id in both the direct ServerHello path and the
* stateless HRR path (which also exercises RestartHandshakeHashWithCookie). */
int test_dtls13_5_9_0_compat(void)
{
EXPECT_DECLS;
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) && \
defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_DTLS13_5_9_0_COMPAT) && \
defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID) && \
defined(HAVE_ECC)
struct test_memio_ctx test_ctx;
WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;