diff options
| author | Frantisek Krenzelok <krenzelok.frantisek@gmail.com> | 2023-02-27 16:45:58 +0100 |
|---|---|---|
| committer | Frantisek Krenzelok <krenzelok.frantisek@gmail.com> | 2023-02-27 16:45:58 +0100 |
| commit | 4e7151f8800bd4f7b94509b1eca2d71ea5e3d15b (patch) | |
| tree | 8f7166e46654ac85dde4997c869e49d823ea6603 | |
| parent | e3b2640ea82f5a59c3cfd516014922816ac8f1be (diff) | |
| download | gnutls-wip/dtls13.tar.gz | |
DTLS1_3: server supportwip/dtls13
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
| -rw-r--r-- | lib/handshake.c | 16 | ||||
| -rw-r--r-- | lib/tls13/hello_retry.c | 9 |
2 files changed, 19 insertions, 6 deletions
diff --git a/lib/handshake.c b/lib/handshake.c index 72f531da13..46df6c5e9e 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -471,12 +471,12 @@ _gnutls_negotiate_version(gnutls_session_t session, if (aversion == NULL || _gnutls_nversion_is_supported(session, major, minor) == 0) { - if (aversion && aversion->id == GNUTLS_TLS1_2) { + if (aversion && (aversion->id == GNUTLS_TLS1_2 || aversion->id == GNUTLS_DTLS1_2)) { vers = _gnutls_version_max(session); if (unlikely(vers == NULL)) return gnutls_assert_val(GNUTLS_E_NO_CIPHER_SUITES); - if (vers->id >= GNUTLS_TLS1_2) { + if (vers->id >= GNUTLS_TLS1_2 || vers->id >= GNUTLS_DTLS1_2) { session->security_parameters.pversion = aversion; return 0; } @@ -2481,8 +2481,13 @@ int _gnutls_send_server_hello(gnutls_session_t session, int again) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); if (vers->tls13_sem) { - vbytes[0] = 0x03; /* TLS1.2 */ - vbytes[1] = 0x03; + if (IS_DTLS(session)) { + vbytes[0] = 0xfe; /* DTLS1.2 */ + vbytes[1] = 0xfd; + } else { + vbytes[0] = 0x03; /* TLS1.2 */ + vbytes[1] = 0x03; + } extflag |= GNUTLS_EXT_FLAG_TLS13_SERVER_HELLO; } else { vbytes[0] = vers->major; @@ -3572,7 +3577,8 @@ static int handshake_server(gnutls_session_t session) STATE = STATE1; } - if (ret == GNUTLS_E_NO_COMMON_KEY_SHARE) { + ver = _gnutls_version_max(session); + if (ret == GNUTLS_E_NO_COMMON_KEY_SHARE || (ver->tls13_sem && IS_DTLS(session))) { STATE = STATE90; session->internals.hsk_flags |= HSK_HRR_SENT; goto reset; diff --git a/lib/tls13/hello_retry.c b/lib/tls13/hello_retry.c index 1226733329..e20cbed210 100644 --- a/lib/tls13/hello_retry.c +++ b/lib/tls13/hello_retry.c @@ -35,7 +35,14 @@ int _gnutls13_send_hello_retry_request(gnutls_session_t session, unsigned again) mbuffer_st *bufel = NULL; gnutls_buffer_st buf; const version_entry_st *ver; - const uint8_t vbuf[2] = {0x03, 0x03}; + uint8_t vbuf[2]; + if (IS_DTLS(session)) { + vbuf[0] = 0xfe; + vbuf[1] = 0xfd; + } else { + vbuf[0] = 0x03; + vbuf[1] = 0x03; + } if (again == 0) { ver = get_version(session); |