From 7b7f9a4fe09465f8075d383209215c165e27a3d4 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Mon, 27 Oct 2025 15:46:15 +0100 Subject: [PATCH] dtls: Check PSK ciphersuite against local list --- src/dtls.c | 12 ++++++-- src/internal.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++ src/tls13.c | 65 +------------------------------------------- wolfssl/internal.h | 4 +++ 4 files changed, 82 insertions(+), 67 deletions(-) diff --git a/src/dtls.c b/src/dtls.c index d25f66bd0..dff1ffab3 100644 --- a/src/dtls.c +++ b/src/dtls.c @@ -732,8 +732,13 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch) /* Ask the user for the ciphersuite matching this identity */ if (TLSX_PreSharedKey_Parse_ClientHello(&parsedExts, - tlsx.elements, (word16)tlsx.size, ssl->heap) == 0) + tlsx.elements, (word16)tlsx.size, ssl->heap) == 0) { + /* suites only needs to be refined when searching for a PSK. + * MatchSuite_ex handles refining internally. */ + refineSuites(WOLFSSL_SUITES(ssl), &suites, &suites, + ssl->options.useClientOrder); FindPskSuiteFromExt(ssl, parsedExts, &pskInfo, &suites); + } /* Revert to full handshake if PSK parsing failed */ if (pskInfo.isValid) { @@ -753,8 +758,9 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch) ERROR_OUT(PSK_KEY_ERROR, dtls13_cleanup); doKE = 1; } - else if ((modes & (1 << PSK_KE)) == 0) { - ERROR_OUT(PSK_KEY_ERROR, dtls13_cleanup); + else if ((modes & (1 << PSK_KE)) == 0 || + ssl->options.onlyPskDheKe) { + ERROR_OUT(PSK_KEY_ERROR, dtls13_cleanup); } usePSK = 1; } diff --git a/src/internal.c b/src/internal.c index e58798203..a8d602a47 100644 --- a/src/internal.c +++ b/src/internal.c @@ -37424,6 +37424,74 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return 1; } + void refineSuites(const Suites* sslSuites, const Suites* peerSuites, + Suites* outSuites, byte useClientOrder) + { + byte suites[WOLFSSL_MAX_SUITE_SZ]; + word16 suiteSz = 0; + word16 i; + word16 j; + + XMEMSET(suites, 0, sizeof(suites)); + + if (!useClientOrder) { + /* Server order refining. */ + for (i = 0; i < sslSuites->suiteSz; i += 2) { + for (j = 0; j < peerSuites->suiteSz; j += 2) { + if ((sslSuites->suites[i+0] == peerSuites->suites[j+0]) && + (sslSuites->suites[i+1] == peerSuites->suites[j+1])) { + suites[suiteSz++] = peerSuites->suites[j+0]; + suites[suiteSz++] = peerSuites->suites[j+1]; + break; + } + } + if (suiteSz == WOLFSSL_MAX_SUITE_SZ) + break; + } + } + else { + /* Client order refining. */ + for (j = 0; j < peerSuites->suiteSz; j += 2) { + for (i = 0; i < sslSuites->suiteSz; i += 2) { + if ((sslSuites->suites[i+0] == peerSuites->suites[j+0]) && + (sslSuites->suites[i+1] == peerSuites->suites[j+1])) { + suites[suiteSz++] = peerSuites->suites[j+0]; + suites[suiteSz++] = peerSuites->suites[j+1]; + break; + } + } + if (suiteSz == WOLFSSL_MAX_SUITE_SZ) + break; + } + } + + outSuites->suiteSz = suiteSz; + XMEMCPY(outSuites->suites, &suites, sizeof(suites)); + #ifdef WOLFSSL_DEBUG_TLS + { + int ii; + WOLFSSL_MSG("Refined Ciphers:"); + for (ii = 0 ; ii < suites->suiteSz; ii += 2) { + WOLFSSL_MSG(GetCipherNameInternal(suites->suites[ii+0], + suites->suites[ii+1])); + } + } + #endif + } + + /* Refine list of supported cipher suites to those common to server and client. + * + * ssl SSL/TLS object. + * peerSuites The peer's advertised list of supported cipher suites. + */ + void sslRefineSuites(WOLFSSL* ssl, Suites* peerSuites) + { + if (AllocateSuites(ssl) != 0) + return; + refineSuites(ssl->suites, peerSuites, ssl->suites, + (byte)ssl->options.useClientOrder); + } + static int CompareSuites(const WOLFSSL* ssl, const Suites* suites, Suites* peerSuites, word16 i, word16 j, CipherSuite* cs, TLSX* extensions) diff --git a/src/tls13.c b/src/tls13.c index 7ee0a018d..c528363a4 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -5887,69 +5887,6 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input, #ifndef NO_WOLFSSL_SERVER #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) -/* Refine list of supported cipher suites to those common to server and client. - * - * ssl SSL/TLS object. - * peerSuites The peer's advertised list of supported cipher suites. - */ -static void RefineSuites(WOLFSSL* ssl, Suites* peerSuites) -{ - byte suites[WOLFSSL_MAX_SUITE_SZ]; - word16 suiteSz = 0; - word16 i; - word16 j; - - if (AllocateSuites(ssl) != 0) - return; - - XMEMSET(suites, 0, sizeof(suites)); - - if (!ssl->options.useClientOrder) { - /* Server order refining. */ - for (i = 0; i < ssl->suites->suiteSz; i += 2) { - for (j = 0; j < peerSuites->suiteSz; j += 2) { - if ((ssl->suites->suites[i+0] == peerSuites->suites[j+0]) && - (ssl->suites->suites[i+1] == peerSuites->suites[j+1])) { - suites[suiteSz++] = peerSuites->suites[j+0]; - suites[suiteSz++] = peerSuites->suites[j+1]; - break; - } - } - if (suiteSz == WOLFSSL_MAX_SUITE_SZ) - break; - } - } - else { - /* Client order refining. */ - for (j = 0; j < peerSuites->suiteSz; j += 2) { - for (i = 0; i < ssl->suites->suiteSz; i += 2) { - if ((ssl->suites->suites[i+0] == peerSuites->suites[j+0]) && - (ssl->suites->suites[i+1] == peerSuites->suites[j+1])) { - suites[suiteSz++] = peerSuites->suites[j+0]; - suites[suiteSz++] = peerSuites->suites[j+1]; - break; - } - } - if (suiteSz == WOLFSSL_MAX_SUITE_SZ) - break; - } - } - - ssl->suites->suiteSz = suiteSz; - XMEMCPY(ssl->suites->suites, &suites, sizeof(suites)); -#ifdef WOLFSSL_DEBUG_TLS - { - int ii; - WOLFSSL_MSG("Refined Ciphers:"); - for (ii = 0 ; ii < ssl->suites->suiteSz; ii += 2) { - WOLFSSL_MSG(GetCipherNameInternal(ssl->suites->suites[ii+0], - ssl->suites->suites[ii+1])); - } - } -#endif -} - - #ifndef NO_PSK int FindPskSuite(const WOLFSSL* ssl, PreSharedKey* psk, byte* psk_key, word32* psk_keySz, const byte* suite, int* found, byte* foundSuite) @@ -6322,7 +6259,7 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz, return ret; /* Refine list for PSK processing. */ - RefineSuites(ssl, clSuites); + sslRefineSuites(ssl, clSuites); #ifndef WOLFSSL_PSK_ONE_ID if (usingPSK == NULL) return BAD_FUNC_ARG; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index f19154063..eb4115992 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2383,6 +2383,10 @@ WOLFSSL_LOCAL void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveAES128, word16 haveSHA1, word16 haveRC4, int side); +void refineSuites(const Suites* sslSuites, const Suites* peerSuites, + Suites* outSuites, byte useClientOrder); +void sslRefineSuites(WOLFSSL* ssl, Suites* peerSuites); + typedef struct TLSX TLSX; WOLFSSL_LOCAL int MatchSuite_ex(const WOLFSSL* ssl, Suites* peerSuites, CipherSuite* cs, TLSX* extensions);