From 103a0d351bfd9c118c19d41c590207b52adffce2 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Tue, 21 Aug 2018 09:32:38 +1000 Subject: [PATCH] Send EC poiint format extension if downgradable from TLS 1.3 --- src/tls.c | 28 ++++++++-------------------- 1 file changed, 8 insertions(+), 20 deletions(-) diff --git a/src/tls.c b/src/tls.c index 434abedef..8acd13f06 100644 --- a/src/tls.c +++ b/src/tls.c @@ -9010,28 +9010,16 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) ret = TLSX_PopulateSupportedGroups(ssl, &ssl->extensions); if (ret != WOLFSSL_SUCCESS) return ret; - if (!IsAtLeastTLSv1_3(ssl->version) && - TLSX_Find(ssl->ctx->extensions, - TLSX_EC_POINT_FORMATS) == NULL && - TLSX_Find(ssl->extensions, - TLSX_EC_POINT_FORMATS) == NULL) { - ret = TLSX_UsePointFormat(&ssl->extensions, - WOLFSSL_EC_PF_UNCOMPRESSED, - ssl->heap); - if (ret != WOLFSSL_SUCCESS) - return ret; - } - } - else if (!IsAtLeastTLSv1_3(ssl->version) && - TLSX_Find(ssl->ctx->extensions, - TLSX_EC_POINT_FORMATS) == NULL) { - ret = TLSX_UsePointFormat(&ssl->ctx->extensions, - WOLFSSL_EC_PF_UNCOMPRESSED, - ssl->heap); - if (ret != WOLFSSL_SUCCESS) - return ret; } } + if ((!IsAtLeastTLSv1_3(ssl->version) || ssl->options.downgrade) && + TLSX_Find(ssl->ctx->extensions, TLSX_EC_POINT_FORMATS) == NULL && + TLSX_Find(ssl->extensions, TLSX_EC_POINT_FORMATS) == NULL) { + ret = TLSX_UsePointFormat(&ssl->extensions, + WOLFSSL_EC_PF_UNCOMPRESSED, ssl->heap); + if (ret != WOLFSSL_SUCCESS) + return ret; + } #endif /* (HAVE_ECC || HAVE_CURVE25519) && HAVE_SUPPORTED_CURVES */ } /* is not server */