fix: tls13: hash using right version when downgrading

2022-10-19 11:38:57 +02:00
parent 2c35d7f9d2
commit 173208728a
2 changed files with 4 additions and 6 deletions
--- a/src/internal.c
+++ b/src/internal.c
@@ -33049,12 +33049,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                    WOLFSSL_MSG("\tDowngrading to DTLSv1.2");
                    ssl->options.tls1_3 = 0;
                    ssl->version.minor = DTLSv1_2_MINOR;
-
-                    /* reset hashes, DTLSv1.2 will take care of the hashing
-                       later */
-                    ret = InitHandshakeHashes(ssl);
-                    if (ret != 0)
-                        return ret;
                }
                else if (pv.minor == DTLS_MINOR) {
                    WOLFSSL_MSG("\tDowngrading to DTLSv1.0");
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -5915,6 +5915,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,

    if (wantDowngrade) {
 #ifndef WOLFSSL_NO_TLS12
+        byte realMinor;
        if (!ssl->options.downgrade) {
            WOLFSSL_MSG("Client trying to connect with lesser version than "
                        "TLS v1.3");
@@ -5928,7 +5929,10 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
            ERROR_OUT(VERSION_ERROR, exit_dch);
        }

+        realMinor = ssl->version.minor;
+        ssl->version.minor = args->pv.minor;
        ret = HashInput(ssl, input + args->begin, helloSz);
+        ssl->version.minor = realMinor;
        if (ret == 0) {
            ret = DoClientHello(ssl, input, inOutIdx, helloSz);
        }