From 173208728a2f775ce225017ebfe5279c348b82e0 Mon Sep 17 00:00:00 2001
From: Marco Oliverio <marco@wolfssl.com>
Date: Wed, 19 Oct 2022 11:38:57 +0200
Subject: [PATCH] fix: tls13: hash using right version when downgrading

---
 src/internal.c | 6 ------
 src/tls13.c    | 4 ++++
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 99dedcb51..403b8b08e 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -33049,12 +33049,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                     WOLFSSL_MSG("\tDowngrading to DTLSv1.2");
                     ssl->options.tls1_3 = 0;
                     ssl->version.minor = DTLSv1_2_MINOR;
-
-                    /* reset hashes, DTLSv1.2 will take care of the hashing
-                       later */
-                    ret = InitHandshakeHashes(ssl);
-                    if (ret != 0)
-                        return ret;
                 }
                 else if (pv.minor == DTLS_MINOR) {
                     WOLFSSL_MSG("\tDowngrading to DTLSv1.0");
diff --git a/src/tls13.c b/src/tls13.c
index b60626215..a21c7a993 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -5915,6 +5915,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
     if (wantDowngrade) {
 #ifndef WOLFSSL_NO_TLS12
+        byte realMinor;
         if (!ssl->options.downgrade) {
             WOLFSSL_MSG("Client trying to connect with lesser version than "
                         "TLS v1.3");
@@ -5928,7 +5929,10 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             ERROR_OUT(VERSION_ERROR, exit_dch);
         }
 
+        realMinor = ssl->version.minor;
+        ssl->version.minor = args->pv.minor;
         ret = HashInput(ssl, input + args->begin, helloSz);
+        ssl->version.minor = realMinor;
         if (ret == 0) {
             ret = DoClientHello(ssl, input, inOutIdx, helloSz);
         }