feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix call to wolfSSL_connect when in wolfSSL_connect_TLSv13

Browse Source 
If a client is:
- TLS 1.3 capable
- calls connect with wolfSSL_connect_TLSv13
- on an WOLFSSL object that allows downgrading
then the call to wolfSSL_connect should happen before changing state to HELLO_AGAIN. Otherwise wolfSSL_connect will assume that messages up to ServerHelloDone have been read (when in reality only ServerHello had been read).

Enable keying material for OpenVPN
This commit is contained in:
Juliusz Sosinowicz
2020-12-22 16:11:08 +01:00
parent ff43d39015
commit 46821196ab
2 changed files with 12 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
configure.ac
View File

@@ -4051,7 +4051,9 @@ fi
if test "$ENABLED_OPENVPN" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB -DHAVE_EX_DATA -DWOLFSSL_KEY_GEN -DWOLFSSL_OPENVPN"
ENABLED_SUPPORTED_CURVES="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_OPENVPN -DHAVE_KEYING_MATERIAL"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB -DHAVE_EX_DATA -DWOLFSSL_KEY_GEN"
fi

19
src/tls13.c
View File

@@ -7565,6 +7565,15 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
}
}
if (!ssl->options.tls1_3) {
#ifndef WOLFSSL_NO_TLS12
if (ssl->options.downgrade)
return wolfSSL_connect(ssl);
#endif
WOLFSSL_MSG("Client using higher version, fatal error");
return VERSION_ERROR;
}
ssl->options.connectState = HELLO_AGAIN;
WOLFSSL_MSG("connect state: HELLO_AGAIN");
FALL_THROUGH;
@@ -7573,16 +7582,6 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
if (ssl->options.certOnly)
return WOLFSSL_SUCCESS;
if (!ssl->options.tls1_3) {
#ifndef WOLFSSL_NO_TLS12
if (ssl->options.downgrade)
return wolfSSL_connect(ssl);
#endif
WOLFSSL_MSG("Client using higher version, fatal error");
return VERSION_ERROR;
}
if (ssl->options.serverState ==
SERVER_HELLO_RETRY_REQUEST_COMPLETE) {
#if defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT)