feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

TLS !.3: restrict extension validity by message

Browse Source 
Extensions ServerName, SupportedGroups and ALPN must not appear in
server_hello.
Removed server_hello from the valid checks.
This commit is contained in:
Sean Parkinson
2022-08-05 08:26:09 +10:00
parent 56be09005f
commit c35b47f265
1 changed files with 0 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/tls.c
View File

@ -12011,7 +12011,6 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
#if defined(WOLFSSL_TLS13) && defined(HAVE_SNI)
if (IsAtLeastTLSv1_3(ssl->version) &&
msgType != client_hello &&
msgType != server_hello &&
msgType != encrypted_extensions) {
return EXT_NOT_ALLOWED;
}
@ -12082,7 +12081,6 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
if (IsAtLeastTLSv1_3(ssl->version) &&
msgType != client_hello &&
msgType != server_hello &&
msgType != encrypted_extensions) {
return EXT_NOT_ALLOWED;
}
@ -12201,7 +12199,6 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
#if defined(WOLFSSL_TLS13) && defined(HAVE_ALPN)
if (IsAtLeastTLSv1_3(ssl->version) &&
msgType != client_hello &&
msgType != server_hello &&
msgType != encrypted_extensions) {
return EXT_NOT_ALLOWED;
}