wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-05 13:44:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: tls13: hash using right version when downgrading

Browse Source
This commit is contained in:
Marco Oliverio
2022-10-19 11:38:57 +02:00
parent 2c35d7f9d2
commit 173208728a
2 changed files with 4 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/internal.c
View File

@@ -33049,12 +33049,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
WOLFSSL_MSG("\tDowngrading to DTLSv1.2"); WOLFSSL_MSG("\tDowngrading to DTLSv1.2");
ssl->options.tls1_3 = 0; ssl->options.tls1_3 = 0;
ssl->version.minor = DTLSv1_2_MINOR; ssl->version.minor = DTLSv1_2_MINOR;
/* reset hashes, DTLSv1.2 will take care of the hashing
later */
ret = InitHandshakeHashes(ssl);
if (ret != 0)
return ret;
} }
else if (pv.minor == DTLS_MINOR) { else if (pv.minor == DTLS_MINOR) {
WOLFSSL_MSG("\tDowngrading to DTLSv1.0"); WOLFSSL_MSG("\tDowngrading to DTLSv1.0");

4
src/tls13.c
View File

@@ -5915,6 +5915,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (wantDowngrade) { if (wantDowngrade) {
#ifndef WOLFSSL_NO_TLS12 #ifndef WOLFSSL_NO_TLS12
byte realMinor;
if (!ssl->options.downgrade) { if (!ssl->options.downgrade) {
WOLFSSL_MSG("Client trying to connect with lesser version than " WOLFSSL_MSG("Client trying to connect with lesser version than "
"TLS v1.3"); "TLS v1.3");
@@ -5928,7 +5929,10 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ERROR_OUT(VERSION_ERROR, exit_dch); ERROR_OUT(VERSION_ERROR, exit_dch);
} }
realMinor = ssl->version.minor;
ssl->version.minor = args->pv.minor;
ret = HashInput(ssl, input + args->begin, helloSz); ret = HashInput(ssl, input + args->begin, helloSz);
ssl->version.minor = realMinor;
if (ret == 0) { if (ret == 0) {
ret = DoClientHello(ssl, input, inOutIdx, helloSz); ret = DoClientHello(ssl, input, inOutIdx, helloSz);
} }