mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-30 10:47:28 +02:00
Merge pull request #2043 from SparkiDev/tls13_psk_down
Fix PSK support when no PSK extension
This commit is contained in:
toddouska
GitHub
43
src/tls13.c
43
src/tls13.c
@ -3300,12 +3300,8 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
|
|||||||
WOLFSSL_ENTER("DoPreSharedKeys");
|
WOLFSSL_ENTER("DoPreSharedKeys");
|
||||||
|
|
||||||
ext = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY);
|
ext = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY);
|
||||||
if (ext == NULL) {
|
if (ext == NULL)
|
||||||
#ifdef WOLFSSL_EARLY_DATA
|
|
||||||
ssl->earlyData = no_early_data;
|
|
||||||
#endif
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
|
||||||
|
|
||||||
/* Extensions pushed on stack/list and PSK must be last. */
|
/* Extensions pushed on stack/list and PSK must be last. */
|
||||||
if (ssl->extensions != ext)
|
if (ssl->extensions != ext)
|
||||||
@ -3792,6 +3788,9 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
#ifndef WOLFSSL_NO_TLS12
|
#ifndef WOLFSSL_NO_TLS12
|
||||||
int bogusID = 0;
|
int bogusID = 0;
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef HAVE_SESSION_TICKET
|
||||||
|
int inputHashed = 0;
|
||||||
|
#endif
|
||||||
|
|
||||||
WOLFSSL_START(WC_FUNC_CLIENT_HELLO_DO);
|
WOLFSSL_START(WC_FUNC_CLIENT_HELLO_DO);
|
||||||
WOLFSSL_ENTER("DoTls13ClientHello");
|
WOLFSSL_ENTER("DoTls13ClientHello");
|
||||||
@ -3822,6 +3821,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
if (ssl->options.downgrade) {
|
if (ssl->options.downgrade) {
|
||||||
if ((ret = HashInput(ssl, input + begin, helloSz)) != 0)
|
if ((ret = HashInput(ssl, input + begin, helloSz)) != 0)
|
||||||
return ret;
|
return ret;
|
||||||
|
inputHashed = 1;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -3967,18 +3967,28 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
if (ssl->options.downgrade) {
|
if (TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY) != NULL) {
|
||||||
if ((ret = InitHandshakeHashes(ssl)) != 0)
|
if (ssl->options.downgrade) {
|
||||||
|
if ((ret = InitHandshakeHashes(ssl)) != 0)
|
||||||
|
return ret;
|
||||||
|
#ifdef HAVE_SESSION_TICKET
|
||||||
|
inputHashed = 0;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Refine list for PSK processing. */
|
||||||
|
RefineSuites(ssl, &clSuites);
|
||||||
|
|
||||||
|
/* Process the Pre-Shared Key extension if present. */
|
||||||
|
ret = DoPreSharedKeys(ssl, input + begin, helloSz, &usingPSK);
|
||||||
|
if (ret != 0)
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
/* Refine list for PSK processing. */
|
#ifdef WOLFSSL_EARLY_DATA
|
||||||
RefineSuites(ssl, &clSuites);
|
ssl->earlyData = no_early_data;
|
||||||
|
#endif
|
||||||
/* Process the Pre-Shared Key extension if present. */
|
}
|
||||||
ret = DoPreSharedKeys(ssl, input + begin, helloSz, &usingPSK);
|
|
||||||
if (ret != 0)
|
|
||||||
return ret;
|
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
#ifndef WOLFSSL_NO_TLS12
|
#ifndef WOLFSSL_NO_TLS12
|
||||||
@ -4024,11 +4034,12 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
/* May or may not have done any hashing. */
|
/* May or may not have done any hashing. */
|
||||||
if ((ret = InitHandshakeHashes(ssl)) != 0)
|
if ((ret = InitHandshakeHashes(ssl)) != 0)
|
||||||
return ret;
|
return ret;
|
||||||
|
inputHashed = 0;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef HAVE_SESSION_TICKET
|
#ifdef HAVE_SESSION_TICKET
|
||||||
if (IsAtLeastTLSv1_3(ssl->version) || !ssl->options.downgrade)
|
if (!inputHashed)
|
||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
if ((ret = HashInput(ssl, input + begin, helloSz)) != 0)
|
if ((ret = HashInput(ssl, input + begin, helloSz)) != 0)
|
||||||
|
|||||||
Reference in New Issue
Block a user