mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes from code review

Browse Source 
If doing TLS v1.3 and version on ServerHello is below TLS v1.2 then
handle message with old code.
If doing TLS v1.3, downgrading and version ClientHello is less than
minimum downgrade then this is a version error.
This commit is contained in:
Sean Parkinson 2018-03-08 09:00:36 +10:00
parent 317c890961
commit d35a3f1e69
2 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/tls.c
View File

@ -4641,10 +4641,9 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL *ssl, byte* input,
if (!ssl->options.downgrade)
continue;
#ifdef NO_OLD_TLS
if (minor < TLSv1_2_MINOR)
if (minor < ssl->options.minDowngrade)
continue;
#endif
/* Downgrade the version. */
ssl->version.minor = minor;
}
@ -4695,10 +4694,9 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL *ssl, byte* input,
if (!ssl->options.downgrade)
return VERSION_ERROR;
#ifdef NO_OLD_TLS
if (minor < TLSv1_2_MINOR)
if (minor < ssl->options.minDowngrade)
return VERSION_ERROR;
#endif
/* Downgrade the version. */
ssl->version.minor = minor;
}

8
src/tls13.c
View File

@ -2643,6 +2643,11 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
return VERSION_ERROR;
}
#else
if (pv.major == ssl->version.major && pv.minor < TLSv1_2_MINOR &&
ssl->options.downgrade) {
ssl->version = pv;
return DoServerHello(ssl, input, inOutIdx, helloSz);
}
if (pv.major != ssl->version.major || pv.minor != TLSv1_2_MINOR)
return VERSION_ERROR;
#endif
@ -3626,6 +3631,9 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
"TLS v1.3");
return VERSION_ERROR;
}
if (pv.minor < ssl->options.minDowngrade)
return VERSION_ERROR;
ssl->version.minor = pv.minor;
}