projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Don't do version neg on an HRR
[openssl.git] / ssl / record / ssl3_record.c
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index fa7f5d94f74f18771b0f69f0c46e659651348150..e17b2f001a96a5abbfe8c27780d6db311bff7dd8 100644 (file)
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -271,8 +271,13 @@ int ssl3_get_record(SSL *s)
                 thisrr->type = type;
                 thisrr->rec_version = version;
 
                 thisrr->type = type;
                 thisrr->rec_version = version;
 
-                /* Lets check version. In TLSv1.3 we ignore this field */
+                /*
+                 * Lets check version. In TLSv1.3 we ignore this field. For an
+                 * HRR we haven't actually selected TLSv1.3 yet, but we still
+                 * treat it as TLSv1.3, so we must check for that explicitly
+                 */
                 if (!s->first_packet && !SSL_IS_TLS13(s)
                 if (!s->first_packet && !SSL_IS_TLS13(s)
+                        && !s->hello_retry_request
                         && version != (unsigned int)s->version) {
                     SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER);
                     if ((s->version & 0xFF00) == (version & 0xFF00)
                         && version != (unsigned int)s->version) {
                     SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER);
                     if ((s->version & 0xFF00) == (version & 0xFF00)
@@ -758,7 +763,7 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr)
 
     wr->input = wr->data;
 #endif
 
     wr->input = wr->data;
 #endif
-    return (1);
+    return 1;
 }
 
 /*-
 }
 
 /*-
@@ -844,7 +849,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending)
         if ((bs != 1) && !sending)
             return ssl3_cbc_remove_padding(rec, bs, mac_size);
     }
         if ((bs != 1) && !sending)
             return ssl3_cbc_remove_padding(rec, bs, mac_size);
     }
-    return (1);
+    return 1;
 }
 
 #define MAX_PADDING 256
 }
 
 #define MAX_PADDING 256
@@ -1703,7 +1708,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
     /* Mark receipt of record. */
     dtls1_record_bitmap_update(s, bitmap);
 
     /* Mark receipt of record. */
     dtls1_record_bitmap_update(s, bitmap);
 
-    return (1);
+    return 1;
 
  f_err:
     ssl3_send_alert(s, SSL3_AL_FATAL, al);
 
  f_err:
     ssl3_send_alert(s, SSL3_AL_FATAL, al);
@@ -1894,6 +1899,6 @@ int dtls1_get_record(SSL *s)
         goto again;             /* get another record */
     }
 
         goto again;             /* get another record */
     }
 
-    return (1);
+    return 1;
 
 }
 
 }
Unnamed repository; edit this file 'description' to name the repository.