projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Don't do version neg on an HRR
[openssl.git]
/
ssl
/
record
/
ssl3_record.c
diff --git
a/ssl/record/ssl3_record.c
b/ssl/record/ssl3_record.c
index fa7f5d94f74f18771b0f69f0c46e659651348150..e17b2f001a96a5abbfe8c27780d6db311bff7dd8 100644
(file)
--- a/
ssl/record/ssl3_record.c
+++ b/
ssl/record/ssl3_record.c
@@
-271,8
+271,13
@@
int ssl3_get_record(SSL *s)
thisrr->type = type;
thisrr->rec_version = version;
thisrr->type = type;
thisrr->rec_version = version;
- /* Lets check version. In TLSv1.3 we ignore this field */
+ /*
+ * Lets check version. In TLSv1.3 we ignore this field. For an
+ * HRR we haven't actually selected TLSv1.3 yet, but we still
+ * treat it as TLSv1.3, so we must check for that explicitly
+ */
if (!s->first_packet && !SSL_IS_TLS13(s)
if (!s->first_packet && !SSL_IS_TLS13(s)
+ && !s->hello_retry_request
&& version != (unsigned int)s->version) {
SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER);
if ((s->version & 0xFF00) == (version & 0xFF00)
&& version != (unsigned int)s->version) {
SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER);
if ((s->version & 0xFF00) == (version & 0xFF00)
@@
-758,7
+763,7
@@
int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr)
wr->input = wr->data;
#endif
wr->input = wr->data;
#endif
- return
(1)
;
+ return
1
;
}
/*-
}
/*-
@@
-844,7
+849,7
@@
int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending)
if ((bs != 1) && !sending)
return ssl3_cbc_remove_padding(rec, bs, mac_size);
}
if ((bs != 1) && !sending)
return ssl3_cbc_remove_padding(rec, bs, mac_size);
}
- return
(1)
;
+ return
1
;
}
#define MAX_PADDING 256
}
#define MAX_PADDING 256
@@
-1703,7
+1708,7
@@
int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
/* Mark receipt of record. */
dtls1_record_bitmap_update(s, bitmap);
/* Mark receipt of record. */
dtls1_record_bitmap_update(s, bitmap);
- return
(1)
;
+ return
1
;
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
@@
-1894,6
+1899,6
@@
int dtls1_get_record(SSL *s)
goto again; /* get another record */
}
goto again; /* get another record */
}
- return
(1)
;
+ return
1
;
}
}