Fix a few more typos

[openssl.git] / ssl / statem / statem_lib.c
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c

index 41a375104dcb04f9dc6a17f03fab98a90e04b564..19d4b4631efefca666cad9eb64938c328f872329 100644 (file)
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1603,7 +1603,7 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
                  candidate_vers = TLS1_3_VERSION;
              /*
               * TODO(TLS1.3): There is some discussion on the TLS list about
-             * wheter to ignore versions <TLS1.2 in supported_versions. At the
+             * whether to ignore versions <TLS1.2 in supported_versions. At the
               * moment we honour them if present. To be reviewed later
               */
              if (version_cmp(s, candidate_vers, best_vers) <= 0)
@@ -1681,22 +1681,32 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
   *
   * @s: client SSL handle.
   * @version: The proposed version from the server's HELLO.
+ * @checkdgrd: Whether to check the downgrade sentinels in the server_random
+ * @al: Where to store any alert value that may be generated
   *
   * Returns 0 on success or an SSL error reason number on failure.
   */
-int ssl_choose_client_version(SSL *s, int version)
+int ssl_choose_client_version(SSL *s, int version, int checkdgrd, int *al)
  {
      const version_info *vent;
      const version_info *table;
+    int highver = 0;
  
      /* TODO(TLS1.3): Remove this before release */
      if (version == TLS1_3_VERSION_DRAFT)
          version = TLS1_3_VERSION;
  
+    if (s->hello_retry_request && version != TLS1_3_VERSION) {
+        *al = SSL_AD_PROTOCOL_VERSION;
+        return SSL_R_WRONG_SSL_VERSION;
+    }
+
      switch (s->method->version) {
      default:
-        if (version != s->version)
+        if (version != s->version) {
+            *al = SSL_AD_PROTOCOL_VERSION;
              return SSL_R_WRONG_SSL_VERSION;
+        }
          /*
           * If this SSL handle is not from a version flexible method we don't
           * (and never did) check min/max, FIPS or Suite B constraints.  Hope
@@ -1717,22 +1727,59 @@ int ssl_choose_client_version(SSL *s, int version)
          const SSL_METHOD *method;
          int err;
  
-        if (version != vent->version)
-            continue;
          if (vent->cmeth == NULL)
-            break;
-        if (s->hello_retry_request && version != TLS1_3_VERSION)
-            return SSL_R_WRONG_SSL_VERSION;
+            continue;
+
+        if (highver != 0 && version != vent->version)
+            continue;
  
          method = vent->cmeth();
          err = ssl_method_error(s, method);
-        if (err != 0)
-            return err;
+        if (err != 0) {
+            if (version == vent->version) {
+                *al = SSL_AD_PROTOCOL_VERSION;
+                return err;
+            }
+
+            continue;
+        }
+        if (highver == 0)
+            highver = vent->version;
+
+        if (version != vent->version)
+            continue;
+
+#ifndef OPENSSL_NO_TLS13DOWNGRADE
+        /* Check for downgrades */
+        if (checkdgrd) {
+            if (version == TLS1_2_VERSION && highver > version) {
+                if (memcmp(tls12downgrade,
+                           s->s3->server_random + SSL3_RANDOM_SIZE
+                                                - sizeof(tls12downgrade),
+                           sizeof(tls12downgrade)) == 0) {
+                    *al = SSL_AD_ILLEGAL_PARAMETER;
+                    return SSL_R_INAPPROPRIATE_FALLBACK;
+                }
+            } else if (!SSL_IS_DTLS(s)
+                       && version < TLS1_2_VERSION
+                       && highver > version) {
+                if (memcmp(tls11downgrade,
+                           s->s3->server_random + SSL3_RANDOM_SIZE
+                                                - sizeof(tls11downgrade),
+                           sizeof(tls11downgrade)) == 0) {
+                    *al = SSL_AD_ILLEGAL_PARAMETER;
+                    return SSL_R_INAPPROPRIATE_FALLBACK;
+                }
+            }
+        }
+#endif
+
          s->method = method;
          s->version = version;
          return 0;
      }
  
+    *al = SSL_AD_PROTOCOL_VERSION;
      return SSL_R_UNSUPPORTED_PROTOCOL;
  }