X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Frecord%2Fssl3_record.c;h=e17b2f001a96a5abbfe8c27780d6db311bff7dd8;hp=fa7f5d94f74f18771b0f69f0c46e659651348150;hb=a2b97bdf3dbbd255ee24aa8a74cf88d4f7034898;hpb=add8d0e9e0bb80728f4b89d15573bf2e70596ceb diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index fa7f5d94f7..e17b2f001a 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -271,8 +271,13 @@ int ssl3_get_record(SSL *s) thisrr->type = type; thisrr->rec_version = version; - /* Lets check version. In TLSv1.3 we ignore this field */ + /* + * Lets check version. In TLSv1.3 we ignore this field. For an + * HRR we haven't actually selected TLSv1.3 yet, but we still + * treat it as TLSv1.3, so we must check for that explicitly + */ if (!s->first_packet && !SSL_IS_TLS13(s) + && !s->hello_retry_request && version != (unsigned int)s->version) { SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER); if ((s->version & 0xFF00) == (version & 0xFF00) @@ -758,7 +763,7 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr) wr->input = wr->data; #endif - return (1); + return 1; } /*- @@ -844,7 +849,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending) if ((bs != 1) && !sending) return ssl3_cbc_remove_padding(rec, bs, mac_size); } - return (1); + return 1; } #define MAX_PADDING 256 @@ -1703,7 +1708,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) /* Mark receipt of record. */ dtls1_record_bitmap_update(s, bitmap); - return (1); + return 1; f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); @@ -1894,6 +1899,6 @@ int dtls1_get_record(SSL *s) goto again; /* get another record */ } - return (1); + return 1; }