Sanity check the HRR version field
authorMatt Caswell <matt@openssl.org>
Fri, 13 Oct 2017 13:36:32 +0000 (14:36 +0100)
committerMatt Caswell <matt@openssl.org>
Mon, 16 Oct 2017 14:52:19 +0000 (15:52 +0100)
The previous commit removed version negotiation on an HRR. However we should
still sanity check the contents of the version field.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4527)

ssl/statem/statem_clnt.c

index fdf5d45..338325f 100644 (file)
@@ -1569,6 +1569,13 @@ static MSG_PROCESS_RETURN tls_process_hello_retry_request(SSL *s, PACKET *pkt)
         goto f_err;
     }
 
+    /* TODO(TLS1.3): Remove the TLS1_3_VERSION_DRAFT clause before release */
+    if (sversion != TLS1_3_VERSION && sversion != TLS1_3_VERSION_DRAFT) {
+        SSLerr(SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST, SSL_R_WRONG_SSL_VERSION);
+        al = SSL_AD_PROTOCOL_VERSION;
+        goto f_err;
+    }
+
     s->hello_retry_request = 1;
 
     /*