Make sure we treat records written after HRR as TLSv1.3
authorMatt Caswell <matt@openssl.org>
Thu, 30 Nov 2017 15:49:08 +0000 (15:49 +0000)
committerMatt Caswell <matt@openssl.org>
Thu, 14 Dec 2017 15:06:38 +0000 (15:06 +0000)
This fixes a bug where some CCS records were written with the wrong TLS
record version.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)

ssl/ssl_locl.h

index 0e45b92..eec5be3 100644 (file)
     (SSL_IS_TLS13(s) || (s)->early_data_state == SSL_EARLY_DATA_CONNECTING \
      || (s)->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY \
      || (s)->early_data_state == SSL_EARLY_DATA_WRITING \
-     || (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY)
+     || (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY \
+     || (s)->hello_retry_request == SSL_HRR_PENDING)
 
 # define SSL_IS_FIRST_HANDSHAKE(S) ((s)->s3->tmp.finish_md_len == 0 \
                                     || (s)->s3->tmp.peer_finish_md_len == 0)