]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ac837d4)
Remove some use of SSL object from record layer
authorMatt Caswell <matt@openssl.org>
Thu, 19 May 2022 15:58:45 +0000 (16:58 +0100)
committerMatt Caswell <matt@openssl.org>
Thu, 18 Aug 2022 15:38:12 +0000 (16:38 +0100)
Remove SSL_IS_TLS13() and hello_retry_request

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

ssl/record/methods/tls_common.c patch | blob | blame | history
ssl/statem/extensions_clnt.c patch | blob | blame | history
ssl/statem/statem_clnt.c patch | blob | blame | history

diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index 703a9e0715e7a6bd8a4add191c384f1b48641495..681a830eb9f955a78bbbb38adf6ea4f279abd8d2 100644 (file)
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -616,7 +616,8 @@ static int tls_get_more_records(OSSL_RECORD_LAYER *rl,
 
     if (num_recs == 1
             && thisrr->type == SSL3_RT_CHANGE_CIPHER_SPEC
-            && (SSL_CONNECTION_IS_TLS13(s) || s->hello_retry_request != SSL_HRR_NONE)
+               /* The following can happen in tlsany_meth after HRR */
+            && rl->version == TLS1_3_VERSION
             && rl->is_first_handshake) {
         /*
          * CCS messages must be exactly 1 byte long, containing the value 0x01
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 74ecbe527a057c4ac9b686b4be5b2fd14c56d09b..4f98e6de091a8d157432bd88abf54f975f14b765 100644 (file)
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -1769,6 +1769,7 @@ int tls_parse_stoc_supported_versions(SSL_CONNECTION *s, PACKET *pkt,
 
     /* We just set it here. We validate it in ssl_choose_client_version */
     s->version = version;
+    s->rrlmethod->set_protocol_version(s->rrl, version);
 
     return 1;
 }
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 2f2043671aa72f8c66cfe3be4cb163e6978aaf2b..1c7d75c10ccda65a2776785cecadd964f973f741 100644 (file)
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1416,6 +1416,8 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt)
             goto err;
         }
         s->hello_retry_request = SSL_HRR_PENDING;
+        /* Tell the record layer that we know we're going to get TLSv1.3 */
+        s->rrlmethod->set_protocol_version(s->rrl, s->version);
         hrr = 1;
         if (!PACKET_forward(pkt, SSL3_RANDOM_SIZE)) {
             SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH);
Mirror of https://github.com/openssl/openssl.git