]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6103993)
tls_post_encryption_processing_default() and tls_validate_record_header()
authorFrederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
Fri, 13 Oct 2023 08:06:06 +0000 (10:06 +0200)
committerTomas Mraz <tomas@openssl.org>
Thu, 9 Jan 2025 16:02:19 +0000 (17:02 +0100)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22376)

ssl/record/methods/tls_common.c patch | blob | blame | history
ssl/record/methods/tlsany_meth.c patch | blob | blame | history

diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index 80d4477bd0c06c6e8dfecafec72da634e969de22..427655d1c2918c604c3fb7da7692d1cd49e7277d 100644 (file)
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -1721,12 +1721,13 @@ int tls_post_encryption_processing_default(OSSL_RECORD_LAYER *rl,
 
     if (rl->msg_callback != NULL) {
         unsigned char *recordstart;
+        const int version1_3 = rl->isdtls ? DTLS1_3_VERSION : TLS1_3_VERSION;
 
         recordstart = WPACKET_get_curr(thispkt) - len - headerlen;
         rl->msg_callback(1, thiswr->rec_version, SSL3_RT_HEADER, recordstart,
                          headerlen, rl->cbarg);
 
-        if (rl->version == TLS1_3_VERSION && rl->enc_ctx != NULL) {
+        if (rl->version == version1_3 && rl->enc_ctx != NULL) {
             unsigned char ctype = thistempl->type;
 
             rl->msg_callback(1, thiswr->rec_version, SSL3_RT_INNER_CONTENT_TYPE,
diff --git a/ssl/record/methods/tlsany_meth.c b/ssl/record/methods/tlsany_meth.c
index 3f73f9ebdd81bd4f0cb38b7a5f18abd6269cfb9e..0cf04d7fa7b252318cad4d40788eac9e06b0b81d 100644 (file)
--- a/ssl/record/methods/tlsany_meth.c
+++ b/ssl/record/methods/tlsany_meth.c
@@ -54,6 +54,8 @@ static int tls_validate_record_header(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
             return 0;
         }
     } else {
+        const int version1_3 = rl->isdtls ? DTLS1_3_VERSION : TLS1_3_VERSION;
+
         if (rl->version == TLS_ANY_VERSION) {
             if ((rec->rec_version >> 8) != SSL3_VERSION_MAJOR) {
                 if (rl->is_first_record) {
@@ -86,7 +88,7 @@ static int tls_validate_record_header(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
                     return 0;
                 }
             }
-        } else if (rl->version == TLS1_3_VERSION) {
+        } else if (rl->version == version1_3) {
             /*
              * In this case we know we are going to negotiate TLSv1.3, but we've
              * had an HRR, so we haven't actually done so yet. In TLSv1.3 we
Mirror of https://github.com/openssl/openssl.git