From: Frederik Wedel-Heinen Date: Fri, 20 Dec 2024 12:57:49 +0000 (+0100) Subject: Check result of set_protocol_version() and use the version passed as argument X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1465a5524118dc2d0a670a2ffd386c7cd5b28012;p=thirdparty%2Fopenssl.git Check result of set_protocol_version() and use the version passed as argument Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/26226) --- diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 10d3b864d86..4225ff0aafc 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1477,10 +1477,10 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, int ssl_set_record_protocol_version(SSL_CONNECTION *s, int vers) { if (!ossl_assert(s->rlayer.rrlmethod != NULL) - || !ossl_assert(s->rlayer.wrlmethod != NULL)) + || !ossl_assert(s->rlayer.wrlmethod != NULL) + || !s->rlayer.rrlmethod->set_protocol_version(s->rlayer.rrl, vers) + || !s->rlayer.wrlmethod->set_protocol_version(s->rlayer.wrl, vers)) return 0; - s->rlayer.rrlmethod->set_protocol_version(s->rlayer.rrl, s->version); - s->rlayer.wrlmethod->set_protocol_version(s->rlayer.wrl, s->version); return 1; } diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index a7648396f22..7a771254d9f 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1857,8 +1857,12 @@ static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL_CONNECTION *s, /* SSLfatal already called */ goto err; } - /* We are definitely going to be using TLSv1.3 */ - s->rlayer.wrlmethod->set_protocol_version(s->rlayer.wrl, version1_3); + + /* We are definitely going to be using (D)TLSv1.3 */ + if (!s->rlayer.wrlmethod->set_protocol_version(s->rlayer.wrl, version1_3)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + goto err; + } if (!tls_collect_extensions(s, extpkt, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST, &extensions, NULL, 1)