From: Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
Date: Fri, 13 Oct 2023 08:06:06 +0000 (+0200)
Subject: tls_post_encryption_processing_default() and tls_validate_record_header()
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e41c916a229cb4f981bc6a8314a5cfe2849a4c40;p=thirdparty%2Fopenssl.git

tls_post_encryption_processing_default() and tls_validate_record_header()

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22376)
---

diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index 80d4477bd0c..427655d1c29 100644
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -1721,12 +1721,13 @@ int tls_post_encryption_processing_default(OSSL_RECORD_LAYER *rl,
 
     if (rl->msg_callback != NULL) {
         unsigned char *recordstart;
+        const int version1_3 = rl->isdtls ? DTLS1_3_VERSION : TLS1_3_VERSION;
 
         recordstart = WPACKET_get_curr(thispkt) - len - headerlen;
         rl->msg_callback(1, thiswr->rec_version, SSL3_RT_HEADER, recordstart,
                          headerlen, rl->cbarg);
 
-        if (rl->version == TLS1_3_VERSION && rl->enc_ctx != NULL) {
+        if (rl->version == version1_3 && rl->enc_ctx != NULL) {
             unsigned char ctype = thistempl->type;
 
             rl->msg_callback(1, thiswr->rec_version, SSL3_RT_INNER_CONTENT_TYPE,
diff --git a/ssl/record/methods/tlsany_meth.c b/ssl/record/methods/tlsany_meth.c
index 3f73f9ebdd8..0cf04d7fa7b 100644
--- a/ssl/record/methods/tlsany_meth.c
+++ b/ssl/record/methods/tlsany_meth.c
@@ -54,6 +54,8 @@ static int tls_validate_record_header(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
             return 0;
         }
     } else {
+        const int version1_3 = rl->isdtls ? DTLS1_3_VERSION : TLS1_3_VERSION;
+
         if (rl->version == TLS_ANY_VERSION) {
             if ((rec->rec_version >> 8) != SSL3_VERSION_MAJOR) {
                 if (rl->is_first_record) {
@@ -86,7 +88,7 @@ static int tls_validate_record_header(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
                     return 0;
                 }
             }
-        } else if (rl->version == TLS1_3_VERSION) {
+        } else if (rl->version == version1_3) {
             /*
              * In this case we know we are going to negotiate TLSv1.3, but we've
              * had an HRR, so we haven't actually done so yet. In TLSv1.3 we