Check result of set_protocol_version() and use the version passed as argument

author Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>

Fri, 20 Dec 2024 12:57:49 +0000 (13:57 +0100)

committer Tomas Mraz <tomas@openssl.org>

Thu, 2 Oct 2025 12:47:24 +0000 (14:47 +0200)
author Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
Fri, 20 Dec 2024 12:57:49 +0000 (13:57 +0100)
committer Tomas Mraz <tomas@openssl.org>
Thu, 2 Oct 2025 12:47:24 +0000 (14:47 +0200)
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c

index b6c690b3234a21d6decd4c7796f41f12a796cdba..d1ce69ba8926deb2f35c76aba5089d6498a68fac 100644 (file)
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -1483,10 +1483,10 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version,
  int ssl_set_record_protocol_version(SSL_CONNECTION *s, int vers)
  {
      if (!ossl_assert(s->rlayer.rrlmethod != NULL)
-            || !ossl_assert(s->rlayer.wrlmethod != NULL))
+            || !ossl_assert(s->rlayer.wrlmethod != NULL)
+            || !s->rlayer.rrlmethod->set_protocol_version(s->rlayer.rrl, vers)
+            || !s->rlayer.wrlmethod->set_protocol_version(s->rlayer.wrl, vers))
          return 0;
-    s->rlayer.rrlmethod->set_protocol_version(s->rlayer.rrl, s->version);
-    s->rlayer.wrlmethod->set_protocol_version(s->rlayer.wrl, s->version);
  
      return 1;
  }
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c

index f6ad40a2d7a646cd7efb476da8e37f5b99ccb921..2fadeb88112897870bb3efb1942adeac28a68589 100644 (file)
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1877,8 +1877,12 @@ static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL_CONNECTION *s,
          /* SSLfatal already called */
          goto err;
      }
-    /* We are definitely going to be using TLSv1.3 */
-    s->rlayer.wrlmethod->set_protocol_version(s->rlayer.wrl, version1_3);
+
+    /* We are definitely going to be using (D)TLSv1.3 */
+    if (!s->rlayer.wrlmethod->set_protocol_version(s->rlayer.wrl, version1_3)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
  
      if (!tls_collect_extensions(s, extpkt, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST,
                                  &extensions, NULL, 1)
author	Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
	Fri, 20 Dec 2024 12:57:49 +0000 (13:57 +0100)
committer	Tomas Mraz <tomas@openssl.org>
	Thu, 2 Oct 2025 12:47:24 +0000 (14:47 +0200)
ssl/record/rec_layer_s3.c		patch \| blob \| blame \| history
ssl/statem/statem_clnt.c		patch \| blob \| blame \| history