Fix an HRR bug

Ensure that after an HRR we can only negotiate TLSv1.3 Reviewed-by: N Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)

Fix an HRR bug
Ensure that after an HRR we can only negotiate TLSv1.3 Reviewed-by: N Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
6f40214f · Matt Caswell · 597c51bc · 6f40214f
隐藏空白更改
内联并排

Showing with 7 addition and 3 deletion

ssl/statem/statem_lib.c ssl/statem/statem_lib.c +7 -3

未找到文件。
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1655,6 +1655,10 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)

    suppversions = &hello->pre_proc_exts[TLSEXT_IDX_supported_versions];

+    /* If we did an HRR then supported versions is mandatory */
+    if (!suppversions->present && s->hello_retry_request)
+        return SSL_R_UNSUPPORTED_PROTOCOL;
+
    if (suppversions->present && !SSL_IS_DTLS(s)) {
        unsigned int candidate_vers = 0;
        unsigned int best_vers = 0;
@@ -1699,10 +1703,10 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
        }

        if (best_vers > 0) {
-            if (SSL_IS_TLS13(s)) {
+            if (s->hello_retry_request) {
                /*
-                 * We get here if this is after a HelloRetryRequest. In this
-                 * case we just check that we still negotiated TLSv1.3
+                 * This is after a HelloRetryRequest so we better check that we
+                 * negotiated TLSv1.3
                 */
                if (best_vers != TLS1_3_VERSION)
                    return SSL_R_UNSUPPORTED_PROTOCOL;