Address some review feedback comments for supported_versions (16bce0e0) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

ssl/statem/statem_clnt.c

+4 −3

Original line number	Diff line number	Diff line
		@@ -781,10 +781,11 @@ int tls_construct_client_hello(SSL s, WPACKET pkt)
		* the negotiated version.
		*
		* For TLS 1.3 we always set the ClientHello version to 1.2 and rely on the
		* supported_versions extension for the reall supported versions.
		* supported_versions extension for the real supported versions.
		*/
		if (!WPACKET_put_bytes_u16(pkt,
		(!SSL_IS_DTLS(s) && s->client_version >= TLS1_3_VERSION)
		(!SSL_IS_DTLS(s)
		&& s->client_version >= TLS1_3_VERSION)
		? TLS1_2_VERSION : s->client_version)
		\|\| !WPACKET_memcpy(pkt, s->s3->client_random, SSL3_RANDOM_SIZE)) {
		SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);

+3 −3

Original line number	Diff line number	Diff line
		@@ -1036,8 +1036,7 @@ int ssl_choose_server_version(SSL s, CLIENTHELLO_MSG hello)
		const SSL_METHOD *best_method = NULL;
		PACKET versionslist;

		if (!PACKET_get_length_prefixed_1(&suppversions->data, &versionslist)
		\|\| PACKET_remaining(&suppversions->data) != 0) {
		if (!PACKET_as_length_prefixed_1(&suppversions->data, &versionslist)) {
		/* Trailing or invalid data? */
		return SSL_R_LENGTH_MISMATCH;
		}
		@@ -1052,7 +1051,8 @@ int ssl_choose_server_version(SSL s, CLIENTHELLO_MSG hello)
		continue;
		for (vent = table;
		vent->version != 0 && vent->version != (int)candidate_vers;
		++vent);
		++vent)
		;
		if (vent->version != 0) {
		const SSL_METHOD *method;

+0 −2

Original line number	Diff line number	Diff line
		@@ -1371,8 +1371,6 @@ int ssl_add_clienthello_tlsext(SSL s, WPACKET pkt, int *al)
		return 0;
		}


		/* TODO(TLS1.3): Should we add this extension for versions < TLS1.3? */
		if (!SSL_IS_DTLS(s) && s->version >= TLS1_3_VERSION) {
		int min_version, max_version, reason, currv;
		if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions)