Commit 657a43f6 authored by Matt Caswell's avatar Matt Caswell
Browse files

Fix missing SSL_IS_TLS13(s) usage 



We should use the macro for testing if we are using TLSv1.3 rather than
checking s->version directly.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent 86ff6cc6

ssl/record/ssl3_record.c

+1 −1
Original line number Diff line number Diff line
@@ -205,7 +205,7 @@ int ssl3_get_record(SSL *s) 
                n2s(p, rr[num_recs].length);



                /* Lets check version. In TLSv1.3 we ignore this field */

                if (!s->first_packet && s->version != TLS1_3_VERSION

                if (!s->first_packet && !SSL_IS_TLS13(s)

                        && version != s->version) {

                    SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER);

                    if ((s->version & 0xFF00) == (version & 0xFF00)

ssl/statem/statem_srvr.c

+1 −1
Original line number Diff line number Diff line
@@ -1445,7 +1445,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) 
    }



    /* Check we've got a key_share for TLSv1.3 */

    if (s->version == TLS1_3_VERSION && s->s3->peer_tmp == NULL && !s->hit) {

    if (SSL_IS_TLS13(s) && s->s3->peer_tmp == NULL && !s->hit) {

        /* No suitable share */

        /* TODO(TLS1.3): Send a HelloRetryRequest */

        al = SSL_AD_HANDSHAKE_FAILURE;