From 61278ff3f952570a3ca06d02b07502069cd78f55 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Fri, 13 Oct 2017 14:36:32 +0100
Subject: [PATCH] Sanity check the HRR version field

The previous commit removed version negotiation on an HRR. However we should
still sanity check the contents of the version field.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4527)
---
 ssl/statem/statem_clnt.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index fdf5d451df..338325f777 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1569,6 +1569,13 @@ static MSG_PROCESS_RETURN tls_process_hello_retry_request(SSL *s, PACKET *pkt)
         goto f_err;
     }
 
+    /* TODO(TLS1.3): Remove the TLS1_3_VERSION_DRAFT clause before release */
+    if (sversion != TLS1_3_VERSION && sversion != TLS1_3_VERSION_DRAFT) {
+        SSLerr(SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST, SSL_R_WRONG_SSL_VERSION);
+        al = SSL_AD_PROTOCOL_VERSION;
+        goto f_err;
+    }
+
     s->hello_retry_request = 1;
 
     /*
-- 
2.25.1