From 657a43f6629cf5296a55731af5fd80f6602679cf Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 16 Nov 2016 10:22:38 +0000 Subject: [PATCH] Fix missing SSL_IS_TLS13(s) usage We should use the macro for testing if we are using TLSv1.3 rather than checking s->version directly. Reviewed-by: Rich Salz --- ssl/record/ssl3_record.c | 2 +- ssl/statem/statem_srvr.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 181ebbbfb8..d106e3886e 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -205,7 +205,7 @@ int ssl3_get_record(SSL *s) n2s(p, rr[num_recs].length); /* Lets check version. In TLSv1.3 we ignore this field */ - if (!s->first_packet && s->version != TLS1_3_VERSION + if (!s->first_packet && !SSL_IS_TLS13(s) && version != s->version) { SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER); if ((s->version & 0xFF00) == (version & 0xFF00) diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 3c4d6ee768..97ecbcd178 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1445,7 +1445,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) } /* Check we've got a key_share for TLSv1.3 */ - if (s->version == TLS1_3_VERSION && s->s3->peer_tmp == NULL && !s->hit) { + if (SSL_IS_TLS13(s) && s->s3->peer_tmp == NULL && !s->hit) { /* No suitable share */ /* TODO(TLS1.3): Send a HelloRetryRequest */ al = SSL_AD_HANDSHAKE_FAILURE; -- 2.25.1