tls_process_server_hello: Disallow repeated HRR

Repeated HRR must be rejected. Fixes #17934 Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17936) (cherry picked from commit d204a50b898435fbf937316d5693008cebf62eef)
author: Tomas Mraz <tomas@openssl.org> 2022-03-22 12:34:07 +0100
committer: Tomas Mraz <tomas@openssl.org> 2022-03-30 11:35:33 +0200
commit: 3ea839373e2428ffed8dda44f11c60b6ba8aeb88 (patch)
tree: 901e582534904fae5f3bb1de09e9c5ede3e55524
parent: 20de516cd303b3c1e4b61272988a9a4ac054f2fa (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 0dc8ee5ad7..2f68b15d92 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1395,6 +1395,10 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
             && sversion == TLS1_2_VERSION
             && PACKET_remaining(pkt) >= SSL3_RANDOM_SIZE
             && memcmp(hrrrandom, PACKET_data(pkt), SSL3_RANDOM_SIZE) == 0) {
+        if (s->hello_retry_request != SSL_HRR_NONE) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
+            goto err;
+        }
         s->hello_retry_request = SSL_HRR_PENDING;
         hrr = 1;
         if (!PACKET_forward(pkt, SSL3_RANDOM_SIZE)) {
author	Tomas Mraz <tomas@openssl.org>	2022-03-22 12:34:07 +0100
committer	Tomas Mraz <tomas@openssl.org>	2022-03-30 11:35:33 +0200
commit	3ea839373e2428ffed8dda44f11c60b6ba8aeb88 (patch)
tree	901e582534904fae5f3bb1de09e9c5ede3e55524
parent	20de516cd303b3c1e4b61272988a9a4ac054f2fa (diff)