Send supported_versions in an HRR

Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
author: Matt Caswell <matt@openssl.org> 2017-12-05 10:16:25 +0000
committer: Matt Caswell <matt@openssl.org> 2017-12-14 15:06:37 +0000
commit: 426dfc9ff7c1afaf1ed5981a9c7846e310c7ae3e (patch)
tree: f3fbe2897ccb9fc9e506e6f0ff16b49dbd59a715 /ssl/statem/extensions_clnt.c
parent: e7dd763e513f576b8e4e32bb5d08abc37bb08a40 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 1fbf9f6e0e..f357396d81 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -1657,6 +1657,21 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
     if (version == TLS1_3_VERSION_DRAFT)
         version = TLS1_3_VERSION;
 
+    /* We ignore this extension for HRRs except to sanity check it */
+    if (context == SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) {
+        /*
+         * The only protocol version we support which has an HRR message is
+         * TLSv1.3, therefore we shouldn't be getting an HRR for anything else.
+         */
+        if (version != TLS1_3_VERSION) {
+            *al = SSL_AD_PROTOCOL_VERSION;
+            SSLerr(SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS,
+                   SSL_R_BAD_HRR_VERSION);
+            return 0;
+        }
+        return 1;
+    }
+
     /* We just set it here. We validate it in ssl_choose_client_version */
     s->version = version;
author	Matt Caswell <matt@openssl.org>	2017-12-05 10:16:25 +0000
committer	Matt Caswell <matt@openssl.org>	2017-12-14 15:06:37 +0000
commit	426dfc9ff7c1afaf1ed5981a9c7846e310c7ae3e (patch)
tree	f3fbe2897ccb9fc9e506e6f0ff16b49dbd59a715 /ssl/statem/extensions_clnt.c
parent	e7dd763e513f576b8e4e32bb5d08abc37bb08a40 (diff)