From 5fb07432e1e59977d85d8d30881a3241b125d51e Mon Sep 17 00:00:00 2001 From: Frederik Wedel-Heinen Date: Tue, 21 May 2024 14:20:36 +0200 Subject: [PATCH] fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Refactor code and fix a couple of missing DTLSv1.3 checks. --- ssl/statem/extensions_clnt.c | 4 ++-- ssl/statem/extensions_srvr.c | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 6d24e1a6823a1b..9c8be07ea63574 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -1771,10 +1771,10 @@ int tls_parse_stoc_supported_versions(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { - unsigned int version; + int version; const int version1_3 = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION : TLS1_3_VERSION; - if (!PACKET_get_net_2(pkt, &version) + if (!PACKET_get_net_2(pkt, (unsigned int*)&version) || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); return 0; diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index d972f9ea89ae07..eb62acced9a58b 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -722,7 +722,8 @@ int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { #if !(defined(OPENSSL_NO_TLS1_3) && defined(OPENSSL_NO_DTLS1_3)) - unsigned int format, version, key_share, group_id; + unsigned int format, key_share, group_id; + int version; EVP_MD_CTX *hctx; EVP_PKEY *pkey; PACKET cookie, raw, chhash, appcookie; @@ -803,7 +804,7 @@ int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, */ /* Check the version number is sane */ - if (!PACKET_get_net_2(&cookie, &version)) { + if (!PACKET_get_net_2(&cookie, (unsigned int*)&version)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); return 0; }