fixup! Fix version check to avoid unsupported protocol error in ssl_c…

…hoose_server_version()
fwh-dc · Apr 25, 2024 · 639be5c · 639be5c
1 parent 36e0c8d
commit 639be5c
Showing 1 changed file with 9 additions and 9 deletions.
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
@@ -2150,10 +2150,10 @@ int ssl_choose_server_version(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello,
     const version_info *table;
     int disabled = 0;
     RAW_EXTENSION *suppversions;
-    const unsigned int version1_3 = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION
-                                                              : TLS1_3_VERSION;
-    const unsigned int version1_2 = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_2_VERSION
-                                                              : TLS1_2_VERSION;
+    const int version1_3 = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION
+                                                     : TLS1_3_VERSION;
+    const int version1_2 = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_2_VERSION
+                                                     : TLS1_2_VERSION;
 
     s->client_version = client_version;
 
@@ -2192,10 +2192,10 @@ int ssl_choose_server_version(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello,
         return SSL_R_UNSUPPORTED_PROTOCOL;
 
     if (suppversions->present) {
-        unsigned int candidate_vers = 0;
-        const unsigned int best_vers_init = SSL_CONNECTION_IS_DTLS(s) ? INT_MAX
-                                                                      : 0;
-        unsigned int best_vers = best_vers_init;
+        int candidate_vers = 0;
+        const int best_vers_init = SSL_CONNECTION_IS_DTLS(s) ? INT_MAX
+                                                             : 0;
+        int best_vers = best_vers_init;
         const SSL_METHOD *best_method = NULL;
         PACKET versionslist;
 
@@ -2218,7 +2218,7 @@ int ssl_choose_server_version(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello,
         if (client_version <= SSL3_VERSION)
             return SSL_R_BAD_LEGACY_VERSION;
 
-        while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
+        while (PACKET_get_net_2(&versionslist, (unsigned int *)&candidate_vers)) {
             if (ssl_version_cmp(s, candidate_vers, best_vers) <= 0)
                 continue;
             if (ssl_version_supported(s, candidate_vers, &best_method))