Remove some use of SSL object from record layer

Remove SSL_IS_TLS13() and hello_retry_request Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
2022-05-19 16:58:45 +01:00 · 2022-05-19 16:58:45 +01:00 · 9cd9e0978b
parent ac837d4d2e
commit 9cd9e0978b
3 changed files with 5 additions and 1 deletions
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@ -616,7 +616,8 @@ static int tls_get_more_records(OSSL_RECORD_LAYER *rl,

    if (num_recs == 1
            && thisrr->type == SSL3_RT_CHANGE_CIPHER_SPEC
-            && (SSL_CONNECTION_IS_TLS13(s) || s->hello_retry_request != SSL_HRR_NONE)
+               /* The following can happen in tlsany_meth after HRR */
+            && rl->version == TLS1_3_VERSION
            && rl->is_first_handshake) {
        /*
         * CCS messages must be exactly 1 byte long, containing the value 0x01
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@ -1769,6 +1769,7 @@ int tls_parse_stoc_supported_versions(SSL_CONNECTION *s, PACKET *pkt,

    /* We just set it here. We validate it in ssl_choose_client_version */
    s->version = version;
+    s->rrlmethod->set_protocol_version(s->rrl, version);

    return 1;
 }
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@ -1416,6 +1416,8 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt)
            goto err;
        }
        s->hello_retry_request = SSL_HRR_PENDING;
+        /* Tell the record layer that we know we're going to get TLSv1.3 */
+        s->rrlmethod->set_protocol_version(s->rrl, s->version);
        hrr = 1;
        if (!PACKET_forward(pkt, SSL3_RANDOM_SIZE)) {
            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH);