1 files changed, 52 insertions, 10 deletions

diff --git a/lib/tls13/hello_retry.c b/lib/tls13/hello_retry.c
index 59f965cd57..51f545ec00 100644
--- a/lib/tls13/hello_retry.c
+++ b/lib/tls13/hello_retry.c
@@ -34,6 +34,7 @@ int _gnutls13_send_hello_retry_request(gnutls_session_t session, unsigned again)
 	mbuffer_st *bufel = NULL;
 	gnutls_buffer_st buf;
 	const version_entry_st *ver;
+	const uint8_t vbuf[2] = {0x03, 0x03};
 
 	if (again == 0) {
 		ver = get_version(session);
@@ -44,11 +45,21 @@ int _gnutls13_send_hello_retry_request(gnutls_session_t session, unsigned again)
 		if (ret < 0)
 			return gnutls_assert_val(ret);
 
-		ret = _gnutls_buffer_append_data(&buf, &ver->major, 1);
+		ret = _gnutls_buffer_append_data(&buf, vbuf, 2);
 		if (ret < 0)
 			return gnutls_assert_val(ret);
 
-		ret = _gnutls_buffer_append_data(&buf, &ver->minor, 1);
+		ret = _gnutls_buffer_append_data(&buf,
+						 HRR_RANDOM,
+						 GNUTLS_RANDOM_SIZE);
+		if (ret < 0) {
+			gnutls_assert();
+			goto cleanup;
+		}
+
+		ret = _gnutls_buffer_append_data_prefix(&buf, 8,
+							session->security_parameters.session_id,
+							session->security_parameters.session_id_size);
 		if (ret < 0) {
 			gnutls_assert();
 			goto cleanup;
@@ -60,6 +71,13 @@ int _gnutls13_send_hello_retry_request(gnutls_session_t session, unsigned again)
 			goto cleanup;
 		}
 
+		/* compression */
+		ret = _gnutls_buffer_append_prefix(&buf, 8, 0);
+		if (ret < 0) {
+			gnutls_assert();
+			goto cleanup;
+		}
+
 		ret = _gnutls_gen_hello_extensions(session, &buf,
 						   GNUTLS_EXT_FLAG_HRR,
 						   GNUTLS_EXT_ANY);
@@ -85,11 +103,12 @@ int
 _gnutls13_recv_hello_retry_request(gnutls_session_t session,
 				   gnutls_buffer_st *buf)
 {
-	const version_entry_st *vers;
 	int ret;
 	uint8_t tmp[2];
 	const gnutls_cipher_suite_entry_st *cs;
 	const mac_entry_st *prf;
+	gnutls_datum_t session_id;
+	uint8_t random[GNUTLS_RANDOM_SIZE];
 
 	/* only under TLS 1.3 */
 	if (IS_DTLS(session))
@@ -100,20 +119,27 @@ _gnutls13_recv_hello_retry_request(gnutls_session_t session,
 
 	session->internals.hsk_flags |= HSK_HRR_RECEIVED;
 
+	/* version */
 	ret = _gnutls_buffer_pop_data(buf, tmp, 2);
 	if (ret < 0)
 		return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
 
-	vers = nversion_to_entry(tmp[0], tmp[1]);
-	if (unlikely(vers == NULL))
+	if (unlikely(tmp[0] != 0x03 || tmp[1] != 0x03))
 		return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET);
 
-	if (_gnutls_version_is_supported(session, vers->id) == 0)
-		return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET);
+	ret = _gnutls_buffer_pop_data(buf, random, GNUTLS_RANDOM_SIZE);
+	if (ret < 0)
+		return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
 
-	if (_gnutls_set_current_version(session, vers->id) < 0)
-		return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET);
+	if (memcmp(random, HRR_RANDOM, GNUTLS_RANDOM_SIZE) != 0) {
+		return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+	}
 
+	ret = _gnutls_buffer_pop_datum_prefix8(buf, &session_id);
+	if (ret < 0)
+		return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+	/* read ciphersuites */
 	ret = _gnutls_buffer_pop_data(buf, tmp, 2);
 	if (ret < 0)
 		return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
@@ -123,13 +149,20 @@ _gnutls13_recv_hello_retry_request(gnutls_session_t session,
 		return gnutls_assert_val(GNUTLS_E_UNKNOWN_CIPHER_SUITE);
 
 	_gnutls_handshake_log("EXT[%p]: Hello Retry Request with %s\n", session, cs->name);
-
 	memcpy(session->internals.hrr_cs, cs->id, 2);
 
 	prf = mac_to_entry(cs->prf);
 	if (unlikely(prf == NULL))
 		return gnutls_assert_val(GNUTLS_E_UNKNOWN_CIPHER_SUITE);
 
+	/* compression */
+	ret = _gnutls_buffer_pop_data(buf, tmp, 1);
+	if (ret < 0)
+		return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+	if (unlikely(tmp[0] != 0))
+		return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+
 	ret = _gnutls13_handshake_hash_buffers_synth(session, prf, 1);
 	if (ret < 0)
 		return gnutls_assert_val(ret);
@@ -139,6 +172,15 @@ _gnutls13_recv_hello_retry_request(gnutls_session_t session,
 		return gnutls_assert_val(GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
 	}
 
+	/* figure version first */
+	ret =
+	    _gnutls_parse_hello_extensions(session, GNUTLS_EXT_FLAG_HRR,
+					   GNUTLS_EXT_VERSION_NEG,
+					   buf->data, buf->length);
+	if (ret < 0)
+		return gnutls_assert_val(ret);
+
+	/* parse the rest of extensions */
 	ret = _gnutls_parse_hello_extensions(session, GNUTLS_EXT_FLAG_HRR, GNUTLS_EXT_ANY,
 					     buf->data, buf->length);
 	if (ret < 0)