diff options
author | Matt Caswell <matt@openssl.org> | 2015-12-04 10:18:01 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-12-04 20:26:54 +0000 |
commit | ad3819c29ed91ee31ebc806939e6104970694811 (patch) | |
tree | 2cb36f7899554a143f9f98f6075914f40dec9bb2 | |
parent | 1c86d8fd41458d35736ef5b04d7a76cbcf1a274c (diff) |
Fix EAP FAST in the new state machine
The new state machine code missed an allowed transition when resuming a
session via EAP FAST. This commits adds the missing check for the
transition.
Reviewed-by: Andy Polyakov <appro@openssl.org>
-rw-r--r-- | ssl/statem/statem_clnt.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 527101b126..b49f4984b3 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -283,6 +283,19 @@ int ossl_statem_client_read_transition(SSL *s, int mt) if (SSL_IS_DTLS(s) && mt == DTLS1_MT_HELLO_VERIFY_REQUEST) { st->hand_state = DTLS_ST_CR_HELLO_VERIFY_REQUEST; return 1; + } else if (s->version >= TLS1_VERSION + && s->tls_session_secret_cb != NULL + && s->session->tlsext_tick != NULL + && mt == SSL3_MT_CHANGE_CIPHER_SPEC) { + /* + * Normally, we can tell if the server is resuming the session + * from the session ID. EAP-FAST (RFC 4851), however, relies on + * the next server message after the ServerHello to determine if + * the server is resuming. + */ + s->hit = 1; + st->hand_state = TLS_ST_CR_CHANGE; + return 1; } else if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP | SSL_aPSK))) { if (mt == SSL3_MT_CERTIFICATE) { |