diff options
| author | Matt Caswell <matt@openssl.org> | 2017-11-13 11:24:51 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-12-14 15:06:37 +0000 |
| commit | fc7129dc37f38022382338cf37cee795d975450f (patch) | |
| tree | 5421f62439bbae70443f8a352508413a039bb00f /ssl/statem/extensions_clnt.c | |
| parent | 6f40214f68d06820304e6f9a4c60099a1fbce10c (diff) | |
Update state machine to send CCS based on whether we did an HRR
The CCS may be sent at different times based on whether or not we
sent an HRR earlier. In order to make that decision this commit
also updates things to make sure we remember whether an HRR was
used or not.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)
Diffstat (limited to 'ssl/statem/extensions_clnt.c')
| -rw-r--r-- | ssl/statem/extensions_clnt.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 2640756134..1fbf9f6e0e 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -599,7 +599,7 @@ static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id) size_t encodedlen; if (s->s3->tmp.pkey != NULL) { - if (!ossl_assert(s->hello_retry_request)) { + if (!ossl_assert(s->hello_retry_request == SSL_HRR_PENDING)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_ADD_KEY_SHARE, ERR_R_INTERNAL_ERROR); return 0; @@ -749,7 +749,7 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, SSL_SESSION *edsess = NULL; const EVP_MD *handmd = NULL; - if (s->hello_retry_request) + if (s->hello_retry_request == SSL_HRR_PENDING) handmd = ssl_handshake_md(s); if (s->psk_use_session_cb != NULL @@ -961,7 +961,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, || (s->session->ext.ticklen == 0 && s->psksession == NULL)) return EXT_RETURN_NOT_SENT; - if (s->hello_retry_request) + if (s->hello_retry_request == SSL_HRR_PENDING) handmd = ssl_handshake_md(s); if (s->session->ext.ticklen != 0) { @@ -980,7 +980,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, goto dopsksess; } - if (s->hello_retry_request && mdres != handmd) { + if (s->hello_retry_request == SSL_HRR_PENDING && mdres != handmd) { /* * Selected ciphersuite hash does not match the hash for the session * so we can't use it. @@ -1044,7 +1044,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, return EXT_RETURN_FAIL; } - if (s->hello_retry_request && mdpsk != handmd) { + if (s->hello_retry_request == SSL_HRR_PENDING && mdpsk != handmd) { /* * Selected ciphersuite hash does not match the hash for the PSK * session. This is an application bug. |