diff options
author | Matt Caswell <matt@openssl.org> | 2017-03-09 15:03:07 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-03-16 14:20:38 +0000 |
commit | ef6c191bceb7f09918cfd39e780759c32afb2396 (patch) | |
tree | 1a91e3b4be56102bb9ad9706b122c9e8c87e4cda /ssl/statem/statem.c | |
parent | bc993d30fcff70667618d83f5b58d99e119f4c23 (diff) |
Update end of early data processing for draft-19
The end of early data is now indicated by a new handshake message rather
than an alert.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
Diffstat (limited to 'ssl/statem/statem.c')
-rw-r--r-- | ssl/statem/statem.c | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index 11cbe551a6..92a0e8f1ec 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -180,13 +180,29 @@ void ossl_statem_check_finish_init(SSL *s, int send) { if (send == -1) { if (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END - || s->statem.hand_state == TLS_ST_EARLY_DATA) + || s->statem.hand_state == TLS_ST_EARLY_DATA) { ossl_statem_set_in_init(s, 1); + if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) { + /* + * SSL_connect() or SSL_do_handshake() has been called directly. + * We don't allow any more writing of early data. + */ + s->early_data_state = SSL_EARLY_DATA_FINISHED_WRITING; + } + } } else if (!s->server) { - if ((send && s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END + if ((send && (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END + || s->statem.hand_state == TLS_ST_EARLY_DATA) && s->early_data_state != SSL_EARLY_DATA_WRITING) - || (!send && s->statem.hand_state == TLS_ST_EARLY_DATA)) + || (!send && s->statem.hand_state == TLS_ST_EARLY_DATA)) { ossl_statem_set_in_init(s, 1); + /* + * SSL_write() has been called directly. We don't allow any more + * writing of early data. + */ + if (send && s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) + s->early_data_state = SSL_EARLY_DATA_FINISHED_WRITING; + } } else { if (s->early_data_state == SSL_EARLY_DATA_FINISHED_READING && s->statem.hand_state == TLS_ST_EARLY_DATA) |