Fix early_data with an HRR

early_data is not allowed after an HRR. We failed to handle that correctly. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3933)
author: Matt Caswell <matt@openssl.org> 2017-07-14 14:50:48 +0100
committer: Matt Caswell <matt@openssl.org> 2017-07-18 16:51:58 +0100
commit: d4504fe5792b2dcf8ae6ef35634f1494e72d109b (patch)
tree: 7b51694b056efe6d8c86b92b6677b6eecf83372a /ssl/statem/statem.c
parent: 1e3f62a3823f7e3db9d403f724fd9d66f5b04cf8 (diff)
1 files changed, 2 insertions, 7 deletions
diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
index 9eab8ceca7..e5a50c482d 100644
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -157,13 +157,8 @@ int ossl_statem_skip_early_data(SSL *s)
     if (s->ext.early_data != SSL_EARLY_DATA_REJECTED)
         return 0;
 
-    if (s->hello_retry_request) {
-        if (s->statem.hand_state != TLS_ST_SW_HELLO_RETRY_REQUEST)
-            return 0;
-    } else {
-        if (!s->server || s->statem.hand_state != TLS_ST_EARLY_DATA)
-            return 0;
-    }
+    if (!s->server || s->statem.hand_state != TLS_ST_EARLY_DATA)
+        return 0;
 
     return 1;
 }
author	Matt Caswell <matt@openssl.org>	2017-07-14 14:50:48 +0100
committer	Matt Caswell <matt@openssl.org>	2017-07-18 16:51:58 +0100
commit	d4504fe5792b2dcf8ae6ef35634f1494e72d109b (patch)
tree	7b51694b056efe6d8c86b92b6677b6eecf83372a /ssl/statem/statem.c
parent	1e3f62a3823f7e3db9d403f724fd9d66f5b04cf8 (diff)