Tolerate encrypted or plaintext alerts

At certain points in the handshake we could receive either a plaintext or an encrypted alert from the client. We should tolerate both where appropriate. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6887)
author: Matt Caswell <matt@openssl.org> 2018-08-07 12:40:08 +0100
committer: Matt Caswell <matt@openssl.org> 2018-08-08 10:16:58 +0100
commit: de9e884b2f43c59834c2b1c3cfde35fa2c797f2b (patch)
tree: 6e696fc5f4b219da631d844d68cd9a392e966099 /ssl/statem/statem.h
parent: 7426cd343d99d3d82e3fb06c8df18e5cc6bcec75 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/ssl/statem/statem.h b/ssl/statem/statem.h
index 0799870178..144d930fc7 100644
--- a/ssl/statem/statem.h
+++ b/ssl/statem/statem.h
@@ -80,6 +80,13 @@ typedef enum {
     ENC_WRITE_STATE_WRITE_PLAIN_ALERTS
 } ENC_WRITE_STATES;
 
+typedef enum {
+    /* The enc_read_ctx can be used normally */
+    ENC_READ_STATE_VALID,
+    /* We may receive encrypted or plaintext alerts */
+    ENC_READ_STATE_ALLOW_PLAIN_ALERTS
+} ENC_READ_STATES;
+
 /*****************************************************************************
  *                                                                           *
  * This structure should be considered "opaque" to anything outside of the   *
@@ -110,6 +117,7 @@ struct ossl_statem_st {
     unsigned int no_cert_verify;
     int use_timer;
     ENC_WRITE_STATES enc_write_state;
+    ENC_READ_STATES enc_read_state;
 };
 typedef struct ossl_statem_st OSSL_STATEM;
author	Matt Caswell <matt@openssl.org>	2018-08-07 12:40:08 +0100
committer	Matt Caswell <matt@openssl.org>	2018-08-08 10:16:58 +0100
commit	de9e884b2f43c59834c2b1c3cfde35fa2c797f2b (patch)
tree	6e696fc5f4b219da631d844d68cd9a392e966099 /ssl/statem/statem.h
parent	7426cd343d99d3d82e3fb06c8df18e5cc6bcec75 (diff)